Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
winlogon.exe - ATRAPS.Gen

winlogon.exe - ATRAPS.Gen


Log-Analyse und Auswertung: winlogon.exe - ATRAPS.Gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 20.10.2014, 22:20   #1
Bootsektor
Ruhe in Frieden
† 2019
 
winlogon.exe - ATRAPS.Gen - Standard

winlogon.exe - ATRAPS.Gen


Hallo,

viel besser

Mir ist aufgefallen, dass du einen Crack von Final Fantasy auf dem Rechner hast, der muss bitte runter sonst können wir nicht weitermachen:

Zitat:

A:\Final Fantasy XIII\white_data\prog\win\bin\steam_api.dll'

A:\Final Fantasy XIII\steam_api.dll'
Die von mir gelisteten Einträge deuten stark darauf hin, dass auf diesem Rechner Software benutzt wird, die nicht legal erworben wurde.

Supportunterbrechung
Lesestoff:

Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert.

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle solange nicht weiter bereinigen, bis die Software entfernt wurde. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen.

Bitte entscheide Dich also, wie Du weiter vorgehen möchtest und teile mir dieses hier in Deinem Thread mit.
Unsere Hilfe beschränkt sich, wenn Du diese Software nicht entfernst, nur auf das Neuaufsetzen und Absichern deines Systems.
Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum.
Alt 21.10.2014, 15:27   #2
donma08
 
winlogon.exe - ATRAPS.Gen - Standard

winlogon.exe - ATRAPS.Gen


Zitat:
Zitat von Bootsektor Beitrag anzeigen
Mir ist aufgefallen, dass du einen Crack von Final Fantasy auf dem Rechner hast, der muss bitte runter sonst können wir nicht weitermachen:
Hi,
sehr sehr gerne und was soll ich hier groß rumschwadronieren/lügen: dadurch hab ICH mir wohl den MIST auf den Rechner geholt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by Matthias (administrator) on MATTHIAS on 21-10-2014 16:24:59
Running from D:\
Loaded Profile: Matthias (Available profiles: Matthias)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(FinalWire Ltd.) C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Outertech) C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe
(Dropbox, Inc.) C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2014-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day0] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day1] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day2] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day3] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day4] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day5] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day6] => [X]
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-13]

Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-04-20]
CHR Extension: (Google*Übersetzer) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-04-20]
CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (Pushbullet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-04-20]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-04-20]
CHR Extension: (Session Buddy) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-04-20]
CHR Extension: (My JDownloader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2014-04-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-04-20]
CHR Extension: (AdBlock) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-20]
CHR Extension: (Cr!Box) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp [2014-04-20]
CHR Extension: (In Google Drive speichern) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-04-20]
CHR Extension: (Scroll To Top) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegiignepmecppikdlbohnnbfjdoaghj [2014-04-20]
CHR Extension: (ModHeader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2014-07-15]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-04-20]
CHR Extension: (Panel View for Keep) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2014-04-20]
CHR Extension: (LongClick New Tab) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphlcgnallcfbnpgmblmlmkehbffnoph [2014-04-20]
CHR Extension: (Reload All Tabs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2014-04-20]
CHR Extension: (Hangouts) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-04-20]
CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-20]
CHR Extension: (Close Right) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\npemobdkdcknhfaiioheeffincgpgafj [2014-04-20]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Matthias\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe [51016 2014-08-21] (Google Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [326760 2014-09-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2014-07-20] (Realtek Semiconductor)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 [34136 2014-10-06] ()
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-07-09] (ASRock Incorporation)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [X]
S3 GPU-Z; \??\C:\Users\Matthias\AppData\Local\Temp\GPU-Z.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 16:24 - 2014-10-21 16:25 - 00000000 ____D () C:\FRST
2014-10-20 16:50 - 2014-10-20 16:50 - 00003222 _____ () C:\Windows\System32\Tasks\AIDA64 AutoStart
2014-10-20 16:34 - 2014-10-20 16:34 - 00000000 ____D () C:\Program Files (x86)\FinalWire
2014-10-20 16:17 - 2014-10-21 02:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-20 16:17 - 2014-10-20 16:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-20 16:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-20 16:17 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-20 16:17 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-20 05:00 - 2014-10-20 05:00 - 00102844 _____ () C:\ProgramData\1413773998.bdinstall.bin
2014-10-20 04:59 - 2014-10-20 04:59 - 00037671 _____ () C:\ProgramData\1413773997.bdinstall.bin
2014-10-20 04:56 - 2014-10-20 04:56 - 00174873 _____ () C:\ProgramData\1413773762.bdinstall.bin
2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\QuickScan
2014-10-20 04:56 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-10-19 14:31 - 2014-10-20 04:56 - 00001483 _____ () C:\Windows\setupact.log
2014-10-19 14:31 - 2014-10-19 14:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-19 05:54 - 2014-10-19 05:54 - 00000000 ____D () C:\Program Files\Calibre2
2014-10-19 05:15 - 2014-10-19 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy XIII
2014-10-14 20:32 - 2014-10-14 20:32 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-10-14 19:16 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 19:16 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 19:16 - 2014-09-10 08:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-10-14 19:16 - 2014-09-08 05:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-14 19:16 - 2014-09-08 05:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-14 19:16 - 2014-09-08 00:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-14 19:16 - 2014-09-05 00:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-14 19:16 - 2014-09-05 00:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-14 19:16 - 2014-09-04 05:15 - 00561416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-10-14 19:16 - 2014-09-04 05:14 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-10-14 19:16 - 2014-09-04 05:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-10-14 19:16 - 2014-09-04 04:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-10-14 19:16 - 2014-09-04 03:19 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-10-14 19:16 - 2014-09-04 03:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-10-14 19:16 - 2014-09-04 02:45 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-10-14 19:16 - 2014-09-04 02:41 - 01420288 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-14 19:16 - 2014-09-04 02:36 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-14 19:16 - 2014-09-04 02:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-10-14 19:16 - 2014-09-04 02:15 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-14 19:16 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-14 19:16 - 2014-09-04 01:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-14 19:16 - 2014-09-04 01:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-14 19:16 - 2014-08-31 02:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-10-14 19:16 - 2014-08-31 02:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-14 19:16 - 2014-08-31 00:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-14 19:16 - 2014-08-31 00:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-10-14 19:16 - 2014-08-30 23:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-10-14 19:16 - 2014-08-30 23:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-10-14 19:16 - 2014-08-30 22:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-10-14 19:16 - 2014-08-30 22:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-10-14 19:16 - 2014-08-28 04:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 19:16 - 2014-08-28 02:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-10-14 19:16 - 2014-08-28 02:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-10-14 19:16 - 2014-08-23 07:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-10-14 19:16 - 2014-08-23 07:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-10-14 19:16 - 2014-08-23 06:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-10-14 19:16 - 2014-08-02 02:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-10-14 19:16 - 2014-08-02 02:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-10-14 19:15 - 2014-09-28 00:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 19:15 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 19:15 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 19:15 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 19:15 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 19:15 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 19:15 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 19:15 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 19:15 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 19:15 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 19:15 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 19:15 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 19:15 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 19:15 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 19:15 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 19:15 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 19:15 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 19:15 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 19:15 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 19:15 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 19:15 - 2014-09-19 02:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 19:15 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 19:15 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 19:15 - 2014-09-19 02:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 19:15 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 19:15 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 19:15 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 19:15 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 19:15 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 19:15 - 2014-09-08 02:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-14 19:14 - 2014-09-13 08:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 19:14 - 2014-09-13 08:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 19:14 - 2014-09-13 07:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 19:14 - 2014-09-13 07:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 19:14 - 2014-09-08 05:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-14 19:14 - 2014-09-08 03:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-14 19:14 - 2014-09-08 03:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-14 19:14 - 2014-09-08 02:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-14 19:14 - 2014-09-08 02:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-14 19:14 - 2014-09-08 02:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-14 19:14 - 2014-09-08 02:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-14 19:14 - 2014-09-08 02:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-14 19:14 - 2014-09-08 02:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-14 19:14 - 2014-09-08 01:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-14 19:14 - 2014-09-08 01:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-14 19:14 - 2014-09-08 01:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-14 19:14 - 2014-09-08 01:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-14 19:14 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 19:14 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-09-29 20:25 - 2014-09-29 20:35 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\FileBot

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 16:24 - 2014-07-05 23:47 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\NetSpeedMonitor
2014-10-21 16:21 - 2014-04-20 09:28 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-357331442-1347990815-2063067355-1001
2014-10-21 16:21 - 2014-04-20 09:19 - 01576904 _____ () C:\Windows\WindowsUpdate.log
2014-10-21 16:21 - 2014-03-18 12:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-21 16:21 - 2014-03-18 11:25 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2014-10-21 16:21 - 2014-03-18 11:25 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2014-10-21 16:17 - 2014-05-20 18:16 - 00005084 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MATTHIAS-Matthias Matthias
2014-10-21 16:17 - 2014-04-20 17:21 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Dropbox
2014-10-21 16:16 - 2014-04-20 09:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 16:16 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 08:32 - 2014-09-10 20:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-21 08:18 - 2014-04-20 17:40 - 00000000 ____D () C:\Program Files\JDownloader
2014-10-21 08:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-21 07:52 - 2014-04-20 09:32 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 20:21 - 2014-03-18 03:51 - 00373108 _____ () C:\Windows\PFRO.log
2014-10-20 08:00 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-20 07:54 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\L2Schemas
2014-10-20 07:54 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-20 05:33 - 2014-04-20 17:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-20 05:27 - 2014-04-20 17:26 - 00014860 _____ () C:\Users\Matthias\Documents\metadata_db_prefs_backup.json
2014-10-20 05:27 - 2014-04-20 17:25 - 00185344 _____ () C:\Users\Matthias\Documents\metadata.db
2014-10-20 04:29 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Packages
2014-10-20 04:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-20 01:24 - 2014-07-29 17:06 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-10-19 08:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-19 05:21 - 2014-06-07 19:32 - 00000000 ____D () C:\ProgramData\Steam
2014-10-17 20:47 - 2014-04-20 09:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 20:47 - 2014-04-20 09:32 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 15:16 - 2013-08-22 16:44 - 00434768 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 04:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-10-14 19:55 - 2014-06-07 19:12 - 00101329 _____ () C:\Windows\DirectX.log
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2014-10-14 19:26 - 2014-05-01 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-14 19:26 - 2014-05-01 18:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-14 19:26 - 2014-04-20 09:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 19:26 - 2013-08-22 15:25 - 00000167 _____ () C:\Windows\win.ini
2014-10-14 19:24 - 2014-04-20 09:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 17:01 - 2014-06-12 02:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-14 04:33 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias
2014-10-13 15:22 - 2014-08-13 16:06 - 00000000 ____D () C:\Users\Matthias\Downloads\LiveSetup
2014-10-01 23:48 - 2014-04-20 09:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-30 00:45 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-30 00:45 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 08:42 - 2014-04-20 09:29 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\avgnt.exe
C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpphmoxi.dll
C:\Users\Matthias\AppData\Local\Temp\proxy_vole4831581362691995291.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-20 04:36

==================== End Of Log ============================
--- --- ---
__________________
Alt 21.10.2014, 23:17   #3
Bootsektor
Ruhe in Frieden
† 2019
 
winlogon.exe - ATRAPS.Gen - Standard

winlogon.exe - ATRAPS.Gen


Hallo,

Zitat:
Hi,
sehr sehr gerne und was soll ich hier groß rumschwadronieren/lügen: dadurch hab ICH mir wohl den MIST auf den Rechner geholt
Ja, das ist höchstwahrscheinlich so. Lerne daraus. Deine Ehrlichkeit gefällt mir.

Wir machen jetzt Kontrollscans:
Malwarebytes hast du ja schon laufen lassen, bitte poste mir das Log davon.

Schritt 1
  • Starte Malwarebytes
  • Gehe nun oben auf Verlauf
  • links findest du nun die Auswahl Quarantäne und Anwendungsprotokolle
  • Gehe auf Anwendungsprotokolle
  • suche hier das letzte Suchlaufsprotokoll und wähle das aus
  • nun gehe oben auf Ansicht, das Protokoll öffnet sich
  • unten links steht exportieren, wähle das aus und klicke auf Textdatei
  • speichere nun das Log unter mbam.txt ab
  • öffne das Log mit deinem Texteditor
  • poste mir den Inhalt

Schritt 2
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 3
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
__________________
__________________
Alt 22.10.2014, 04:07   #4
donma08
 
winlogon.exe - ATRAPS.Gen - Standard

winlogon.exe - ATRAPS.Gen


Eset meldet noch Funde

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.10.2014
Suchlauf-Zeit: 00:15:51
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.09.19.05
Rootkit Datenbank: v2014.10.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Matthias

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 303968
Verstrichene Zeit: 6 Min, 27 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 22
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\60.exe, 3408, , [bbc630bf7efd02347559fb27b050659b]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\395.exe, 1060, , [077a2fc0780337ffce0034ee34ccd030]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\985.exe, 1616, , [ff829b540378f244a826869cb14f5ea2]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\870.exe, 5620, , [2a578768334820168c421909ae528f71]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\211.exe, 4992, , [29580ae5215a6fc77757b66c8b75b34d]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\829.exe, 820, , [8af7aa45abd0d462c00ef032f907629e]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\174.exe, 5088, , [5a27c629bfbc50e65579c95940c0817f]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\967.exe, 6388, , [047da24d7b00a492e7e7cb570cf48d73]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\320.exe, 6664, , [c3be539cf08b76c0af1f3ee4629e7a86]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\662.exe, 6948, , [1a6702ed8cefe5515975170be02042be]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\264.exe, 6184, , [1d645a951764d95dc509d44ed729768a]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\932.exe, 7104, , [6021c32c6615db5b1db1be64e7193dc3]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\739.exe, 2480, , [324ff5fa176404323f8fdc4643bd19e7]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\545.exe, 1036, , [9de48f606318ca6c0dc1d64ced13a858]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\355.exe, 6152, , [bec308e7d8a3cf674a8469b9768ad729]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\205.exe, 5196, , [b0d1915e601b06305c72ab77f70912ee]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\214.exe, 5588, , [a0e1b03f3a41290d26a8e43eaf5105fb]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\554.exe, 900, , [2160f5fa7dfef442339b26fc629e23dd]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\175.exe, 752, , [6f1224cb176439fdc20cad7598687987]
Trojan.Dropper, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe, 360, , [c1c02fc06714ae88634cf80c13f0b14f]
Trojan.Agent, C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe, 6180, , [344d10dfee8d3bfb0b9c65cf9d6639c7]
Backdoor.Agent.DC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe, 3880, , [651cdb142e4de84e0879f20609faba46]

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 1
Malware.Trace, HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\DC3_FEXEC, , [5031559a394265d1b5c4dffc6d96ea16], 

Registrierungswerte: 2
Backdoor.Agent.DCE, HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Winlogon, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe, , [2f526f801d5e989e81dca4cfdd2753ad]
Backdoor.Agent.DC, HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MicroUpdate, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe, , [651cdb142e4de84e0879f20609faba46]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 31
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\60.exe, , [bbc630bf7efd02347559fb27b050659b], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\395.exe, , [077a2fc0780337ffce0034ee34ccd030], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\985.exe, , [ff829b540378f244a826869cb14f5ea2], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\870.exe, , [2a578768334820168c421909ae528f71], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\211.exe, , [29580ae5215a6fc77757b66c8b75b34d], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\829.exe, , [8af7aa45abd0d462c00ef032f907629e], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\174.exe, , [5a27c629bfbc50e65579c95940c0817f], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\967.exe, , [047da24d7b00a492e7e7cb570cf48d73], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\320.exe, , [c3be539cf08b76c0af1f3ee4629e7a86], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\662.exe, , [1a6702ed8cefe5515975170be02042be], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\264.exe, , [1d645a951764d95dc509d44ed729768a], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\932.exe, , [6021c32c6615db5b1db1be64e7193dc3], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\739.exe, , [324ff5fa176404323f8fdc4643bd19e7], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\545.exe, , [9de48f606318ca6c0dc1d64ced13a858], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\355.exe, , [bec308e7d8a3cf674a8469b9768ad729], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\205.exe, , [b0d1915e601b06305c72ab77f70912ee], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\214.exe, , [a0e1b03f3a41290d26a8e43eaf5105fb], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\554.exe, , [2160f5fa7dfef442339b26fc629e23dd], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\175.exe, , [6f1224cb176439fdc20cad7598687987], 
Backdoor.MSIL.PGen, C:\Users\Matthias\AppData\Roaming\loader_crypt.exe, , [1c65eb04403bb086ab5bd5c3bb457a86], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\886.exe, , [b9c829c67308ac8a06c8d84a916ffc04], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\71.exe, , [2f52549baecdaf87d3fb061cf30de61a], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\421.exe, , [8ef39a55adce21158549a280b44ccb35], 
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\552.exe, , [d3ae707f017a0b2bf0de0022f40cf10f], 
Trojan.Dropper, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe, , [c1c02fc06714ae88634cf80c13f0b14f], 
Trojan.Agent, C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe, , [344d10dfee8d3bfb0b9c65cf9d6639c7], 
Trojan.Bitminer, C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.bat, , [671a6986ec8fd46256db046fa85cea16], 
Trojan.Bitminer, C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.vbs, , [b2cfa34cc9b2181e230e165d4fb53dc3], 
Trojan.Bitminer, C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\cpu.exe, , [9fe28a65770478be76bd076cea1af30d], 
Backdoor.Agent.DCE, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe, , [2f526f801d5e989e81dca4cfdd2753ad], 
Backdoor.Agent.DC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe, , [651cdb142e4de84e0879f20609faba46], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7f4c36a712870140ac0230bc3ff4a24d
# engine=20714
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2014-10-22 02:39:58
# local_time=2014-10-22 04:39:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 30535 18329119 0 0
# scanned=169687
# found=2
# cleaned=0
# scan_time=1932
sh=D0331DA3D821ACA77304F9D2F8654203CC1473BA ft=1 fh=05b393ca614acd65 vn="Win64/CoinMiner.V Trojaner" ac=I fn="C:\Users\Matthias\AppData\Roaming\upc.exe"
sh=7641C21A0E506F4ADFDF81A182296C070ED3B41F ft=0 fh=0000000000000000 vn="VBS/Runner.NCQ Trojaner" ac=I fn="C:\Users\Matthias\AppData\Roaming\upc.vbs"


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by Matthias (administrator) on MATTHIAS on 22-10-2014 05:01:58
Running from D:\
Loaded Profile: Matthias (Available profiles: Matthias)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(FinalWire Ltd.) C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Outertech) C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe
(Dropbox, Inc.) C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\Matthias\Documents\GIGABYTE\GIGABYTE Sim\Mouse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2014-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
HKLM-x32\...\Run: [GIGABYTEMOUSE] => C:\Users\Matthias\Documents\GIGABYTE\GIGABYTE Sim\Mouse.exe [1311552 2014-08-28] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day0] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day1] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day2] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day3] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day4] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day5] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day6] => [X]
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-13]

Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-04-20]
CHR Extension: (Google*Übersetzer) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-04-20]
CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (Pushbullet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-04-20]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-04-20]
CHR Extension: (Session Buddy) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-04-20]
CHR Extension: (My JDownloader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2014-04-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-04-20]
CHR Extension: (AdBlock) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-20]
CHR Extension: (Cr!Box) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp [2014-04-20]
CHR Extension: (In Google Drive speichern) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-04-20]
CHR Extension: (Scroll To Top) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegiignepmecppikdlbohnnbfjdoaghj [2014-04-20]
CHR Extension: (ModHeader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2014-07-15]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-04-20]
CHR Extension: (Panel View for Keep) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2014-04-20]
CHR Extension: (LongClick New Tab) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphlcgnallcfbnpgmblmlmkehbffnoph [2014-04-20]
CHR Extension: (Reload All Tabs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2014-04-20]
CHR Extension: (Hangouts) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-04-20]
CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-20]
CHR Extension: (Close Right) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\npemobdkdcknhfaiioheeffincgpgafj [2014-04-20]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Matthias\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe [51016 2014-08-21] (Google Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-14] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2014-07-20] (Realtek Semiconductor)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 [34136 2014-10-06] ()
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-07-09] (ASRock Incorporation)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [X]
S3 GPU-Z; \??\C:\Users\Matthias\AppData\Local\Temp\GPU-Z.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-22 05:01 - 2014-10-22 05:01 - 00000000 ____D () C:\FRST
2014-10-22 04:05 - 2014-10-22 04:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-21 20:55 - 2014-10-21 20:55 - 00000000 ____D () C:\Users\Matthias\Documents\GIGABYTE
2014-10-21 17:02 - 2014-10-21 17:02 - 00000000 ____D () C:\Windows\LastGood
2014-10-20 16:50 - 2014-10-20 16:50 - 00003222 _____ () C:\Windows\System32\Tasks\AIDA64 AutoStart
2014-10-20 16:34 - 2014-10-20 16:34 - 00000000 ____D () C:\Program Files (x86)\FinalWire
2014-10-20 16:17 - 2014-10-22 03:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-20 16:17 - 2014-10-20 16:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-20 16:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-20 16:17 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-20 16:17 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-20 05:00 - 2014-10-20 05:00 - 00102844 _____ () C:\ProgramData\1413773998.bdinstall.bin
2014-10-20 04:59 - 2014-10-20 04:59 - 00037671 _____ () C:\ProgramData\1413773997.bdinstall.bin
2014-10-20 04:56 - 2014-10-20 04:56 - 00174873 _____ () C:\ProgramData\1413773762.bdinstall.bin
2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\QuickScan
2014-10-20 04:56 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-10-19 14:31 - 2014-10-21 17:04 - 00001689 _____ () C:\Windows\setupact.log
2014-10-19 14:31 - 2014-10-19 14:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-19 05:54 - 2014-10-19 05:54 - 00000000 ____D () C:\Program Files\Calibre2
2014-10-19 05:15 - 2014-10-19 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy XIII
2014-10-14 23:50 - 2014-10-14 23:50 - 02880848 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiVAD64.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 02775400 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAAC64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 02020352 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 01512296 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSecureSourceFilter64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 01365504 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00957528 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiWinNextAgent64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00734720 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00688640 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00672048 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAudioFilter64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00616240 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMux64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00472464 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUMS64.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00457616 _____ () C:\Windows\system32\igfxTray.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00403671 _____ () C:\Windows\system32\ImageStabilization.wmv
2014-10-14 23:50 - 2014-10-14 23:50 - 00372736 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00372224 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00354096 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSilenceFilter64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00304128 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00304016 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00279952 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00273408 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00266032 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUtils64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00254976 _____ () C:\Windows\system32\igfxCPL.cpl
2014-10-14 23:50 - 2014-10-14 23:50 - 00246672 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00224256 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00207496 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00197424 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiDDEAgent64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00195984 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00183296 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3977.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00175024 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00134960 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMCUMD64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00126312 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiLogServer64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00082432 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00069632 _____ () C:\Windows\system32\igfxCUIServicePS.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00069632 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00059392 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00031408 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00030720 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00010752 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00010752 _____ ( ) C:\Windows\system32\igfxDILib.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00004020 _____ () C:\Windows\system32\iglhxs64.vp
2014-10-14 23:49 - 2014-10-14 23:49 - 24185912 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 23999488 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 23391264 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 18872832 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 17285448 _____ () C:\Windows\system32\igd11dxva64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 16811648 _____ () C:\Windows\SysWOW64\igd11dxva32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 08187392 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 07668736 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 05889000 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 04850104 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2014-10-14 23:49 - 2014-10-14 23:49 - 04640104 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 01061376 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00629784 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00510304 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00397824 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00349696 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00225792 _____ () C:\Windows\system32\igdde64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00207872 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00186368 _____ () C:\Windows\SysWOW64\igdde32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00175104 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00162304 _____ (Intel Corporation) C:\Windows\system32\igdail64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00144896 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 09122816 _____ (Intel Corporation) C:\Windows\system32\ig75icd64.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 07768744 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 07205376 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 07070880 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 01131008 _____ (Intel Corporation) C:\Windows\system32\GfxResources.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 01020816 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 01017232 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 00641530 _____ () C:\Windows\system32\FilmModeDetection.wmv
2014-10-14 23:48 - 2014-10-14 23:48 - 00418704 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 00338832 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 00338832 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 00155536 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2014-10-14 23:47 - 2014-10-14 23:47 - 00375173 _____ () C:\Windows\system32\ColorImageEnhancement.wmv
2014-10-14 20:32 - 2014-10-14 20:32 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-10-14 19:16 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 19:16 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 19:16 - 2014-09-10 08:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-10-14 19:16 - 2014-09-08 05:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-14 19:16 - 2014-09-08 05:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-14 19:16 - 2014-09-08 00:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-14 19:16 - 2014-09-05 00:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-14 19:16 - 2014-09-05 00:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-14 19:16 - 2014-09-04 05:15 - 00561416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-10-14 19:16 - 2014-09-04 05:14 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-10-14 19:16 - 2014-09-04 05:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-10-14 19:16 - 2014-09-04 04:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-10-14 19:16 - 2014-09-04 03:19 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-10-14 19:16 - 2014-09-04 03:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-10-14 19:16 - 2014-09-04 02:45 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-10-14 19:16 - 2014-09-04 02:41 - 01420288 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-14 19:16 - 2014-09-04 02:36 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-14 19:16 - 2014-09-04 02:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-10-14 19:16 - 2014-09-04 02:15 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-14 19:16 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-14 19:16 - 2014-09-04 01:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-14 19:16 - 2014-09-04 01:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-14 19:16 - 2014-08-31 02:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-10-14 19:16 - 2014-08-31 02:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-14 19:16 - 2014-08-31 00:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-14 19:16 - 2014-08-31 00:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-10-14 19:16 - 2014-08-30 23:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-10-14 19:16 - 2014-08-30 23:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-10-14 19:16 - 2014-08-30 22:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-10-14 19:16 - 2014-08-30 22:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-10-14 19:16 - 2014-08-28 04:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 19:16 - 2014-08-28 02:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-10-14 19:16 - 2014-08-28 02:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-10-14 19:16 - 2014-08-23 07:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-10-14 19:16 - 2014-08-23 07:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-10-14 19:16 - 2014-08-23 06:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-10-14 19:16 - 2014-08-02 02:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-10-14 19:16 - 2014-08-02 02:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-10-14 19:15 - 2014-09-28 00:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 19:15 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 19:15 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 19:15 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 19:15 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 19:15 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 19:15 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 19:15 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 19:15 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 19:15 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 19:15 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 19:15 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 19:15 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 19:15 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 19:15 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 19:15 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 19:15 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 19:15 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 19:15 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 19:15 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 19:15 - 2014-09-19 02:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 19:15 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 19:15 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 19:15 - 2014-09-19 02:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 19:15 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 19:15 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 19:15 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 19:15 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 19:15 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 19:15 - 2014-09-08 02:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-14 19:14 - 2014-09-13 08:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 19:14 - 2014-09-13 08:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 19:14 - 2014-09-13 07:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 19:14 - 2014-09-13 07:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 19:14 - 2014-09-08 05:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-14 19:14 - 2014-09-08 03:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-14 19:14 - 2014-09-08 03:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-14 19:14 - 2014-09-08 02:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-14 19:14 - 2014-09-08 02:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-14 19:14 - 2014-09-08 02:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-14 19:14 - 2014-09-08 02:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-14 19:14 - 2014-09-08 02:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-14 19:14 - 2014-09-08 02:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-14 19:14 - 2014-09-08 01:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-14 19:14 - 2014-09-08 01:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-14 19:14 - 2014-09-08 01:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-14 19:14 - 2014-09-08 01:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-14 19:14 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 19:14 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-07 01:53 - 2014-10-07 01:41 - 00042288 _____ (Intel Corporation) C:\Windows\system32\Drivers\intelaud.sys
2014-10-07 01:53 - 2014-10-07 01:41 - 00030512 _____ (Intel Corporation) C:\Windows\system32\Drivers\iwdbus.sys
2014-09-29 20:25 - 2014-09-29 20:35 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\FileBot

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-22 05:01 - 2014-07-05 23:47 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\NetSpeedMonitor
2014-10-22 05:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-22 04:54 - 2014-04-20 09:19 - 01807058 _____ () C:\Windows\WindowsUpdate.log
2014-10-22 04:52 - 2014-04-20 09:32 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 04:32 - 2014-09-10 20:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-22 04:15 - 2014-05-20 18:16 - 00005084 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MATTHIAS-Matthias Matthias
2014-10-22 04:11 - 2014-03-18 12:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-22 04:11 - 2014-03-18 11:25 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2014-10-22 04:11 - 2014-03-18 11:25 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2014-10-22 04:05 - 2014-04-20 17:21 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Dropbox
2014-10-22 04:04 - 2014-04-20 09:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-22 04:04 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-22 02:27 - 2014-04-20 17:40 - 00000000 ____D () C:\Program Files\JDownloader
2014-10-22 02:22 - 2014-07-29 17:06 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-10-21 22:52 - 2014-04-20 09:28 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-357331442-1347990815-2063067355-1001
2014-10-21 17:25 - 2014-04-20 10:41 - 00000425 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-10-21 17:25 - 2014-04-20 09:24 - 00000000 ____D () C:\Intel
2014-10-21 16:34 - 2014-04-20 11:07 - 00025812 _____ () C:\Windows\LDPINST.LOG
2014-10-20 20:21 - 2014-03-18 03:51 - 00373108 _____ () C:\Windows\PFRO.log
2014-10-20 08:00 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-20 07:54 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\L2Schemas
2014-10-20 07:54 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-20 05:33 - 2014-04-20 17:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-20 05:27 - 2014-04-20 17:26 - 00014860 _____ () C:\Users\Matthias\Documents\metadata_db_prefs_backup.json
2014-10-20 05:27 - 2014-04-20 17:25 - 00185344 _____ () C:\Users\Matthias\Documents\metadata.db
2014-10-20 04:29 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Packages
2014-10-20 04:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-19 08:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-19 05:21 - 2014-06-07 19:32 - 00000000 ____D () C:\ProgramData\Steam
2014-10-17 20:47 - 2014-04-20 09:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 20:47 - 2014-04-20 09:32 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 15:16 - 2013-08-22 16:44 - 00434768 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 04:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-10-14 23:50 - 2014-04-20 09:24 - 00082432 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2014-10-14 23:50 - 2014-04-20 09:24 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2014-10-14 23:50 - 2014-03-17 16:33 - 00329104 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2014-10-14 19:55 - 2014-06-07 19:12 - 00101329 _____ () C:\Windows\DirectX.log
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2014-10-14 19:26 - 2014-05-01 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-14 19:26 - 2014-05-01 18:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-14 19:26 - 2014-04-20 09:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 19:26 - 2013-08-22 15:25 - 00000167 _____ () C:\Windows\win.ini
2014-10-14 19:24 - 2014-04-20 09:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 17:01 - 2014-06-12 02:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-14 04:33 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias
2014-10-13 15:22 - 2014-08-13 16:06 - 00000000 ____D () C:\Users\Matthias\Downloads\LiveSetup
2014-10-01 23:48 - 2014-04-20 09:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-30 00:45 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-30 00:45 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 08:42 - 2014-04-20 09:29 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\avgnt.exe
C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8el4tn.dll
C:\Users\Matthias\AppData\Local\Temp\proxy_vole8285772289007070674.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-20 04:36

==================== End Of Log ============================
--- --- ---
Antwort

Themen zu winlogon.exe - ATRAPS.Gen
appdata, backdoor.agent.dc, backdoor.agent.dce, backdoor.msil.pgen, csrss.exe, entfernen, erkannt, fehlercode 0xc0000005, fehlercode 0xc000041d, flash player, malware.trace, malwarebytes, programm, software, spr/crack.890372, tr/atraps.gen, trojan.agent, trojan.bitminer, trojan.dropper, trojan.wolfrat, unerwünschtes programm, webseiten, windows, winlogon.exe


« Addons wie Werbeblocker oder "better privacy" verschwinden | Malwarebytes meldet mehrere PUP-Objekte - gefährlich? »


Ähnliche Themen: winlogon.exe - ATRAPS.Gen


  1. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  2. TR/ATRAPS.Gen und TR/ATRAPS.Gen2 von Avira gemeldet und dort nicht zu entfernen
    Log-Analyse und Auswertung - 10.10.2012 (13)
  3. Trojaner Befall TR/ATRAPS.GEN ,TR/ATRAPS.GEN2 , TR/Cutwail.jhg , TR/ZAccess.H , TR/Sirefef.A.37
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (17)
  4. TR/Atraps.gen - TR/Atraps.gen2 - TR/Rogue.kdv.686334 - von AVIRA Antivirus entdeckt
    Log-Analyse und Auswertung - 05.09.2012 (24)
  5. TR/ATRAPS.Gen2 und TR/ATRAPS.Gen wird alle paar Minuten von Antivir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (22)
  6. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  7. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  8. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 27.07.2012 (25)
  9. Viren,BDS/ZAccess.T,TR/ATRAPS.gen,TR/ATRAPS.gen2 in C:/Dokumente/Einstellungen/Administrator..
    Alles rund um Windows - 22.07.2012 (1)
  10. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  11. TR/ATRAPS.GEN, TR/ATRAPS.Gen2 6 seit ein paar Minuten auch noch ein Sirefef.P.528
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  12. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  13. TR/ATRAPS.GEN, TR/ATRAPS.GEN2 in C:\Windows\Installer\{...} und JAVA/Dldr.Lamar.CI
    Mülltonne - 09.07.2012 (2)
  14. Nach Befall tr/atraps.gen tr/atraps.gen2 formatiert - Computer startet selbständig neu
    Log-Analyse und Auswertung - 09.07.2012 (1)
  15. Virus (Rootkit.0Access, TR/ATRAPS.Gen, TR/ATRAPS.Gen2) entfernt; tatsächlich clean?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (7)
  16. Und noch einer: Trojaner TR/ATRAPS.Gen2 und TR/ATRAPS.Gen und W32/Patched.UA HILFE!!!
    Log-Analyse und Auswertung - 28.06.2012 (7)
  17. TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 gefunden, aber nach Systemwiederherstellung weg?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema winlogon.exe - ATRAPS.Gen - Hallo, viel besser Mir ist aufgefallen, dass du einen Crack von Final Fantasy auf dem Rechner hast, der muss bitte runter sonst können wir nicht weitermachen: Zitat: A:\Final Fantasy XIII\white_data\prog\win\bin\steam_api.dll' - winlogon.exe - ATRAPS.Gen...
Archiv
Du betrachtest: winlogon.exe - ATRAPS.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131