| HansDieter1 | 19.03.2014 22:38 |
Windows 8: Laptop plötzlich deutlich langsamer
Hallo, ich habe seit ein paar Tagen das Problem, dass mein Laptop (Windows 8) zwischendurch immer extrem langsam wird; meist für ca. eine halbe Stunde.
Außerdem öffnet sich, wenn ich im Internet (Browser: Google Chrome) bin, folgende Seite: hxxp://wrapper.z5x.net/prepop.html?ad_type=pop&ad_size=0x0§ion=5137008&banned_pop_types=23&prepopped_width=800&prepopped_height=600&pop_times=20&pop_frequency=0&pub_url= immer wieder von alleine. Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:11 on 19/03/2014 (Tobias)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Tobias (administrator) on TOBIAS on 19-03-2014 18:29:23
Running from C:\Users\Tobias\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
() C:\Program Files (x86)\RightSurf\updateRightSurf.exe
() C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe
() C:\Program Files (x86)\RightSurf\bin\FilterApp_C64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Users\Tobias\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe
(Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\RightSurf\bin\XTLSApp.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
() C:\Program Files (x86)\Acer\Live Updater\updater.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKU\S-1-5-21-1653954418-1097860707-3373369385-1001\...\Run: [Pokki] - C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\S-1-5-21-1653954418-1097860707-3373369385-1001\...\Run: [AcerCloud] - C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [18247424 2014-02-13] (Acer Incorporated)
HKU\S-1-5-21-1653954418-1097860707-3373369385-1001\...\RunOnce: [Application Restart #1] - C:\Users\Tobias\AppData\Local\Pokki\Engine\pokki.exe [8252744 2013-11-01] (Pokki)
HKU\S-1-5-21-1653954418-1097860707-3373369385-1001\...\MountPoints2: {d041ba38-8d63-11e3-825b-3065ec2edea0} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-1653954418-1097860707-3373369385-1001\...\MountPoints2: {d041bf71-8d63-11e3-825b-3065ec2edea0} - "E:\HTC_Sync_Manager_PC.exe"
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {6F77DAF3-267F-49D8-B15C-054753F1E11A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - {6F77DAF3-267F-49D8-B15C-054753F1E11A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {6F77DAF3-267F-49D8-B15C-054753F1E11A} URL =
SearchScopes: HKCU - {6F77DAF3-267F-49D8-B15C-054753F1E11A} URL =
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll No File
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL No File
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: RightSurf - {88be1aa9-6740-461c-9e3e-f35eb8fa741c} - C:\Program Files (x86)\RightSurf\RightSurfbho.dll (RightSurf)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-05]
CHR Extension: (Google Drive) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-05]
CHR Extension: (YouTube) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-05]
CHR Extension: (Google-Suche) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-05]
CHR Extension: (AdBlock) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-05]
CHR Extension: (Google Wallet) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-05]
CHR Extension: (Google Mail) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-05]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2797312 2013-12-06] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [737512 2014-03-01] (Microsoft Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
R2 Update RightSurf; C:\Program Files (x86)\RightSurf\updateRightSurf.exe [348960 2014-03-18] ()
R2 Util RightSurf; C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe [348960 2014-03-18] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [493568 2014-02-03] (Cherished Technololgy LIMITED)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-03-14] (StdLib)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-19 18:26 - 2014-03-19 18:28 - 00027312 _____ () C:\Users\Tobias\Desktop\Addition.txt
2014-03-19 18:20 - 2014-03-19 18:29 - 00016659 _____ () C:\Users\Tobias\Desktop\FRST.txt
2014-03-19 18:18 - 2014-03-19 18:29 - 00000000 ____D () C:\FRST
2014-03-19 18:10 - 2014-03-19 18:11 - 00000474 _____ () C:\Users\Tobias\Desktop\defogger_disable.log
2014-03-19 18:10 - 2014-03-19 18:10 - 00000000 _____ () C:\Users\Tobias\defogger_reenable
2014-03-19 18:08 - 2014-03-19 18:09 - 02157056 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe
2014-03-19 18:08 - 2014-03-19 18:09 - 00380416 _____ () C:\Users\Tobias\Desktop\Gmer-19357.exe
2014-03-19 18:08 - 2014-03-19 18:08 - 00050477 _____ () C:\Users\Tobias\Desktop\Defogger.exe
2014-03-14 15:54 - 2014-03-14 15:54 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-12 20:26 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 20:26 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 20:26 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 20:26 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 20:26 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 20:26 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 20:26 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 20:26 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 20:26 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 20:26 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 20:26 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 20:26 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 20:26 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 20:26 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 20:26 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 20:26 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 20:26 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 20:26 - 2014-01-31 17:15 - 00311640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-03-12 20:26 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-03-12 20:26 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-03-12 20:26 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-03-12 20:26 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-03-12 20:26 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-12 20:26 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-03-12 20:26 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-03-12 20:26 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2014-03-12 20:26 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-12 20:26 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2014-03-12 20:26 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-03-12 20:26 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2014-03-12 20:26 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-03-12 20:26 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-03-12 20:26 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2014-03-12 20:26 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-12 20:26 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2014-03-12 20:26 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-12 20:26 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2014-03-12 20:26 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-12 20:26 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2014-03-12 20:26 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-12 20:26 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-12 20:26 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2014-03-12 20:26 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2014-03-12 20:26 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-12 20:26 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-12 20:26 - 2014-01-27 12:45 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-03-12 20:26 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-03-12 20:26 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-03-12 20:26 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-03-12 20:26 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2014-03-12 20:26 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-03-12 20:26 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-03-12 20:25 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-12 20:25 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-03-12 20:25 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-12 20:24 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 20:24 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 20:24 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-02-21 15:58 - 2014-03-10 12:28 - 00008235 _____ () C:\Users\Tobias\Documents\FifaKM.xlsx
2014-02-21 15:58 - 2014-02-21 15:58 - 00000000 ____D () C:\Users\Tobias\Documents\Benutzerdefinierte Office-Vorlagen
2014-02-18 10:50 - 2014-02-18 10:51 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\.technic
2014-02-18 10:49 - 2014-02-18 10:50 - 02346186 _____ () C:\Users\Tobias\Desktop\TechnicLauncher.exe
2014-02-17 23:30 - 2014-02-17 23:30 - 00000000 ____D () C:\AcerCloud
==================== One Month Modified Files and Folders =======
2014-03-19 18:29 - 2014-03-19 18:20 - 00016659 _____ () C:\Users\Tobias\Desktop\FRST.txt
2014-03-19 18:29 - 2014-03-19 18:18 - 00000000 ____D () C:\FRST
2014-03-19 18:28 - 2014-03-19 18:26 - 00027312 _____ () C:\Users\Tobias\Desktop\Addition.txt
2014-03-19 18:26 - 2014-01-06 20:05 - 01224107 _____ () C:\Windows\WindowsUpdate.log
2014-03-19 18:25 - 2013-08-22 14:25 - 00000222 _____ () C:\Windows\win.ini
2014-03-19 18:15 - 2014-02-03 12:59 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-19 18:11 - 2014-03-19 18:10 - 00000474 _____ () C:\Users\Tobias\Desktop\defogger_disable.log
2014-03-19 18:10 - 2014-03-19 18:10 - 00000000 _____ () C:\Users\Tobias\defogger_reenable
2014-03-19 18:10 - 2014-02-03 11:37 - 00000000 ____D () C:\Users\Tobias
2014-03-19 18:09 - 2014-03-19 18:08 - 02157056 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe
2014-03-19 18:09 - 2014-03-19 18:08 - 00380416 _____ () C:\Users\Tobias\Desktop\Gmer-19357.exe
2014-03-19 18:08 - 2014-03-19 18:08 - 00050477 _____ () C:\Users\Tobias\Desktop\Defogger.exe
2014-03-19 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-03-19 17:51 - 2014-02-03 16:49 - 00000117 _____ () C:\Users\Tobias\AppData\Roaming\WB.CFG
2014-03-19 17:51 - 2014-02-03 16:47 - 00000310 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-19 17:49 - 2014-02-03 11:59 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4856305F-85FF-4896-8E1F-D88A082D12E7}
2014-03-19 17:18 - 2014-02-03 11:46 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1653954418-1097860707-3373369385-1001
2014-03-19 17:14 - 2014-02-03 12:59 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-19 17:14 - 2014-02-03 12:59 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-19 17:13 - 2014-02-03 11:45 - 00000000 __RDO () C:\Users\Tobias\SkyDrive
2014-03-18 20:52 - 2014-01-06 20:19 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-03-18 18:23 - 2014-02-16 13:45 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\.minecraft
2014-03-18 12:24 - 2014-02-03 11:37 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Pokki
2014-03-16 19:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-03-15 18:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-03-15 13:38 - 2014-01-07 04:50 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-03-15 13:38 - 2014-01-07 04:50 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-03-15 13:38 - 2013-09-06 08:08 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-15 13:32 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-15 13:32 - 2013-08-22 15:44 - 00473704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 13:31 - 2014-02-12 21:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 13:31 - 2014-02-12 21:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-15 13:31 - 2014-02-03 16:48 - 00000000 ____D () C:\Program Files (x86)\RightSurf
2014-03-15 13:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-15 13:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 13:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 13:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-15 13:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-14 15:54 - 2014-03-14 15:54 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-13 19:48 - 2013-08-22 15:46 - 00160485 _____ () C:\Windows\setupact.log
2014-03-10 12:28 - 2014-02-21 15:58 - 00008235 _____ () C:\Users\Tobias\Documents\FifaKM.xlsx
2014-03-10 11:34 - 2014-02-04 17:42 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Deployment
2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-01 07:05 - 2014-03-12 20:26 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-12 20:26 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-12 20:26 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-12 20:26 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-12 20:26 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-12 20:26 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-12 20:26 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-12 20:26 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-12 20:26 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 20:26 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 20:26 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-12 20:26 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 20:26 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 20:26 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 20:26 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 20:26 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 20:26 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-21 15:58 - 2014-02-21 15:58 - 00000000 ____D () C:\Users\Tobias\Documents\Benutzerdefinierte Office-Vorlagen
2014-02-19 21:01 - 2014-02-03 11:40 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Packages
2014-02-18 11:09 - 2014-02-03 12:59 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-18 11:09 - 2014-02-03 12:59 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-18 10:51 - 2014-02-18 10:50 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\.technic
2014-02-18 10:50 - 2014-02-18 10:49 - 02346186 _____ () C:\Users\Tobias\Desktop\TechnicLauncher.exe
2014-02-17 23:31 - 2013-09-06 08:16 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-02-17 23:30 - 2014-02-17 23:30 - 00000000 ____D () C:\AcerCloud
2014-02-17 23:30 - 2014-02-03 11:42 - 00000000 ____D () C:\Users\Tobias\AppData\Local\clear.fi
2014-02-17 23:29 - 2014-02-03 11:40 - 00000000 ___RD () C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-17 23:29 - 2014-02-03 11:40 - 00000000 ___RD () C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-17 23:24 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-02-17 23:24 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-02-17 23:24 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager
2014-02-17 23:24 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera
2014-02-17 23:24 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-02-17 23:24 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\Dism
2014-02-17 23:22 - 2013-09-06 08:48 - 00000000 ___HD () C:\OEM
2014-02-17 19:42 - 2014-02-03 11:49 - 00000000 ____D () C:\ProgramData\clear.fi
2014-02-17 18:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-17 12:06 - 2014-02-09 14:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 12:04 - 2014-02-09 14:46 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Tobias\AppData\Local\Temp\avgnt.exe
C:\Users\Tobias\AppData\Local\Temp\BackupSetup.exe
C:\Users\Tobias\AppData\Local\Temp\octFEF1.tmp.exe
C:\Users\Tobias\AppData\Local\Temp\Offercast_AVIRAV7_.exe
C:\Users\Tobias\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Tobias\AppData\Local\Temp\Quarantine.exe
C:\Users\Tobias\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_b46f46a3-4166-4c9d-a30f-21dfb2cfdffe_TX_DB_.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-12 20:26] - [2014-01-31 17:15] - 0311640 ____A (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
LastRegBack: 2014-03-15 18:12
==================== End Of Log ============================
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Tobias at 2014-03-19 18:31:18
Running from C:\Users\Tobias\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.3000 - Acer Incorporated)
Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2005 - Acer)
Acer Games (HKCU\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.9.43466 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.3002.6 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.3003.1 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8101 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2002 - Acer Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 13.15.100.30925 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0925.645.10236 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{4465D909-4FA8-86D2-121C-676BB60E63D7}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-4300-A758B70C0A03}) (Version: 12.10.3.4488 - APN, LLC)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3126.57 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.3126.57 - CyberLink Corp.) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
IePluginService12.27.0.3326 (HKLM-x32\...\IePlugins) (Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office 365 Home Premium - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Nero BackItUp (x32 Version: 12.5.11000 - Nero AG) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Nero BackItUp Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15900 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20900 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{276FD4A2-030F-8A24-7DFE-9B1384131BCD}) (Version: 1.00.0000 - Ihr Firmenname)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki (HKCU\...\Pokki) (Version: 0.266.1.172 - Pokki)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
RightSurf (HKLM\...\RightSurf) (Version: 2014.02.01.021226 - RightSurf) <==== ATTENTION
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
SupTab (HKLM-x32\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update for Zip Opener (HKCU\...\Digital Sites) (Version: - Update for Zip Opener) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WPM17.8.0.3325 (HKLM-x32\...\WPM) (Version: 17.8.0.3325 - Cherished Technololgy LIMITED) <==== ATTENTION
==================== Restore Points =========================
17-02-2014 11:03:00 Windows Update
20-02-2014 20:48:14 Windows Update
05-03-2014 20:27:54 Geplanter Prüfpunkt
14-03-2014 19:21:34 Windows Update
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {01E57081-8F6D-43B5-BAF2-E738ED7DDEBD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-03-19] (Microsoft Corporation)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1C9BA6CC-56BA-4F04-A09A-3DD412BD5E08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {260865A4-6D9A-40BA-B48F-8FDE7CA92F07} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-02-17] (Microsoft Corporation)
Task: {292AE016-ACC5-40A4-BBA1-1383DF0D82D0} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {546301A8-A38F-4790-8FE8-42EC180792ED} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {566B7660-B965-40DE-AEE5-4E3D72938FA1} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-03] (Acer Incorporate)
Task: {5D60446D-DE68-4526-9150-D96C852830E8} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {5F846995-83DC-41BD-964E-5212158849BA} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {78B62238-5B3D-4123-B869-12A7A82F3BD1} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2013-08-02] (Acer Incorporate)
Task: {7D3E278D-3252-4857-9E37-8FBA07EA5D4F} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-09-12] (Acer Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8CF468D7-3176-4E52-A1B8-656703639396} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2014-02-13] (Acer Incorporated)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A3C61DEE-C44C-41B5-9459-00781C1EADE6} - \RegClean Pro_DEFAULT No Task File
Task: {ABF7EEFC-BC03-41FF-9492-A5151D79AE3C} - System32\Tasks\Digital Sites => C:\Users\Tobias\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {BEE848B2-9F6E-4309-B1C4-D8C558C99A49} - \RegClean Pro No Task File
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D0BCFB00-53AB-42AE-9C82-99CE58D2485A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2014-03-01] (Microsoft Corporation)
Task: {D3552DC2-4396-4250-AC35-7D9F026D9A18} - \Advanced System Protector_startup No Task File
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F477479A-B34D-41D3-8339-83141A839D52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.)
Task: {F959240B-1896-4AB2-9F6A-67030212620E} - \RegClean Pro_UPDATES No Task File
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Tobias\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-02-04 17:10 - 2014-01-02 18:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-02-01 04:23 - 2014-03-18 12:25 - 00348960 _____ () C:\Program Files (x86)\RightSurf\updateRightSurf.exe
2014-02-03 17:52 - 2014-03-18 12:26 - 00348960 _____ () C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe
2014-03-14 15:54 - 2014-03-14 15:54 - 00287008 _____ () C:\Program Files (x86)\RightSurf\bin\FilterApp_C64.exe
2013-04-12 15:10 - 2013-04-12 15:10 - 00113152 _____ () C:\Users\Tobias\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe
2014-03-19 18:25 - 2014-03-19 10:54 - 00078624 _____ () C:\Program Files (x86)\RightSurf\bin\XTLSApp.exe
2013-07-08 22:34 - 2013-07-08 22:34 - 04150312 _____ () C:\Program Files (x86)\Acer\Live Updater\updater.exe
2014-02-03 12:31 - 2013-12-09 11:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-03-15 11:19 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-01-06 20:49 - 2013-07-30 18:11 - 00088648 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2014-03-19 18:25 - 2014-03-19 10:54 - 00121632 _____ () C:\Program Files (x86)\RightSurf\bin\xtlsapp.dll
2014-03-15 11:19 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 11:19 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 11:19 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 11:19 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 11:19 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 11:19 - 2014-03-15 01:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Tobias\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/19/2014 06:04:07 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (03/19/2014 05:12:19 PM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.
Error: (03/18/2014 06:48:54 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (03/17/2014 01:20:03 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (03/16/2014 00:19:44 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (03/16/2014 11:56:47 AM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.
Error: (03/15/2014 03:38:37 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (03/15/2014 03:30:21 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (03/15/2014 01:27:57 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU maximum number of session has been surpassed
Error: (03/15/2014 01:27:44 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU maximum number of session has been surpassed
System errors:
=============
Error: (03/15/2014 01:27:51 PM) (Source: DCOM) (User: TOBIAS)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (03/15/2014 01:27:51 PM) (Source: DCOM) (User: TOBIAS)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (03/15/2014 01:27:51 PM) (Source: DCOM) (User: TOBIAS)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (03/13/2014 09:57:47 PM) (Source: DCOM) (User: TOBIAS)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (03/13/2014 09:57:42 PM) (Source: DCOM) (User: TOBIAS)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (03/13/2014 09:57:42 PM) (Source: DCOM) (User: TOBIAS)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (03/12/2014 10:38:54 PM) (Source: DCOM) (User: TOBIAS)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (03/11/2014 02:17:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde mit dem folgenden dienstspezifischen Fehler beendet:
%%1
Error: (03/11/2014 02:17:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/11/2014 02:11:33 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Microsoft Office Sessions:
=========================
Error: (03/19/2014 06:04:07 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (03/19/2014 05:12:19 PM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
Error: (03/18/2014 06:48:54 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (03/17/2014 01:20:03 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (03/16/2014 00:19:44 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (03/16/2014 11:56:47 AM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
Error: (03/15/2014 03:38:37 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (03/15/2014 03:30:21 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (03/15/2014 01:27:57 PM) (Source: ATIeRecord)(User: )
Description:
Error: (03/15/2014 01:27:44 PM) (Source: ATIeRecord)(User: )
Description:
==================== Memory info ===========================
Percentage of memory in use: 88%
Total physical RAM: 3525 MB
Available physical RAM: 400.13 MB
Total Pagefile: 10181 MB
Available Pagefile: 3771.52 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:914.56 GB) (Free:870.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 043C093E)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-19 20:56:51
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e WDC_WD10JPVX-22JC3T0 rev.01.01A01 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Tobias\AppData\Local\Temp\kxldipod.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600006ce00 15 bytes [00, FA, 0E, 02, C0, 9C, 70, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff9600006ce10 11 bytes [00, 00, FC, FF, 80, FA, C0, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[6388] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffc12c169a 4 bytes [2C, C1, FF, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[6388] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffc12c16a2 4 bytes [2C, C1, FF, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[6388] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffc12c181a 4 bytes [2C, C1, FF, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[6388] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffc12c1832 4 bytes [2C, C1, FF, 7F]
.text C:\Program Files (x86)\RightSurf\bin\FilterApp_C64.exe[100220] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffc12c169a 4 bytes [2C, C1, FF, 7F]
.text C:\Program Files (x86)\RightSurf\bin\FilterApp_C64.exe[100220] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffc12c16a2 4 bytes [2C, C1, FF, 7F]
.text C:\Program Files (x86)\RightSurf\bin\FilterApp_C64.exe[100220] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffc12c181a 4 bytes [2C, C1, FF, 7F]
.text C:\Program Files (x86)\RightSurf\bin\FilterApp_C64.exe[100220] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffc12c1832 4 bytes [2C, C1, FF, 7F]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [824:936] 00007fffbd6e1b40
Thread C:\Windows\system32\svchost.exe [824:132044] 00007fffbf798a60
Thread C:\Windows\System32\svchost.exe [80:1100] 00007fffb9df1360
Thread C:\Windows\System32\svchost.exe [80:1148] 00007fffb950e054
Thread C:\Windows\System32\svchost.exe [80:1160] 00007fffb95bf100
Thread C:\Windows\System32\svchost.exe [80:1220] 00007fffb8e3ec38
Thread C:\Windows\System32\svchost.exe [80:1224] 00007fffb94f4954
Thread C:\Windows\System32\svchost.exe [80:3284] 00007fffbca50b0c
Thread C:\Windows\System32\svchost.exe [80:5748] 00007fffa4a47bb0
Thread C:\Windows\System32\svchost.exe [80:3336] 00007fffa4a44300
Thread C:\Windows\system32\svchost.exe [356:4856] 00007fffb7905340
Thread C:\Windows\system32\svchost.exe [356:217960] 00007fffb14b38e0
Thread C:\Windows\system32\svchost.exe [356:218044] 00007fffae7311b0
Thread C:\Windows\System32\svchost.exe [784:216812] 00007fffbd22ae6c
Thread C:\Windows\System32\spoolsv.exe [1496:6108] 00007fffb6b612f8
Thread C:\Windows\System32\spoolsv.exe [1496:6128] 00007fffb6b43118
Thread C:\Windows\System32\spoolsv.exe [1496:5188] 00007fffb6b43118
Thread C:\Windows\System32\spoolsv.exe [1496:3608] 00007fffb4115b3c
Thread C:\Windows\System32\spoolsv.exe [1496:5300] 00007fffab248140
Thread C:\Windows\system32\svchost.exe [1540:1968] 00007fffb78d2b90
Thread C:\Windows\system32\svchost.exe [1540:3104] 00007fffb78d67bc
Thread C:\Windows\system32\svchost.exe [1540:3324] 00007fffb6012110
Thread C:\Windows\system32\svchost.exe [1540:3368] 00007fffb5081584
Thread C:\Windows\system32\svchost.exe [1540:3396] 00007fffb5011b30
Thread C:\Windows\system32\svchost.exe [1540:4032] 00007fffb9ee4608
Thread C:\Windows\system32\svchost.exe [1540:4004] 00007fffb9ee1040
Thread C:\Windows\system32\svchost.exe [1908:112104] 00007fffb6b612f8
Thread C:\Windows\system32\svchost.exe [1908:17072] 00007fffb6b43118
Thread C:\Windows\system32\wbem\wmiprvse.exe [2476:3924] 00007fffb41bb828
Thread C:\Windows\system32\wbem\wmiprvse.exe [2476:217256] 00007fffb5f67f24
Thread C:\Windows\system32\csrss.exe [215368:215120] fffff960009984d0
Thread C:\Windows\Explorer.EXE [132284:217648] 00007fffbd241e40
Thread C:\Windows\Explorer.EXE [132284:217332] 00007fffbd49d6bc
Thread C:\Windows\Explorer.EXE [132284:216092] 00007fff9d255300
Thread C:\Windows\Explorer.EXE [132284:197140] 00007fff9d44a688
Thread C:\Windows\Explorer.EXE [132284:53968] 00007fff9d44a688
Thread C:\Windows\Explorer.EXE [132284:211156] 00007fff9d44a688
Thread C:\Windows\Explorer.EXE [132284:131312] 00007fff9d44a688
Thread C:\Windows\Explorer.EXE [132284:217656] 00007fffbd49d6bc
Thread C:\Windows\Explorer.EXE [132284:53176] 00007fffbd498c54
Thread C:\Windows\Explorer.EXE [132284:112576] 00007fffbf102764
Thread C:\Windows\Explorer.EXE [132284:111120] 00007fffbc521120
Thread C:\Windows\Explorer.EXE [132284:217940] 00007fffbd49d6bc
Thread C:\Windows\Explorer.EXE [132284:217980] 00007fffa5b6c904
Thread C:\Windows\Explorer.EXE [132284:132008] 00007fffac16a760
Thread C:\Windows\system32\taskhostex.exe [216836:215308] 00007fffbc3722a0
Thread C:\Windows\system32\taskhostex.exe [216836:53104] 00007fffbf2d9e7c
Thread C:\Windows\system32\taskhostex.exe [216836:216852] 00007fffbc352310
Thread C:\Windows\system32\taskhostex.exe [216836:133084] 00007fffbc521120
Thread C:\Windows\system32\taskhostex.exe [216836:217576] 00007fffb53d4b30
Thread C:\Windows\System32\skydrive.exe [217276:217540] 00007fffb9967bb0
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:133104] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:109004] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:216936] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:218024] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:384] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:216472] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:111520] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217720] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:216960] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:568] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:101780] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:197740] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:213640] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217756] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:216736] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217964] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:214388] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:1560] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:218040] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:216504] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:23868] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:168488] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:4688] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217856] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217628] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:216744] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:215148] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:216100] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217344] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:205440] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217220] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:256] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:218092] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:1132] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:131564] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217952] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:3268] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217892] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217460] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:111672] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:217708] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:110648] 00007fffb73a4f9c
Thread C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [217428:23688] 00007fffb73a6274
---- Processes - GMER 2.1 ----
Process C:\ProgramData\WPM\wprotectmanager.exe (*** suspicious ***) @ C:\ProgramData\WPM\wprotectmanager.exe [1328] (WPM Service/Cherished Technololgy LIMITED)(2 0000000000f70000
Library C:\Users\Tobias\AppData\Local\Pokki\Engine\libPokki.dll (*** suspicious ***) @ C:\Users\Tobias\AppData\Local\Pokki\Engine\pokki.exe [217956] (Chromium/The Chromium Authors)(2013-11-01 05:28:28) 00000000607c0000
Library C:\Users\Tobias\AppData\Local\Pokki\Engine\icudt.dll (*** suspicious ***) @ C:\Users\Tobias\AppData\Local\Pokki\Engine\pokki.exe [217956] (ICU Data DLL/The ICU Project)(2013-09-07 02:11:12) 000000005fda0000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Vielen Dank :) |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
