Laptop wird immer langsamer nach Virus funde (Windows 8)

cengo · 10.07.2014, 20:57

Hallo liebe Leute,

seit ungefähr 2.Stunden läuft mein Lapi sehr sehr sehr langsam . Es fing alles damit an als ich einen Virencheck gemacht habe nachdem ich in meinem Emailfach eine Mail geöffnet habe die LEER von einem unbekanntem war . Internetseiten brauchen ewig

deeprybka · 10.07.2014, 21:23

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab.
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

cengo · 10.07.2014, 21:29

Hallo Jürgen hier Logs

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2014
Ran by Acer1 (administrator) on ACER on 10-07-2014 22:25:02
Running from C:\Users\Acer1\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILEE.EXE
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe"
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-02] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKU\S-1-5-21-3942060078-1468770267-3527270758-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2013-04-11] ()
HKU\S-1-5-21-3942060078-1468770267-3527270758-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-3942060078-1468770267-3527270758-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILEE.EXE [297024 2013-04-26] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - DefaultScope {55C64423-0BCF-4A16-880A-11BF7B4DF4D0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {55C64423-0BCF-4A16-880A-11BF7B4DF4D0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {55C64423-0BCF-4A16-880A-11BF7B4DF4D0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {55C64423-0BCF-4A16-880A-11BF7B4DF4D0} URL = 
SearchScopes: HKCU - {55C64423-0BCF-4A16-880A-11BF7B4DF4D0} URL = 
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
Toolbar: HKCU - No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Acer1\AppData\Roaming\Mozilla\Firefox\Profiles\8vcuawvp.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Acer1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Acer1\AppData\Roaming\Mozilla\Firefox\Profiles\8vcuawvp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-02]
FF Extension: BetterPrivacy - C:\Users\Acer1\AppData\Roaming\Mozilla\Firefox\Profiles\8vcuawvp.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-02-19]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-03-26]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-02] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2012-08-30] (ELAN Microelectronics Corp.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-11-24] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-07-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-07-02] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-24] (Dritek System Inc.)
S3 X86BDA; C:\Windows\system32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( )
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-10 22:25 - 2014-07-10 22:25 - 00012529 _____ () C:\Users\Acer1\Desktop\FRST.txt
2014-07-10 22:24 - 2014-07-10 22:24 - 00000000 ____D () C:\Users\Acer1\Desktop\FRST-OlderVersion
2014-07-10 19:44 - 2014-07-10 21:44 - 00000929 _____ () C:\WINDOWS\Tasks\EPSON XP-412 413 415 Series Update {165A461C-0D01-452B-94C6-1CAF51ED0C5B}.job
2014-07-10 19:44 - 2014-07-10 19:44 - 00003960 _____ () C:\WINDOWS\System32\Tasks\EPSON XP-412 413 415 Series Update {165A461C-0D01-452B-94C6-1CAF51ED0C5B}
2014-07-10 19:44 - 2014-07-10 19:44 - 00003774 _____ () C:\WINDOWS\System32\Tasks\EPSON XP-412 413 415 Series Invitation {165A461C-0D01-452B-94C6-1CAF51ED0C5B}
2014-07-10 19:44 - 2014-07-10 19:44 - 00000743 _____ () C:\WINDOWS\Tasks\EPSON XP-412 413 415 Series Invitation {165A461C-0D01-452B-94C6-1CAF51ED0C5B}.job
2014-07-10 19:44 - 2014-07-10 19:44 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-07-10 19:43 - 2014-07-10 19:44 - 00000000 ____D () C:\ProgramData\EPSON
2014-07-10 19:43 - 2013-04-26 09:12 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMBLEE.DLL
2014-07-10 19:43 - 2013-04-26 09:12 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ID4BLEE.DLL
2014-07-10 19:43 - 2013-04-26 09:12 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2014-07-10 17:13 - 2014-07-10 17:13 - 00000000 ____D () C:\Users\Acer1\AppData\Roaming\Avira
2014-07-10 17:12 - 2014-07-10 17:12 - 00002034 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-07-10 17:12 - 2014-07-10 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-10 17:12 - 2014-07-10 17:12 - 00000000 ____D () C:\ProgramData\Avira
2014-07-10 17:12 - 2014-07-10 17:12 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-10 17:12 - 2014-07-02 13:06 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-07-10 17:12 - 2014-07-02 13:06 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-07-10 17:12 - 2014-07-02 13:06 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2014-07-10 17:09 - 2014-07-10 17:11 - 143880056 _____ () C:\Users\Acer1\Downloads\avira_free_antivirus_de_464.exe
2014-07-10 12:14 - 2014-07-10 17:04 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-10 12:13 - 2014-07-10 12:14 - 91906368 _____ (AVAST Software) C:\Users\Acer1\Downloads\avast_free_antivirus_setup_9.0.2021.exe
2014-07-10 12:11 - 2014-07-10 12:11 - 00394600 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-10 11:56 - 2014-06-26 22:53 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-07-10 11:56 - 2014-06-26 22:53 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 11:52 - 2014-07-10 11:52 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 12:51 - 2014-07-01 00:42 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-09 12:51 - 2014-07-01 00:42 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-09 12:51 - 2014-07-01 00:42 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-07-09 12:51 - 2014-06-28 05:35 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-09 08:11 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 08:11 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 08:11 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-07-09 08:11 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-07-09 08:11 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 08:11 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 08:11 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-07-09 08:11 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 08:11 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 08:11 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 08:11 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 08:11 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-07-09 08:11 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 08:11 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 08:11 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 08:11 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 08:11 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-07-09 08:11 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-07-09 08:11 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-07-09 08:11 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-07-09 08:11 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 08:11 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 08:11 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 08:11 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 08:11 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 08:11 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-07-09 08:11 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 08:11 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-07-09 08:11 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 08:11 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 08:11 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 08:11 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 08:11 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-07-09 08:11 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 08:11 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 08:11 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 08:11 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-07-09 08:11 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-07-09 08:11 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-07-09 08:11 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-07-09 08:11 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-07-09 08:11 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-07-09 08:11 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-07-09 08:11 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 08:11 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 08:11 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 08:11 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-07-09 08:11 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-07-09 08:11 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-07-09 08:11 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-07-09 08:11 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-07-09 08:11 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-07-09 08:11 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 08:11 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 08:11 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 08:11 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 08:11 - 2014-02-08 06:34 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-07-09 08:10 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2014-07-09 08:10 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-07-09 08:10 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-07-09 08:10 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 08:10 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2014-07-09 08:08 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 08:08 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 08:08 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-07 09:38 - 2014-07-07 09:38 - 01531995 _____ () C:\Users\Acer1\Downloads\SetupBattery18Care.zip
2014-07-06 22:03 - 2014-07-06 22:03 - 00000000 ____D () C:\Users\Acer1\AppData\Local\Adobe
2014-07-06 17:28 - 2014-07-10 11:56 - 00000000 ____D () C:\Users\Acer1\AppData\Roaming\Atheros
2014-07-06 17:28 - 2014-07-06 17:28 - 00000000 ____D () C:\ProgramData\Atheros
2014-07-06 17:22 - 2013-01-28 14:23 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01009.dll
2014-07-06 17:22 - 2013-01-28 14:23 - 00581200 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btfilter.sys
2014-07-06 17:22 - 2013-01-28 14:23 - 00346192 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_a2dp.sys
2014-07-06 17:22 - 2013-01-28 14:23 - 00179432 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_hcrp.sys
2014-07-06 17:22 - 2013-01-28 14:23 - 00136424 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_rcp.sys
2014-07-06 17:22 - 2013-01-28 14:23 - 00115280 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_avdt.sys
2014-07-06 17:22 - 2013-01-28 14:23 - 00089168 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_flt.sys
2014-07-06 17:22 - 2013-01-28 14:23 - 00077464 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_lwflt.sys
2014-07-06 17:22 - 2013-01-28 14:23 - 00034384 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btath_bus.sys
2014-07-06 16:13 - 2014-07-06 16:58 - 00000000 ____D () C:\Users\Acer1\Desktop\krali tab
2014-07-06 10:03 - 2014-07-06 17:25 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-06 10:03 - 2014-07-06 17:25 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-07-06 10:03 - 2014-07-06 17:25 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-06 10:03 - 2014-07-06 17:25 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-07-06 10:03 - 2014-07-06 17:25 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-07-06 10:03 - 2014-07-06 17:25 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-07-06 10:03 - 2014-07-06 17:25 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-06 10:03 - 2014-07-06 17:25 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-06 10:03 - 2014-07-06 17:25 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-07-06 10:03 - 2014-05-20 01:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-06 10:03 - 2014-05-20 01:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-06 10:03 - 2014-05-15 00:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-07-06 10:03 - 2014-05-15 00:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-06-30 11:12 - 2014-06-30 11:12 - 00013507 _____ () C:\Users\Acer1\Downloads\MemTest4.zip
2014-06-30 11:11 - 2014-06-30 11:11 - 00961360 _____ (Chip Digital GmbH) C:\Users\Acer1\Downloads\MemTest - CHIP-Installer.exe
2014-06-23 17:11 - 2014-06-23 17:11 - 00001747 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-23 17:11 - 2014-06-23 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-23 17:10 - 2014-06-23 17:11 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-23 17:10 - 2014-06-23 17:11 - 00000000 ____D () C:\Program Files\iTunes
2014-06-23 17:10 - 2014-06-23 17:11 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-23 17:10 - 2014-06-23 17:10 - 00000000 ____D () C:\Program Files\iPod
2014-06-23 01:05 - 2014-06-23 01:06 - 00195782 _____ () C:\Users\Acer1\Downloads\CyanogenModInstaller-1.0.1.4.apk
2014-06-23 00:53 - 2014-06-23 00:54 - 92706064 _____ () C:\Users\Acer1\Downloads\gapps-jb-20121011-signed.zip
2014-06-23 00:49 - 2014-06-23 00:49 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-06-23 00:37 - 2014-06-23 00:37 - 00961360 _____ (Chip Digital GmbH) C:\Users\Acer1\Downloads\Sony Sony Ericsson Fastboot Treiber - CHIP-Installer.exe
2014-06-23 00:05 - 2014-06-23 00:05 - 15479140 _____ () C:\Users\Acer1\Desktop\drivers.7z
2014-06-22 23:58 - 2014-06-22 23:58 - 00000000 ____D () C:\Users\Acer1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2014-06-22 23:55 - 2014-06-22 23:57 - 112690704 _____ (Androxyde) C:\Users\Acer1\Downloads\flashtool-0.9.10.1-windows(1).exe
2014-06-22 13:14 - 2014-06-22 13:14 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-06-22 11:05 - 2014-06-23 00:05 - 00000000 ____D () C:\Flashtool
2014-06-22 11:02 - 2014-06-22 11:04 - 112690704 _____ (Androxyde) C:\Users\Acer1\Downloads\flashtool-0.9.10.1-windows.exe
2014-06-22 10:59 - 2014-06-22 11:00 - 00000000 ____D () C:\Users\Acer1\Desktop\xperia
2014-06-19 23:31 - 2012-07-26 07:26 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140619-233107.backup
2014-06-19 22:51 - 2014-06-22 13:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-19 22:51 - 2014-06-22 13:14 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-19 22:51 - 2014-06-19 22:51 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-06-19 22:49 - 2014-06-19 22:49 - 00961360 _____ (Chip Digital GmbH) C:\Users\Acer1\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-06-18 13:55 - 2014-06-18 13:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 00:09 - 2014-07-10 11:31 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 00:06 - 2014-06-18 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-18 00:06 - 2014-06-18 00:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-18 00:06 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-18 00:06 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-12 13:55 - 2014-06-12 14:01 - 00000000 ____D () C:\Users\Acer1\AppData\Roaming\BatteryBar
2014-06-12 13:55 - 2014-06-12 13:55 - 00000000 ____D () C:\Program Files\BatteryBar
2014-06-12 13:54 - 2014-06-12 13:54 - 00961360 _____ (Chip Digital GmbH) C:\Users\Acer1\Downloads\BatteryBar Free - CHIP-Installer.exe
2014-06-12 13:47 - 2014-06-12 13:47 - 00042181 _____ () C:\Users\Acer1\battery-report.html
2014-06-11 15:57 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-06-11 15:57 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-06-11 15:57 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-06-11 15:57 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-06-11 15:57 - 2014-04-01 00:08 - 00387268 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-06-11 15:57 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-06-11 15:57 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-06-11 15:56 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-06-11 15:56 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-06-11 15:56 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-06-11 15:56 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-06-11 15:56 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-06-10 19:40 - 2014-06-10 19:40 - 04708736 _____ () C:\Users\Acer1\Downloads\install_flash_player_ics.apk

==================== One Month Modified Files and Folders =======

2014-07-10 22:25 - 2014-07-10 22:25 - 00012529 _____ () C:\Users\Acer1\Desktop\FRST.txt
2014-07-10 22:25 - 2014-03-14 09:24 - 00000000 ____D () C:\FRST
2014-07-10 22:24 - 2014-07-10 22:24 - 00000000 ____D () C:\Users\Acer1\Desktop\FRST-OlderVersion
2014-07-10 22:24 - 2014-03-15 10:35 - 02084864 _____ (Farbar) C:\Users\Acer1\Desktop\FRST64.exe
2014-07-10 22:07 - 2014-01-31 20:43 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-10 22:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-10 21:44 - 2014-07-10 19:44 - 00000929 _____ () C:\WINDOWS\Tasks\EPSON XP-412 413 415 Series Update {165A461C-0D01-452B-94C6-1CAF51ED0C5B}.job
2014-07-10 21:36 - 2014-02-22 00:06 - 00000000 ____D () C:\Users\Acer1\AppData\Local\CrashDumps
2014-07-10 21:36 - 2014-02-14 21:20 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-10 19:54 - 2014-03-16 21:17 - 01351604 ____N () C:\WINDOWS\WindowsUpdate.log
2014-07-10 19:44 - 2014-07-10 19:44 - 00003960 _____ () C:\WINDOWS\System32\Tasks\EPSON XP-412 413 415 Series Update {165A461C-0D01-452B-94C6-1CAF51ED0C5B}
2014-07-10 19:44 - 2014-07-10 19:44 - 00003774 _____ () C:\WINDOWS\System32\Tasks\EPSON XP-412 413 415 Series Invitation {165A461C-0D01-452B-94C6-1CAF51ED0C5B}
2014-07-10 19:44 - 2014-07-10 19:44 - 00000743 _____ () C:\WINDOWS\Tasks\EPSON XP-412 413 415 Series Invitation {165A461C-0D01-452B-94C6-1CAF51ED0C5B}.job
2014-07-10 19:44 - 2014-07-10 19:44 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-07-10 19:44 - 2014-07-10 19:43 - 00000000 ____D () C:\ProgramData\EPSON
2014-07-10 18:40 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-10 18:30 - 2014-01-31 11:21 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3942060078-1468770267-3527270758-1001
2014-07-10 17:13 - 2014-07-10 17:13 - 00000000 ____D () C:\Users\Acer1\AppData\Roaming\Avira
2014-07-10 17:12 - 2014-07-10 17:12 - 00002034 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-07-10 17:12 - 2014-07-10 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-10 17:12 - 2014-07-10 17:12 - 00000000 ____D () C:\ProgramData\Avira
2014-07-10 17:12 - 2014-07-10 17:12 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-10 17:11 - 2014-07-10 17:09 - 143880056 _____ () C:\Users\Acer1\Downloads\avira_free_antivirus_de_464.exe
2014-07-10 17:05 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-10 17:04 - 2014-07-10 12:14 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-10 16:40 - 2012-11-25 06:00 - 00753134 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-10 16:40 - 2012-11-25 06:00 - 00155826 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-10 16:40 - 2012-07-26 09:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-10 12:14 - 2014-07-10 12:13 - 91906368 _____ (AVAST Software) C:\Users\Acer1\Downloads\avast_free_antivirus_setup_9.0.2021.exe
2014-07-10 12:11 - 2014-07-10 12:11 - 00394600 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-10 12:11 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-10 11:56 - 2014-07-06 17:28 - 00000000 ____D () C:\Users\Acer1\AppData\Roaming\Atheros
2014-07-10 11:54 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\SchCache
2014-07-10 11:52 - 2014-07-10 11:52 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 11:52 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 11:52 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 11:52 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 11:52 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 11:31 - 2014-06-18 00:09 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-09 13:08 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-09 13:07 - 2014-02-03 17:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 13:06 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-09 13:05 - 2014-02-03 17:37 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-08 22:07 - 2014-01-31 20:43 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-08 12:58 - 2014-02-16 22:02 - 00000000 ____D () C:\Users\Acer1\Documents\Bluetooth Folder
2014-07-08 12:53 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-07 21:20 - 2014-05-11 15:35 - 00000000 ____D () C:\Users\Acer1\Desktop\GZ Musik
2014-07-07 09:38 - 2014-07-07 09:38 - 01531995 _____ () C:\Users\Acer1\Downloads\SetupBattery18Care.zip
2014-07-06 22:03 - 2014-07-06 22:03 - 00000000 ____D () C:\Users\Acer1\AppData\Local\Adobe
2014-07-06 17:28 - 2014-07-06 17:28 - 00000000 ____D () C:\ProgramData\Atheros
2014-07-06 17:27 - 2012-11-24 21:41 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2014-07-06 17:25 - 2014-07-06 10:03 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-06 17:25 - 2014-07-06 10:03 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-07-06 17:25 - 2014-07-06 10:03 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-06 17:25 - 2014-07-06 10:03 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-07-06 17:25 - 2014-07-06 10:03 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-07-06 17:25 - 2014-07-06 10:03 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-07-06 17:25 - 2014-07-06 10:03 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-06 17:25 - 2014-07-06 10:03 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-06 17:25 - 2014-07-06 10:03 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-07-06 17:18 - 2012-11-24 21:40 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-07-06 17:12 - 2014-02-06 21:57 - 00000000 ____D () C:\Users\Acer1\AppData\Roaming\Apple Computer
2014-07-06 17:12 - 2014-02-06 21:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-06 16:58 - 2014-07-06 16:13 - 00000000 ____D () C:\Users\Acer1\Desktop\krali tab
2014-07-02 13:06 - 2014-07-10 17:12 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-07-02 13:06 - 2014-07-10 17:12 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-07-02 13:06 - 2014-07-10 17:12 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2014-07-01 00:42 - 2014-07-09 12:51 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-01 00:42 - 2014-07-09 12:51 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-01 00:42 - 2014-07-09 12:51 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-06-30 11:12 - 2014-06-30 11:12 - 00013507 _____ () C:\Users\Acer1\Downloads\MemTest4.zip
2014-06-30 11:11 - 2014-06-30 11:11 - 00961360 _____ (Chip Digital GmbH) C:\Users\Acer1\Downloads\MemTest - CHIP-Installer.exe
2014-06-29 21:36 - 2014-02-17 23:34 - 00116224 ___SH () C:\Users\Acer1\Desktop\Thumbs.db
2014-06-28 21:43 - 2014-03-15 11:14 - 00000000 ____D () C:\Users\Acer1\Desktop\Ordner
2014-06-28 19:06 - 2012-10-24 07:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2014-06-28 19:06 - 2012-10-24 07:11 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-06-28 19:05 - 2012-10-24 07:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-28 19:03 - 2012-10-24 07:12 - 00000000 ____D () C:\ProgramData\Acer
2014-06-28 18:54 - 2012-10-24 07:13 - 00000000 ____D () C:\Program Files\Acer
2014-06-28 05:35 - 2014-07-09 12:51 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-26 22:53 - 2014-07-10 11:56 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:53 - 2014-07-10 11:56 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-25 16:28 - 2014-02-06 21:57 - 00000000 ____D () C:\Users\Acer1\AppData\Local\Apple Computer
2014-06-24 11:25 - 2014-03-04 20:05 - 00000000 ____D () C:\Users\Acer1\AppData\Roaming\Mp3tag
2014-06-23 17:11 - 2014-06-23 17:11 - 00001747 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-23 17:11 - 2014-06-23 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-23 17:11 - 2014-06-23 17:10 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-23 17:11 - 2014-06-23 17:10 - 00000000 ____D () C:\Program Files\iTunes
2014-06-23 17:11 - 2014-06-23 17:10 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-23 17:10 - 2014-06-23 17:10 - 00000000 ____D () C:\Program Files\iPod
2014-06-23 01:06 - 2014-06-23 01:05 - 00195782 _____ () C:\Users\Acer1\Downloads\CyanogenModInstaller-1.0.1.4.apk
2014-06-23 00:54 - 2014-06-23 00:53 - 92706064 _____ () C:\Users\Acer1\Downloads\gapps-jb-20121011-signed.zip
2014-06-23 00:49 - 2014-06-23 00:49 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-06-23 00:37 - 2014-06-23 00:37 - 00961360 _____ (Chip Digital GmbH) C:\Users\Acer1\Downloads\Sony Sony Ericsson Fastboot Treiber - CHIP-Installer.exe
2014-06-23 00:05 - 2014-06-23 00:05 - 15479140 _____ () C:\Users\Acer1\Desktop\drivers.7z
2014-06-23 00:05 - 2014-06-22 11:05 - 00000000 ____D () C:\Flashtool
2014-06-22 23:58 - 2014-06-22 23:58 - 00000000 ____D () C:\Users\Acer1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2014-06-22 23:57 - 2014-06-22 23:55 - 112690704 _____ (Androxyde) C:\Users\Acer1\Downloads\flashtool-0.9.10.1-windows(1).exe
2014-06-22 23:52 - 2014-05-11 16:46 - 00033792 ___SH () C:\Users\Acer1\Downloads\Thumbs.db
2014-06-22 13:15 - 2014-06-19 22:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-22 13:14 - 2014-06-22 13:14 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-06-22 13:14 - 2014-06-19 22:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-22 11:09 - 2014-01-31 20:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-22 11:07 - 2014-01-31 11:13 - 00000000 ____D () C:\Users\Acer1\AppData\Local\VirtualStore
2014-06-22 11:04 - 2014-06-22 11:02 - 112690704 _____ (Androxyde) C:\Users\Acer1\Downloads\flashtool-0.9.10.1-windows.exe
2014-06-22 11:00 - 2014-06-22 10:59 - 00000000 ____D () C:\Users\Acer1\Desktop\xperia
2014-06-20 17:50 - 2014-05-29 15:11 - 00000000 ____D () C:\Users\Acer1\Desktop\tab
2014-06-19 22:51 - 2014-06-19 22:51 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-06-19 22:49 - 2014-06-19 22:49 - 00961360 _____ (Chip Digital GmbH) C:\Users\Acer1\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-06-19 14:09 - 2014-01-31 11:57 - 00000000 ____D () C:\Users\Acer1\Desktop\Musik
2014-06-19 13:52 - 2014-05-29 15:11 - 00000000 ____D () C:\Users\Acer1\Desktop\Filme
2014-06-19 13:24 - 2014-02-22 23:35 - 00000000 ____D () C:\Users\Acer1\AppData\Roaming\vlc
2014-06-19 04:12 - 2014-07-09 08:11 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-06-19 04:12 - 2014-07-09 08:11 - 01366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-06-19 04:12 - 2014-07-09 08:11 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-06-19 04:12 - 2014-07-09 08:11 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-06-19 04:12 - 2014-07-09 08:11 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-06-19 04:11 - 2014-07-09 08:11 - 19277312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-06-19 04:11 - 2014-07-09 08:11 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-06-19 04:11 - 2014-07-09 08:11 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-06-19 04:10 - 2014-07-09 08:11 - 15369728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-06-19 04:10 - 2014-07-09 08:11 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-06-19 04:10 - 2014-07-09 08:11 - 02650624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-06-19 04:10 - 2014-07-09 08:11 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-06-19 04:10 - 2014-07-09 08:11 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-06-19 04:10 - 2014-07-09 08:11 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-06-19 04:10 - 2014-07-09 08:11 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-06-19 04:10 - 2014-07-09 08:11 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-06-19 04:10 - 2014-07-09 08:11 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-06-19 04:10 - 2014-07-09 08:11 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-06-19 04:10 - 2014-07-09 08:11 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-06-19 04:10 - 2014-07-09 08:11 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-06-19 04:09 - 2014-07-09 08:11 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-06-19 02:53 - 2014-07-09 08:11 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-06-19 02:53 - 2014-07-09 08:11 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-06-19 02:53 - 2014-07-09 08:11 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-06-19 02:53 - 2014-07-09 08:11 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-06-19 02:53 - 2014-07-09 08:11 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-06-19 02:53 - 2014-07-09 08:11 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-06-19 02:53 - 2014-07-09 08:11 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-06-19 02:52 - 2014-07-09 08:11 - 13732352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-06-19 02:52 - 2014-07-09 08:11 - 02863616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-06-19 02:52 - 2014-07-09 08:11 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-06-19 02:52 - 2014-07-09 08:11 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-06-19 02:52 - 2014-07-09 08:11 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-06-19 02:52 - 2014-07-09 08:11 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-06-19 02:52 - 2014-07-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-06-19 02:52 - 2014-07-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-06-19 02:52 - 2014-07-09 08:11 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-06-19 02:52 - 2014-07-09 08:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-06-19 02:52 - 2014-07-09 08:11 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-06-19 02:52 - 2014-07-09 08:11 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-06-19 02:33 - 2014-07-09 08:11 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-06-19 02:30 - 2014-07-09 08:11 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-06-19 00:05 - 2014-07-09 08:11 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-06-18 20:51 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-06-18 13:55 - 2014-06-18 13:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 01:27 - 2014-07-09 08:11 - 01440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-06-18 01:24 - 2014-07-09 08:11 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-06-18 00:06 - 2014-06-18 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-18 00:06 - 2014-06-18 00:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-18 00:06 - 2014-03-13 23:03 - 00000000 ____D () C:\Users\Acer1\AppData\Roaming\Malwarebytes
2014-06-18 00:06 - 2014-03-13 23:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-12 14:01 - 2014-06-12 13:55 - 00000000 ____D () C:\Users\Acer1\AppData\Roaming\BatteryBar
2014-06-12 13:55 - 2014-06-12 13:55 - 00000000 ____D () C:\Program Files\BatteryBar
2014-06-12 13:54 - 2014-06-12 13:54 - 00961360 _____ (Chip Digital GmbH) C:\Users\Acer1\Downloads\BatteryBar Free - CHIP-Installer.exe
2014-06-12 13:47 - 2014-06-12 13:47 - 00042181 _____ () C:\Users\Acer1\battery-report.html
2014-06-12 13:47 - 2014-01-31 11:12 - 00000000 ____D () C:\Users\Acer1
2014-06-11 06:18 - 2014-07-09 08:11 - 04038144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-06-10 19:40 - 2014-06-10 19:40 - 04708736 _____ () C:\Users\Acer1\Downloads\install_flash_player_ics.apk

Some content of TEMP:
====================
C:\Users\Acer1\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-09 04:03

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-07-2014
Ran by Acer1 at 2014-07-10 22:25:49
Running from C:\Users\Acer1\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 VIDEO DVR (HKLM-x32\...\{EBD0EE76-2CFC-4EE5-AFE6-7EEAA3B14332}) (Version: 2012.04.17 - -)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Angry Birds (HKLM-x32\...\{910D3FB9-E341-4DD9-B52A-3B3C0C340AF6}) (Version: 1.5.3 - Rovio)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4746 - CDBurnerXP)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
EPSON XP-412 413 415 Series Printer Uninstall (HKLM\...\EPSON XP-412 413 415 Series) (Version:  - SEIKO EPSON Corporation)
ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.10.1 - Androxyde)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free MP4 Video Converter version 5.0.33.213 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.33.213 - DVDVideoSoft Ltd.)
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Free YouTube Download version 3.2.33.424 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.33.424 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.31.325 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.31.325 - DVDVideoSoft Ltd.)
honestech VHS to DVD 2.0 SE (HKLM-x32\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 2.0 - honestech)
iBackupBot 5.1.1 (HKLM-x32\...\iBackupBot) (Version: 5.1.1 - VOWSoft, Ltd.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XMedia Recode Version 3.1.7.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.9 - XMedia Recode)

==================== Restore Points  =========================

28-06-2014 16:53:19 Removed Acer Instant Update Service
06-07-2014 08:03:04 Windows Update
09-07-2014 08:33:45 Windows Update
10-07-2014 10:16:12 avast! antivirus system restore point

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1076514D-DBC6-4676-80AB-836D8C157999} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1BBBE8A5-CB06-4485-97C6-02468B524A86} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {408761BB-4024-4777-85C6-5D823A343ECB} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {474ED943-3A07-4381-A732-F1818C5F7980} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {583424D4-5961-443F-B711-F9524574D8BD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {5849C09B-C2D6-4925-B76B-97B66FE6037C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {7EDAA68F-C2FC-4887-9C98-569910AC40D7} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {9B90FF24-8932-4AF7-8333-556190533B65} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A823656E-0B2E-49DE-ACA6-787BC28617D3} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\WINDOWS\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {B35F34B5-900E-4130-AFE2-DD232A0EFE29} - System32\Tasks\EPSON XP-412 413 415 Series Update {165A461C-0D01-452B-94C6-1CAF51ED0C5B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE [2013-04-26] (SEIKO EPSON CORPORATION)
Task: {C556D6D7-3C45-4105-8FA5-5ABD15FD0BD9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F85E103F-B28B-4A6C-9536-ED6F9DEA938E} - System32\Tasks\EPSON XP-412 413 415 Series Invitation {165A461C-0D01-452B-94C6-1CAF51ED0C5B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE [2013-04-26] (SEIKO EPSON CORPORATION)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON XP-412 413 415 Series Invitation {165A461C-0D01-452B-94C6-1CAF51ED0C5B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-412 413 415 Series Update {165A461C-0D01-452B-94C6-1CAF51ED0C5B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE

==================== Loaded Modules (whitelisted) =============

2013-01-28 14:45 - 2013-01-28 14:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 14:42 - 2013-01-28 14:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-28 14:47 - 2013-01-28 14:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2012-10-29 06:16 - 2012-10-23 05:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-23 08:26 - 2012-08-23 08:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-23 08:26 - 2012-08-23 08:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-23 08:26 - 2012-08-23 08:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2012-11-24 21:25 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-06-18 13:55 - 2014-06-18 13:55 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2014 00:16:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary nzonhwll.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (07/10/2014 11:55:25 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (07/10/2014 11:31:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.0.0.532 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: cc0

Startzeit: 01cf9c21a8685a72

Endzeit: 16

Anwendungspfad: C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe

Berichts-ID: f90bc8b6-0814-11e4-bea8-20689df05cf7

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/10/2014 11:27:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.0.0.532 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e8c

Startzeit: 01cf9c1ef70076a0

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe

Berichts-ID: 5fd68b64-0814-11e4-bea8-20689df05cf7

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/09/2014 07:04:11 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/07/2014 03:41:28 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/06/2014 05:27:44 PM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (07/05/2014 09:21:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/04/2014 02:06:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/03/2014 07:58:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


System errors:
=============
Error: (07/10/2014 05:05:17 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist möglicherweise nicht installiert.

Error: (07/10/2014 04:36:24 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist möglicherweise nicht installiert.

Error: (07/10/2014 00:42:48 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (07/10/2014 00:17:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! EmHWID" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%127

Error: (07/10/2014 00:11:58 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist möglicherweise nicht installiert.

Error: (07/10/2014 11:51:18 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
%%1

Error: (07/08/2014 00:50:25 PM) (Source: BTHUSB) (EventID: 16) (User: )
Description: Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter und einem Gerät mit Bluetooth-Adapteradresse (8c:c8:cd:88:81:33) ist fehlgeschlagen.

Error: (07/08/2014 00:50:11 PM) (Source: BTHUSB) (EventID: 16) (User: )
Description: Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter und einem Gerät mit Bluetooth-Adapteradresse (8c:c8:cd:88:81:33) ist fehlgeschlagen.

Error: (07/06/2014 04:11:05 PM) (Source: Microsoft-Windows-DriverFrameworks-UserMode) (EventID: 10101) (User: NT-AUTORITÄT)
Description: Das Treiberpaket konnte nicht installiert werden. Der letzte Status war "258".

Error: (06/30/2014 11:05:34 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000001a (0x0000000000041793, 0xfffff6800011b5c8, 0x0000000000000009, 0x0000000000000008)C:\WINDOWS\MEMORY.DMP063014-30515-01


Microsoft Office Sessions:
=========================
Error: (07/10/2014 00:16:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary nzonhwll.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (07/10/2014 11:55:25 AM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (07/10/2014 11:31:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.532cc001cf9c21a8685a7216C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exef90bc8b6-0814-11e4-bea8-20689df05cf7

Error: (07/10/2014 11:27:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.532e8c01cf9c1ef70076a00C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe5fd68b64-0814-11e4-bea8-20689df05cf7

Error: (07/09/2014 07:04:11 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/07/2014 03:41:28 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/06/2014 05:27:44 PM) (Source: ETDService) (EventID: 0) (User: )
Description: ETDServiceCreateInteractiveProcess failed w/err 0x000003f0

Error: (07/05/2014 09:21:02 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/04/2014 02:06:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/03/2014 07:58:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 3912.27 MB
Available physical RAM: 1879.03 MB
Total Pagefile: 7880.27 MB
Available Pagefile: 5589.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:680.48 GB) (Free:480.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: E0E7AFE5)

Partition: GPT Partition Type.

==================== End Of Log ============================

deeprybka · 10.07.2014, 21:40

Wir machen bitte so weiter:

Schritt 1
Scan mit

Malwarebytes Antimalware
Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
Poste mir den Inhalt der Logdatei. Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 2
Downloade Dir HitmanPro

auf Deinen Desktop:

HitmanPro-32 Bit Version
HitmanPro-64 Bit Version

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

cengo · 10.07.2014, 22:08

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 10.07.2014
Suchlauf-Zeit: 22:43:37
Logdatei: 
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.09.13
Rootkit Datenbank: v2014.07.09.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Acer1

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 280409
Verstrichene Zeit: 13 Min, 19 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.9.220
www.hitmanpro.com

   Computer name . . . . : ACER
   Windows . . . . . . . : 6.2.0.9200.X64/2
   User name . . . . . . : Acer\Acer1
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-07-10 23:01:01
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 26s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 13

   Objects scanned . . . : 1.754.423
   Files scanned . . . . : 24.490
   Remnants scanned  . . : 406.352 files / 1.323.581 keys

Suspicious files ____________________________________________________________

   C:\Users\Acer1\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.157.056 bytes
      Age  . . . . . . . : 117.5 days (2014-03-15 10:35:05)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : C95B9760D492835A6E26C7ADA570F805B729C55FCA067EB746DA0A2183C279A2
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

   C:\Users\Acer1\Desktop\FRST64.exe
      Size . . . . . . . : 2.084.864 bytes
      Age  . . . . . . . : 0.0 days (2014-07-10 22:24:23)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 4B94F1146E7B2F3E38D83A221EE678A1C4316989867EBFEDBA73BD853B811419
      Needs elevation  . : Yes
      Source URL . . . . : hxxp://download.bleepingcomputer.com/dl/ac9ed667a8e661cb239531c2cb45283b/53bef677/windows/security/security-utilities/f/farbar-recovery-scan-tool/64/FRST64.exe
      Fuzzy  . . . . . . : 27.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.8s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4IDICOPG\FRST64[1].exe
         -0.3s C:\Users\Acer1\AppData\Roaming\Microsoft\Windows\Cookies\6TANB3IP.txt
         -0.3s C:\Users\Acer1\AppData\Roaming\Microsoft\Windows\Cookies\I1GIZCEZ.txt
         -0.3s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4IDICOPG\82[1].htm
         -0.0s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4IDICOPG\FRST64[2].exe
          0.0s C:\Users\Acer1\Desktop\FRST64.exe
          3.4s C:\Users\Acer1\Desktop\FRST-OlderVersion\
          4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
          4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db
          4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
          4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db
          4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
          4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
          4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
          4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
          4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide.db
          4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_exif.db
          7.6s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLIHN0GP\up64[1]

   C:\Users\Acer1\Downloads\FRST64.exe
      Size . . . . . . . : 2.157.056 bytes
      Age  . . . . . . . : 117.5 days (2014-03-15 10:34:35)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : C95B9760D492835A6E26C7ADA570F805B729C55FCA067EB746DA0A2183C279A2
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

   C:\Program Files (x86)\AskPartnerNetwork\ (AskBar)
   C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ (AskBar)
   C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (AskBar)
      Size . . . . . . . : 166.352 bytes
      Age  . . . . . . . : 147.7 days (2014-02-13 07:22:47)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : C3081358313A982F53CAD54C214AFECAD9660A59FB4A3DDFE068724E83041AF8
      Product  . . . . . : APN Updater
      Publisher  . . . . : APN LLC.
      Description  . . . : APN Updater
      Version  . . . . . : 21.5.0.2560
      Copyright  . . . . : (c) APN LLC.  All rights reserved.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : -8.0

   C:\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe (AskBar)
      Size . . . . . . . : 114.128 bytes
      Age  . . . . . . . : 147.7 days (2014-02-13 07:22:47)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : DCB7FE544B967787BB1515F9CD344688B9234D188BC50DAE5C966BBD9D5E8836
      Product  . . . . . : Update Manager
      Publisher  . . . . : APN LLC.
      Description  . . . : Update Manager
      Version  . . . . . : 21.5.0.2560
      Copyright  . . . . : (c) APN LLC.  All rights reserved.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : -8.0

   C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\ (AskBar)
   C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (AskBar)
      Size . . . . . . . : 1.758.160 bytes
      Age  . . . . . . . : 147.7 days (2014-02-13 07:22:26)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 5C557182618218B2A66408BA89438E154B3236D0F0EED2D64C3CD65C68129700
      Product  . . . . . : Ask TBNotifier
      Publisher  . . . . : APN
      Description  . . . : Ask Toolbar Notifier
      Version  . . . . . : 31.6.3.286
      Copyright  . . . . : (c) Ask.  All rights reserved.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : -8.0

   HKU\.DEFAULT\Software\AskPartnerNetwork\ (AskBar)
   HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AskPartnerNetwork\ (AskBar)
   HKU\S-1-5-18\Software\AskPartnerNetwork\ (AskBar)
   HKU\S-1-5-21-3942060078-1468770267-3527270758-1001\Software\Softonic\ (Softonic)

deeprybka · 10.07.2014, 22:36

Genau wie die Scanner, finde ich nichts, was Dein Problem verursacht haben könnte.

Versuch das mal:

Datenträgerbereinigung Windows 8 / 8.1

Drücke die Windowstaste + Q
Gebe im Suchfeld Datenträgerbereinigung ein
Wähle die Option: Speicherplatz durch Löschen nicht erforderlicher Dateien freigeben und wähle Dein Festplattenlaufwerk aus
Prüfe ob bei Temporäre Dateien die checkbox gesetzt ist
Bestätige mit OK
Bestätige dass Du die Dateien unwiderruflich löschen möchtest.

Anschließend PC neu starten. Veränderungen?

cengo · 10.07.2014, 22:42

ok danke werde ich machen und beobachten

deeprybka · 10.07.2014, 23:02

OK...

10.07.2014, 23:02	#8
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Laptop wird immer langsamer nach Virus funde (Windows 8) OK... __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Laptop wird immer langsamer nach Virus funde (Windows 8)

Log-Analyse und Auswertung: Laptop wird immer langsamer nach Virus funde (Windows 8)