Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: SuggestedSites.dat Trojaner auf Windows 8

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.05.2015, 14:13   #1
SWEN2805
 
SuggestedSites.dat Trojaner auf Windows 8 - Standard

SuggestedSites.dat Trojaner auf Windows 8



Hallo liebes Helferteam
Ich habe ein Problem mit einem Vermeintlichen Trojaner
Als ich letztens an meinem PC gearbeitet habe kam aufeinmal Werbung obwohl ich keinen Browser geöffnet habe.Also habe ich den CCleaner gestartet und das gefunden:
C:\Users\****\Appdata\Microsoft\Windows\INETCache\Low\SuggestedSites.dat
Seitdem finde ich auch keinen Internetexplorer mehr auf meinem PC.Als ich es entdeckt hatte habe ich gegooget was das genau ist und bin dann habe ich mich hier angemeldet und nichts riskiert
Ich erhoffe mir schnelle Hilfe da ich echt angst habe und keinen Plan habe was ich zutun habe
MfG Swen2805

Alt 24.05.2015, 15:04   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SuggestedSites.dat Trojaner auf Windows 8 - Standard

SuggestedSites.dat Trojaner auf Windows 8



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 24.05.2015, 15:27   #3
SWEN2805
 
SuggestedSites.dat Trojaner auf Windows 8 - Standard

SuggestedSites.dat Trojaner auf Windows 8



Es war mein Fehler
__________________

Geändert von SWEN2805 (24.05.2015 um 15:32 Uhr) Grund: Ausversehen doppelt geschickt sry

Alt 24.05.2015, 15:31   #4
SWEN2805
 
SuggestedSites.dat Trojaner auf Windows 8 - Standard

SuggestedSites.dat Trojaner auf Windows 8



Danke für die schnelle Hilfe Werbung kam schon öfters jedoch ist sie mir nie aufgefallen weil sie immer kam wenn ich auf YT war bis es mir dann gestern aufgefallen ist.
FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015
Ran by Swen (administrator) on SWEN on 24-05-2015 16:23:07
Running from C:\Users\Swen\AppData\Local\Microsoft\Windows\INetCache\IE\0KCVHL55
Loaded Profiles: Swen &  (Available Profiles: Swen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Users\Swen\AppData\Roaming\SpeedMon\speedmon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(Farbar) C:\Users\Swen\AppData\Local\Microsoft\Windows\INetCache\IE\0KCVHL55\FRST64[1].exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-22] (Realtek Semiconductor)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ACPW08DE] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe [1813776 2014-09-17] (ACD Systems)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-12] (Electronic Arts)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-15] (Valve Corporation)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [444840 2015-03-12] (IncrediMail, Ltd.)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [SpeedMon] => C:\Users\Swen\AppData\Roaming\SpeedMon\speedmon.exe [840206 2015-03-12] ()
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [ACDSeeCommanderPro8] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe [2141192 2014-12-17] ()
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-12] (Electronic Arts)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-15] (Valve Corporation)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [444840 2015-03-12] (IncrediMail, Ltd.)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpeedMon] => C:\Users\Swen\AppData\Roaming\SpeedMon\speedmon.exe [840206 2015-03-12] ()
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ACDSeeCommanderPro8] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe [2141192 2014-12-17] ()
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.hyrican.de
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.hyrican.de
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-25] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Swen\AppData\Roaming\Mozilla\Firefox\Profiles\ynYzYHPh.default
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-01-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-01-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Swen\AppData\Roaming\Mozilla\Firefox\Profiles\ynYzYHPh.default\Extensions\abs@avira.com [2015-03-11]
FF Extension: No Name - C:\Users\Swen\AppData\Roaming\Mozilla\Firefox\Profiles\ynYzYHPh.default\extensions\iobitascsurfingprotection@iobit.com [not found]

Chrome: 
=======
CHR Profile: C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12]
CHR Extension: (Google Docs) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12]
CHR Extension: (Google Drive) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-12]
CHR Extension: (YouTube) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12]
CHR Extension: (Adblock Plus) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-12]
CHR Extension: (Google Search) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12]
CHR Extension: (Google Sheets) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12]
CHR Extension: (Avira Browser Safety) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-12]
CHR Extension: (AdBlock) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-12]
CHR Extension: (Bookmark Manager) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-12]
CHR Extension: (Gmail) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) []
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-01] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-12] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 IAStorDataMgrSvc; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-25] (Avira Operations GmbH & Co. KG)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-01] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2014-09-06] (Windows (R) Win 7 DDK provider)
S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [227840 2013-09-25] (VIA Technologies, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [297472 2013-09-25] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 14:46 - 2015-05-24 15:59 - 00057563 _____ () C:\Windows\WindowsUpdate.log
2015-05-23 23:03 - 2015-05-23 23:03 - 00081158 _____ () C:\Users\Swen\Downloads\Extras.Txt
2015-05-23 23:02 - 2015-05-23 23:02 - 00162106 _____ () C:\Users\Swen\Downloads\OTL.Txt
2015-05-23 22:56 - 2015-05-23 22:56 - 00602112 _____ (OldTimer Tools) C:\Users\Swen\Downloads\OTL.exe
2015-05-23 22:28 - 2015-05-23 22:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-23 22:23 - 2015-05-23 22:37 - 00000000 ____D () C:\Users\Swen\Desktop\mbar
2015-05-23 22:20 - 2015-05-23 22:21 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Swen\Downloads\mbar-1.09.1.1004.exe
2015-05-23 22:04 - 2015-05-23 22:05 - 63320784 _____ (Microsoft Corporation) C:\Users\Swen\Downloads\IE11-Windows6.1-x64-de-de.exe
2015-05-23 21:27 - 2015-05-23 21:28 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Swen\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-21 15:51 - 2015-05-23 21:56 - 00000000 ____D () C:\AdwCleaner
2015-05-21 15:51 - 2015-05-23 21:36 - 02223104 _____ () C:\Users\Swen\Downloads\adwcleaner_4.205.exe
2015-05-21 15:50 - 2015-05-21 15:50 - 02209792 _____ () C:\Users\Swen\Downloads\adwcleaner_4.204.exe
2015-05-21 15:08 - 2015-05-24 15:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-21 15:08 - 2015-05-23 22:28 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-21 15:08 - 2015-05-23 21:30 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-21 15:08 - 2015-05-23 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-21 15:08 - 2015-05-23 21:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-21 15:08 - 2015-05-21 15:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-21 15:08 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-21 15:08 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-21 15:06 - 2015-05-21 15:06 - 01196832 _____ () C:\Users\Swen\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-05-20 18:17 - 2015-05-20 18:17 - 00000000 ____D () C:\Users\Swen\Documents\Simply Super Software
2015-05-20 18:05 - 2015-05-20 18:14 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2015-05-20 18:05 - 2015-05-20 18:05 - 00000000 ____D () C:\ProgramData\Licenses
2015-05-20 18:03 - 2015-05-20 18:03 - 01196832 _____ () C:\Users\Swen\Downloads\Trojan Remover - CHIP-Installer.exe
2015-05-19 19:47 - 2015-05-19 19:47 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Swen\Downloads\revosetup95.exe
2015-05-19 19:47 - 2015-05-19 19:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-19 19:46 - 2015-05-19 19:46 - 00032412 _____ () C:\Users\Swen\Downloads\Addition.txt
2015-05-19 19:45 - 2015-05-19 19:46 - 00043534 _____ () C:\Users\Swen\Downloads\FRST.txt
2015-05-19 19:44 - 2015-05-24 16:23 - 00000000 ____D () C:\FRST
2015-05-19 19:44 - 2015-05-19 19:45 - 00000000 ____D () C:\Users\Swen\Downloads\FRST-OlderVersion
2015-05-19 19:37 - 2015-05-19 19:45 - 02107904 _____ (Farbar) C:\Users\Swen\Downloads\FRST64.exe
2015-05-13 17:58 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 17:58 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 15:37 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 15:37 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 15:37 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 15:37 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 15:37 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 15:37 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 15:37 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 15:37 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 15:37 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 15:37 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 15:37 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 15:37 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-13 15:37 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 15:37 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 15:37 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 15:37 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-13 15:37 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 15:37 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 15:37 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-13 15:37 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 15:37 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-13 15:37 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 15:37 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 15:37 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 15:37 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 15:37 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 15:37 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 15:37 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-13 15:37 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 15:37 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-13 15:37 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 15:37 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-13 15:37 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 15:37 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 15:37 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 15:37 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 15:37 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 15:37 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 15:37 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 15:37 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 15:37 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 15:37 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 15:37 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 15:37 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 15:37 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 15:37 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-13 15:37 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 15:37 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-13 15:37 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 15:37 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-13 15:37 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 15:37 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-13 15:37 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-13 15:37 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-13 15:37 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-13 15:37 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-13 15:37 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 15:37 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 15:37 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 15:37 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-13 15:37 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-13 15:37 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-13 15:37 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-13 15:37 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-13 15:37 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-13 15:37 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-13 15:37 - 2015-03-13 02:29 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-13 15:37 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 15:37 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 15:37 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-13 15:37 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 15:37 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-13 15:37 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 15:37 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 15:37 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-13 15:37 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 15:37 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-13 15:37 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-09 12:28 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-05-09 12:28 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-05-08 12:24 - 2015-05-08 12:24 - 00848608 _____ (Perion, Inc. ) C:\Users\Swen\Downloads\IncrediMailCH (1).exe
2015-05-08 12:23 - 2015-05-08 12:23 - 00848608 _____ (Perion, Inc. ) C:\Users\Swen\Downloads\IncrediMailCH.exe
2015-05-08 12:08 - 2015-05-08 12:08 - 00000000 _____ () C:\Users\Swen\Sti_Trace.log
2015-05-08 11:45 - 2015-05-08 11:45 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-05-08 11:45 - 2015-05-08 11:45 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-05-08 11:45 - 2015-05-08 11:45 - 00000000 ____D () C:\Program Files\MSBuild
2015-05-08 11:45 - 2015-05-08 11:45 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-05-08 11:45 - 2015-05-08 11:45 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-05-08 11:42 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2015-05-08 11:42 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2015-05-08 11:39 - 2015-05-08 11:39 - 07905320 _____ (383 Media, Inc.) C:\Users\Swen\Downloads\DriverRestore.exe
2015-05-08 11:35 - 2015-05-08 11:35 - 00000957 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2015-05-08 11:35 - 2015-05-08 11:35 - 00000000 ____D () C:\Users\Swen\AppData\Roaming\InstallShield
2015-05-08 11:35 - 2015-05-08 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-05-08 11:35 - 2015-05-08 11:35 - 00000000 ____D () C:\ProgramData\EPSON
2015-05-08 11:35 - 2015-05-08 11:35 - 00000000 ____D () C:\Program Files (x86)\epson
2015-05-08 11:35 - 2007-07-13 00:00 - 00083968 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxcwiad.dll
2015-05-08 11:35 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
2015-05-08 11:35 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EPPicMgr.dll
2015-05-08 11:35 - 2006-10-31 00:10 - 00000097 _____ () C:\Windows\SysWOW64\PICSDK.ini
2015-05-08 11:35 - 2006-10-20 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
2015-05-08 11:35 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
2015-05-08 11:35 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
2015-05-08 11:35 - 2005-06-01 00:20 - 00111932 _____ () C:\Windows\SysWOW64\EPPICPrinterDB.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00031053 _____ () C:\Windows\SysWOW64\EPPICPattern131.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00027417 _____ () C:\Windows\SysWOW64\EPPICPattern121.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00026154 _____ () C:\Windows\SysWOW64\EPPICPattern1.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00024903 _____ () C:\Windows\SysWOW64\EPPICPattern3.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00021390 _____ () C:\Windows\SysWOW64\EPPICPattern5.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00020148 _____ () C:\Windows\SysWOW64\EPPICPattern2.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00013732 _____ () C:\Windows\SysWOW64\EPPICLocal_EN.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00011811 _____ () C:\Windows\SysWOW64\EPPICPattern4.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00006442 _____ () C:\Windows\SysWOW64\EPPICLocal_IT.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006347 _____ () C:\Windows\SysWOW64\EPPICLocal_PT.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006347 _____ () C:\Windows\SysWOW64\EPPICLocal_BP.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006335 _____ () C:\Windows\SysWOW64\EPPICLocal_GE.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006195 _____ () C:\Windows\SysWOW64\EPPICLocal_FR.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006195 _____ () C:\Windows\SysWOW64\EPPICLocal_CF.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006122 _____ () C:\Windows\SysWOW64\EPPICLocal_DU.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006103 _____ () C:\Windows\SysWOW64\EPPICLocal_ES.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00005817 _____ () C:\Windows\SysWOW64\EPPICLocal_KO.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00005436 _____ () C:\Windows\SysWOW64\EPPICLocal_SC.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00004943 _____ () C:\Windows\SysWOW64\EPPICPattern6.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00002889 _____ () C:\Windows\SysWOW64\EPPICLocal_RU.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00002426 _____ () C:\Windows\SysWOW64\EPPICLocal_TC.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00001146 _____ () C:\Windows\SysWOW64\EPPICPresetData_DU.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001139 _____ () C:\Windows\SysWOW64\EPPICPresetData_PT.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001139 _____ () C:\Windows\SysWOW64\EPPICPresetData_BP.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001136 _____ () C:\Windows\SysWOW64\EPPICPresetData_ES.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001129 _____ () C:\Windows\SysWOW64\EPPICPresetData_FR.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001129 _____ () C:\Windows\SysWOW64\EPPICPresetData_CF.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001120 _____ () C:\Windows\SysWOW64\EPPICPresetData_IT.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001107 _____ () C:\Windows\SysWOW64\EPPICPresetData_GE.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001104 _____ () C:\Windows\SysWOW64\EPPICPresetData_EN.dat
2015-05-08 11:34 - 2015-05-08 11:34 - 02719744 _____ () C:\Users\Swen\Downloads\epson320996eu.exe
2015-05-08 11:33 - 2015-05-08 11:34 - 16389632 _____ () C:\Users\Swen\Downloads\epson324601eu.exe
2015-05-08 11:33 - 2015-05-08 11:33 - 12313600 _____ () C:\Users\Swen\Downloads\epson324852eu.exe
2015-05-01 11:03 - 2015-05-01 11:03 - 00014848 ___SH () C:\Users\Swen\Downloads\Thumbs.db
2015-05-01 09:06 - 2015-05-01 09:06 - 28917914 _____ () C:\Users\Swen\Downloads\The CraftingFabo Pack V.2.zip
2015-05-01 09:05 - 2015-05-01 09:05 - 08697855 _____ () C:\Users\Swen\Downloads\BDcraft Sounds Pack.zip
2015-04-30 18:27 - 2015-04-30 18:27 - 00001319 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2015-04-30 18:27 - 2015-04-30 18:27 - 00001307 _____ () C:\Users\Public\Desktop\paint.net.lnk
2015-04-30 18:27 - 2015-04-30 18:27 - 00000000 ____D () C:\Program Files\paint.net
2015-04-30 18:26 - 2015-04-30 18:28 - 00000000 ____D () C:\Users\Swen\AppData\Local\paint.net
2015-04-30 18:24 - 2015-04-30 18:25 - 06528454 _____ () C:\Users\Swen\Downloads\paint.net.4.0.5.install.zip
2015-04-30 18:24 - 2015-04-30 18:24 - 01203488 _____ () C:\Users\Swen\Downloads\Paint NET - CHIP-Installer.exe
2015-04-25 11:50 - 2015-04-25 11:50 - 00000000 _____ () C:\Windows\SysWOW64\REND3E8.tmp
2015-04-25 11:49 - 2015-04-25 11:49 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-24 15:24 - 2015-03-12 11:09 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 15:17 - 2015-03-11 17:59 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-24 15:11 - 2015-03-11 17:35 - 00000000 ____D () C:\Users\Swen\AppData\Roaming\TS3Client
2015-05-24 14:52 - 2015-03-12 10:15 - 00000000 ____D () C:\Users\Swen\AppData\Roaming\SpeedMon
2015-05-24 14:51 - 2015-03-12 11:05 - 00000000 ____D () C:\Users\Swen\AppData\Local\CrashDumps
2015-05-24 14:51 - 2015-03-11 16:14 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2B00C7BB-9E69-454D-962B-0745937E41F6}
2015-05-24 14:50 - 2015-03-11 16:10 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3216707188-2497091474-2308484383-1001
2015-05-24 14:47 - 2015-03-21 21:46 - 00000000 ____D () C:\Users\Swen\AppData\Local\LogMeIn Hamachi
2015-05-24 14:47 - 2015-03-11 16:13 - 00000000 ___DO () C:\Users\Swen\OneDrive
2015-05-24 14:46 - 2015-03-12 11:09 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 14:45 - 2015-01-27 13:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-24 14:45 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 22:02 - 2015-03-11 16:05 - 00001351 _____ () C:\Users\Swen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-23 21:57 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-22 15:37 - 2015-03-11 16:24 - 00000000 ____D () C:\Users\Swen\AppData\Roaming\.minecraft
2015-05-21 20:58 - 2015-03-21 21:34 - 00000000 ____D () C:\Users\Swen\AppData\Local\ftblauncher
2015-05-21 18:27 - 2015-03-21 21:53 - 06628862 _____ () C:\Users\Swen\Downloads\FTB_Launcher (1).exe
2015-05-21 18:27 - 2015-03-21 21:34 - 00000000 ____D () C:\Users\Swen\AppData\Roaming\ftblauncher
2015-05-20 18:16 - 2015-03-12 11:51 - 00003844 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1426153860
2015-05-20 18:16 - 2015-03-12 11:51 - 00001070 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-05-20 18:16 - 2015-03-12 11:51 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-20 18:13 - 2015-01-27 13:05 - 00000000 ____D () C:\ProgramData\Temp
2015-05-20 18:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-20 17:25 - 2015-04-12 12:59 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 17:25 - 2015-04-12 12:59 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 17:25 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-19 19:51 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-19 19:49 - 2015-01-27 13:22 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-05-19 19:39 - 2015-03-11 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-19 18:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-05-17 22:47 - 2015-03-11 16:04 - 00000000 ____D () C:\Users\Swen
2015-05-16 13:19 - 2015-03-12 11:09 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 13:19 - 2015-03-12 11:09 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 15:53 - 2015-03-11 16:27 - 00961024 ___SH () C:\Users\Swen\Desktop\Thumbs.db
2015-05-14 15:47 - 2015-04-14 20:17 - 00000000 ____D () C:\Users\Swen\AppData\Roaming\ZoomBrowser EX
2015-05-14 15:47 - 2015-04-14 20:14 - 00000000 ____D () C:\ProgramData\ZoomBrowser
2015-05-14 09:27 - 2013-08-22 16:44 - 00389048 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 22:53 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-13 22:53 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 17:57 - 2015-03-13 19:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 17:55 - 2015-03-13 19:36 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 17:50 - 2014-11-21 05:13 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-11 15:26 - 2015-03-11 17:37 - 00000000 ____D () C:\ProgramData\Origin
2015-05-08 19:01 - 2014-11-21 05:35 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-08 19:01 - 2014-11-21 04:45 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2015-05-08 19:01 - 2014-11-21 04:45 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2015-05-08 17:40 - 2015-03-11 16:05 - 00000000 ____D () C:\Users\Swen\AppData\Local\Packages
2015-05-08 12:23 - 2015-03-12 09:41 - 00000000 ____D () C:\Users\Swen\AppData\Local\IM
2015-05-08 11:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-05-08 11:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\MUI
2015-05-07 19:00 - 2015-03-31 12:28 - 00000000 ____D () C:\Users\Swen\Desktop\Foto
2015-05-05 19:59 - 2014-11-21 13:01 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2014-11-21 13:01 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-05 13:41 - 2015-03-11 16:33 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 13:41 - 2015-03-11 16:33 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-01 18:51 - 2015-01-27 13:29 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-01 18:51 - 2015-01-27 13:29 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-05-01 18:50 - 2015-01-27 13:29 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-05-01 18:50 - 2015-01-27 13:29 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-05-01 11:07 - 2015-03-22 17:59 - 00000000 ___HD () C:\Users\Swen\Desktop\[Originaldateien]
2015-04-25 11:50 - 2015-03-21 22:10 - 00000000 ____D () C:\Program Files\Java
2015-04-25 11:50 - 2015-03-21 22:00 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-25 11:50 - 2015-03-11 16:59 - 00000000 ____D () C:\ProgramData\Oracle

==================== Files in the root of some directories =======

2015-03-12 10:36 - 2015-03-12 10:40 - 0000041 _____ () C:\Users\Swen\AppData\Roaming\sversion.ini

Some files in TEMP:
====================
C:\Users\Swen\AppData\Local\Temp\avgnt.exe
C:\Users\Swen\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-22 13:35

==================== End of log ============================
         
Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015
Ran by Swen at 2015-05-24 16:23:50
Running from C:\Users\Swen\AppData\Local\Microsoft\Windows\INetCache\IE\0KCVHL55
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3216707188-2497091474-2308484383-500 - Administrator - Disabled)
Gast (S-1-5-21-3216707188-2497091474-2308484383-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3216707188-2497091474-2308484383-1003 - Limited - Enabled)
Swen (S-1-5-21-3216707188-2497091474-2308484383-1001 - Administrator - Enabled) => C:\Users\Swen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee Pro 8 (64-bit) (HKLM\...\{F84CE839-8CDD-4DC1-9A05-FA93BEA8B63D}) (Version: 8.1.0.270 - ACD Systems International Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.7.0.6 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.5.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.6.0.5 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.6.0.23 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.4.0.4 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4427.02 - CyberLink Corp.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
FUSSBALL MANAGER 14 (HKLM-x32\...\{5FC27E1E-08C0-4346-A321-ED2D31FAE936}) (Version: 1.0.0.0 - Electronic Arts)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
IncrediMail (x32 Version: 6.6.0.5288 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5288 - IncrediMail Ltd.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180400}) (Version: 8.0.400.25 - Oracle Corporation)
KompoZer 0.8b3 (HKLM-x32\...\{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1) (Version:  - KompoZer)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.25 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 29.0.1795.60 (HKLM-x32\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
SpeedMon (HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\SpeedMon) (Version: 0.5b - SpeedMon)
SpeedMon (HKU\S-1-5-21-3216707188-2497091474-2308484383-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SpeedMon) (Version: 0.5b - SpeedMon)
Sponsoren Patch für den FM13 (HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Sponsoren Patch für den FM13) (Version:  - )
Sponsoren Patch für den FM13 (HKU\S-1-5-21-3216707188-2497091474-2308484383-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Sponsoren Patch für den FM13) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
Worms Armageddon (HKLM-x32\...\Steam App 217200) (Version:  - Team17 Digital Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

13-05-2015 17:47:52 Windows Update
19-05-2015 19:49:18 Revo Uninstaller's restore point - Realtek Ethernet Controller Driver
19-05-2015 19:49:36 Entfernt Realtek Ethernet Controller Driver

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15A75C0D-C9A9-48D7-8391-6481F68B28F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.)
Task: {2F374619-3E04-4AE2-B5B6-B6956E51E98B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
Task: {65409E23-611A-4FE5-84F5-693C0057D7F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.)
Task: {6E4AF0D3-E1FB-40F4-A718-ACC7E7573898} - System32\Tasks\{C0CD1CD2-B13F-4051-AF10-E634A1B21032} => pcalua.exe -a C:\Users\Swen\Downloads\fm14_spielerbilder_2bundesliga.exe -d C:\Users\Swen\Downloads
Task: {9168575F-D9A8-4B42-BA46-6A2E742E367D} - System32\Tasks\{9454970E-48F7-4ACE-B38D-34C32B119FEB} => pcalua.exe -a C:\Users\Swen\Downloads\fm14_spielerbilder_3liga.exe -d C:\Users\Swen\Downloads
Task: {BECA905C-2785-457B-84F2-2F2CFFD6F08E} - System32\Tasks\{2CF8D7B8-FBD2-4A9D-A118-2C7F4CA0938F} => pcalua.exe -a C:\Users\Swen\Downloads\fm14_database_originalnamen_europa.exe -d C:\Users\Swen\Downloads
Task: {CB090D2A-AC3A-4224-BF9C-3C915946E5B6} - System32\Tasks\{6ABBFAD1-7732-456F-978D-80DF5C7FF43F} => pcalua.exe -a C:\Users\Swen\Downloads\fm14_spielerbilder_bundesliga.exe -d C:\Users\Swen\Downloads
Task: {D86D424C-7966-42BF-81B9-3557B5221F8B} - System32\Tasks\Opera scheduled Autoupdate 1426153860 => C:\Program Files (x86)\Opera\launcher.exe [2015-05-18] (Opera Software)
Task: {E2D26377-926F-4601-B0D4-08BE13E3FB34} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {E8F4134D-9A2F-480E-8470-33A433B4F40B} - System32\Tasks\{2C4FB188-6D0C-441A-B206-BCF837837EA2} => pcalua.exe -a C:\Users\Swen\Downloads\fm14_database_deutschland.exe -d C:\Users\Swen\Downloads
Task: {EF3C565E-F26F-4079-A869-5ABDDCB085B7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-27 13:28 - 2015-01-10 01:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-12 10:15 - 2015-03-12 10:15 - 00840206 _____ () C:\Users\Swen\AppData\Roaming\SpeedMon\speedmon.exe
2015-02-19 23:40 - 2015-02-19 23:40 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-12-17 16:15 - 2014-12-17 16:15 - 02141192 _____ () C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe
2015-03-31 14:14 - 2015-05-01 18:52 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-03-11 18:03 - 2015-04-16 19:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-03-11 18:03 - 2015-04-23 04:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-03-11 18:03 - 2015-05-15 03:58 - 02396352 _____ () C:\Program Files (x86)\Steam\video.dll
2015-03-11 18:03 - 2015-04-23 04:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-03-11 18:03 - 2015-04-23 04:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-03-11 18:03 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-03-11 18:03 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-03-11 18:03 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-03-11 18:03 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-03-11 18:03 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-03-11 18:03 - 2015-05-15 03:57 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-03-11 18:03 - 2015-05-11 21:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-01-27 13:21 - 2013-09-16 13:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-05-23 00:25 - 2015-05-13 18:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-23 00:25 - 2015-05-13 18:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
2014-02-28 15:33 - 2014-02-28 15:33 - 00148480 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\quazip.dll
2014-02-27 15:46 - 2014-02-27 15:46 - 00864768 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 15:45 - 2014-02-27 15:45 - 00677376 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-08-04 15:43 - 2014-08-04 15:43 - 00092104 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
2014-08-04 15:43 - 2014-08-04 15:43 - 00105416 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll
2014-02-27 15:46 - 2014-02-27 15:46 - 00025600 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 15:46 - 2014-02-27 15:46 - 00242688 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-08-04 15:45 - 2014-08-04 15:45 - 00477128 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-08-04 15:45 - 2014-08-04 15:45 - 00484808 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 15:46 - 2014-02-27 15:46 - 00123904 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\Users\Swen\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Swen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Swen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "ACPW08DE"
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\StartupApproved\Run: => "PCSpeedUp"
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "PCSpeedUp"
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "EADM"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8C86031F-7B6C-4CAB-95B8-DFCE22EFE771}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{A47243B8-1087-4E15-8EAA-92DAF75DCC04}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{5DC104BE-44F5-42B0-8A68-48016C216CFA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FD963BDD-E549-4DC0-80AA-EED0A0D029F7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{92EC9AC6-AA61-4EB3-8885-BB5F9FEFF861}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{DC32563B-CFB7-499E-855D-2F07CA7E8818}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3B99F971-4B6D-49A8-8987-38CADA5106E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B4040881-2F0D-4B98-8219-C39374A57885}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DCB8D3B1-5CBB-4940-9238-38B91E9587A1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7DDCE2D0-4184-4582-9F9B-4F5DA01A3100}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{250EE2A6-5C01-4C84-8845-14EA950BA8BC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{92524EE8-35C9-47A0-B0E5-EFE7FCDC63BB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{34F0C07A-29B9-4A9B-BFDB-18EC9DF3D931}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BAB7D39C-ADEC-48FD-B0EF-39A4574074D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{70F69E87-D5CA-408C-B243-70D80D60152A}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{C94A5098-1D26-49D6-99B8-44E522D60E7C}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{0305373B-1187-4C74-B418-52180595E1FA}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{69AFBE90-5DE3-48F0-A4BD-17321E567D94}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{13EA15D1-A5E7-4659-B1EA-078BB692F5D9}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{8589CBC5-2CC9-4097-AAD7-B670B5F45F84}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{19E4473F-F7B0-4B51-83C5-FA172F642B45}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{9DE22620-032C-45E7-B594-8B96199F06A2}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [TCP Query User{C2865E8B-1877-4CF2-828C-53DF89AC8C6D}C:\users\swen\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\swen\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{CBEA864C-5953-4DF0-9239-CAF533C5A106}C:\users\swen\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\swen\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{914B5B9C-1410-4050-80FB-4CDB1938C0B6}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [UDP Query User{33B76AAE-96EE-4D01-9260-BAB06B212C8D}C:\program files (x86)\tmnationsforever\tmforever.exe] => (Allow) C:\program files (x86)\tmnationsforever\tmforever.exe
FirewallRules: [{DC93BC1D-B0CC-444A-A43E-FA808C41A5A5}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{D54F2742-6D09-4858-ABDE-621FF9DFE9DA}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{794C3DF2-8C32-4A1C-B690-A8F05BDBA947}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worms Armageddon\WA.exe
FirewallRules: [{90FCBC4B-CE1C-4A25-8E0A-C7FB3F780432}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worms Armageddon\WA.exe
FirewallRules: [TCP Query User{1C39C723-11BE-4F21-8DF7-B0BB25104F31}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{A582E926-D191-44ED-868E-07DCBDE2D5DF}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{90427BDB-D675-48DE-8F79-8B246D13DC20}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{A872E1C8-8ADD-4862-8C56-4A28E51A550D}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{7ECAAA68-1CFD-423D-90AD-7E64F86303DA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2015 03:08:13 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3216707188-2497091474-2308484383-1001}/">.

Error: (05/24/2015 03:07:59 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3216707188-2497091474-2308484383-1001}/">.

Error: (05/24/2015 02:52:13 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3216707188-2497091474-2308484383-1001}/">.

Error: (05/24/2015 02:51:57 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3216707188-2497091474-2308484383-1001}/">.

Error: (05/24/2015 02:51:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 43.0.2357.65, Zeitstempel: 0x5552c066
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f42c2
Ausnahmecode: 0xc0000142
Fehleroffset: 0x0009d4f2
ID des fehlerhaften Prozesses: 0xbec
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5

Error: (05/24/2015 02:51:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 43.0.2357.65, Zeitstempel: 0x5552c066
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f42c2
Ausnahmecode: 0xc0000142
Fehleroffset: 0x0009d4f2
ID des fehlerhaften Prozesses: 0x18bc
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5

Error: (05/24/2015 02:51:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 43.0.2357.65, Zeitstempel: 0x5552c066
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f42c2
Ausnahmecode: 0xc0000142
Fehleroffset: 0x0009d4f2
ID des fehlerhaften Prozesses: 0xf18
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5

Error: (05/24/2015 02:51:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 43.0.2357.65, Zeitstempel: 0x5552c066
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f42c2
Ausnahmecode: 0xc0000142
Fehleroffset: 0x0009d4f2
ID des fehlerhaften Prozesses: 0x1454
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5

Error: (05/24/2015 02:46:51 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3216707188-2497091474-2308484383-1001}/">.

Error: (05/24/2015 02:46:25 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3216707188-2497091474-2308484383-1001}/">.


System errors:
=============
Error: (05/24/2015 02:52:44 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Peer Name Resolution-Protokoll" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (05/24/2015 02:47:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/24/2015 02:47:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/24/2015 02:47:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Peernetzwerkidentitäts-Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/24/2015 02:46:08 PM) (Source: DCOM) (EventID: 10016) (User: SWEN)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SwenSwenS-1-5-21-3216707188-2497091474-2308484383-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (05/24/2015 02:46:08 PM) (Source: DCOM) (EventID: 10016) (User: SWEN)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SwenSwenS-1-5-21-3216707188-2497091474-2308484383-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (05/24/2015 02:46:08 PM) (Source: DCOM) (EventID: 10016) (User: SWEN)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SwenSwenS-1-5-21-3216707188-2497091474-2308484383-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (05/24/2015 02:46:08 PM) (Source: DCOM) (EventID: 10016) (User: SWEN)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SwenSwenS-1-5-21-3216707188-2497091474-2308484383-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (05/24/2015 02:46:07 PM) (Source: DCOM) (EventID: 10016) (User: SWEN)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SwenSwenS-1-5-21-3216707188-2497091474-2308484383-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (05/24/2015 02:46:07 PM) (Source: DCOM) (EventID: 10016) (User: SWEN)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SwenSwenS-1-5-21-3216707188-2497091474-2308484383-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


Microsoft Office:
=========================
Error: (05/24/2015 03:08:13 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-3216707188-2497091474-2308484383-1001}/

Error: (05/24/2015 03:07:59 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-3216707188-2497091474-2308484383-1001}/

Error: (05/24/2015 02:52:13 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-3216707188-2497091474-2308484383-1001}/

Error: (05/24/2015 02:51:57 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-3216707188-2497091474-2308484383-1001}/

Error: (05/24/2015 02:51:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe43.0.2357.655552c066ntdll.dll6.3.9600.17736550f42c2c00001420009d4f2bec01d0962058d54c74C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dll96839567-0213-11e5-8287-fcaa143985c5

Error: (05/24/2015 02:51:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe43.0.2357.655552c066ntdll.dll6.3.9600.17736550f42c2c00001420009d4f218bc01d0962058c2ab72C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dll96714293-0213-11e5-8287-fcaa143985c5

Error: (05/24/2015 02:51:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe43.0.2357.655552c066ntdll.dll6.3.9600.17736550f42c2c00001420009d4f2f1801d0962058a818b4C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dll9658d037-0213-11e5-8287-fcaa143985c5

Error: (05/24/2015 02:51:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe43.0.2357.655552c066ntdll.dll6.3.9600.17736550f42c2c00001420009d4f2145401d096205378f22fC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dll921e82a1-0213-11e5-8287-fcaa143985c5

Error: (05/24/2015 02:46:51 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-3216707188-2497091474-2308484383-1001}/

Error: (05/24/2015 02:46:25 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-3216707188-2497091474-2308484383-1001}/


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 28%
Total physical RAM: 8084.27 MB
Available physical RAM: 5818.91 MB
Total Pagefile: 16788.27 MB
Available Pagefile: 13883.82 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:916.15 GB) (Free:837.96 GB) NTFS
Drive f: (Foto-Datenträger) (Fixed) (Total:698.63 GB) (Free:256.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1CB2D4DA)

Partition: GPT Partition Type.

========================================================
Disk: 6 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 66E69FB0)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End of log ============================
         
Hoffe das das richtig war

Alt 24.05.2015, 15:46   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SuggestedSites.dat Trojaner auf Windows 8 - Standard

SuggestedSites.dat Trojaner auf Windows 8



Adware/Junkware/Toolbars entfernen

1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Wie man Programme richtig installiert

Backup mit DriveSnapshot

Das TB unterstützen

Alt 24.05.2015, 16:24   #6
SWEN2805
 
SuggestedSites.dat Trojaner auf Windows 8 - Standard

SuggestedSites.dat Trojaner auf Windows 8



So
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 24.05.2015
Suchlauf-Zeit: 16:51:37
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.24.02
Rootkit Datenbank: v2015.05.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Swen

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 354673
Verstrichene Zeit: 13 Min, 28 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
ADW
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.205 - Bericht erstellt 24/05/2015 um 17:08:01
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-21.2 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Swen - SWEN
# Gestarted von : C:\Users\Swen\Downloads\adwcleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v


-\\ Google Chrome v43.0.2357.65


-\\ Opera v29.0.1795.60


*************************

AdwCleaner[R0].txt - [2914 Bytes] - [21/05/2015 15:51:58]
AdwCleaner[R1].txt - [1239 Bytes] - [21/05/2015 15:57:56]
AdwCleaner[R2].txt - [1043 Bytes] - [21/05/2015 16:02:12]
AdwCleaner[R3].txt - [1128 Bytes] - [23/05/2015 11:42:37]
AdwCleaner[R4].txt - [1220 Bytes] - [23/05/2015 21:37:31]
AdwCleaner[R5].txt - [1338 Bytes] - [24/05/2015 17:06:42]
AdwCleaner[S0].txt - [2668 Bytes] - [21/05/2015 15:53:06]
AdwCleaner[S1].txt - [1253 Bytes] - [21/05/2015 15:59:22]
AdwCleaner[S2].txt - [1188 Bytes] - [23/05/2015 11:43:51]
AdwCleaner[S3].txt - [1280 Bytes] - [23/05/2015 21:56:30]
AdwCleaner[S4].txt - [1259 Bytes] - [24/05/2015 17:08:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1318  Bytes] ##########
         
--- --- ---


JRT
JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.8 (05.23.2015:2)
OS: Windows 8.1 x64
Ran by Swen on 24.05.2015 at 17:16:29,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Failed to delete: [Task] C:\Windows\tasks\ImCleanDisabled
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3216707188-2497091474-2308484383-1001
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3216707188-2497091474-2308484383-500
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-4133226840-329255260-4119196817-500



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\DRIVERRESTORE.EXE-2C1611CF.pf
Successfully deleted: [File] C:\Windows\prefetch\SPEEDMON.EXE-70C12C56.pf



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Swen\AppData\Roaming\productdata



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Swen\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.05.2015 at 17:17:46,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---


FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by Swen (administrator) on SWEN on 24-05-2015 17:20:02
Running from C:\Users\Swen\AppData\Local\Microsoft\Windows\INetCache\IE\OFYVUVUJ
Loaded Profiles: Swen (Available Profiles: Swen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Swen\AppData\Local\Microsoft\Windows\INetCache\IE\OFYVUVUJ\FRST64[1].exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-22] (Realtek Semiconductor)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ACPW08DE] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe [1813776 2014-09-17] (ACD Systems)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-12] (Electronic Arts)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-15] (Valve Corporation)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [444840 2015-03-12] (IncrediMail, Ltd.)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [SpeedMon] => C:\Users\Swen\AppData\Roaming\SpeedMon\speedmon.exe [840206 2015-03-12] ()
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [ACDSeeCommanderPro8] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe [2141192 2014-12-17] ()
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.hyrican.de
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-25] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Swen\AppData\Roaming\Mozilla\Firefox\Profiles\ynYzYHPh.default
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-01-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-01-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Swen\AppData\Roaming\Mozilla\Firefox\Profiles\ynYzYHPh.default\Extensions\abs@avira.com [2015-03-11]
FF Extension: No Name - C:\Users\Swen\AppData\Roaming\Mozilla\Firefox\Profiles\ynYzYHPh.default\extensions\iobitascsurfingprotection@iobit.com [not found]

Chrome: 
=======
CHR Profile: C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12]
CHR Extension: (Google Docs) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12]
CHR Extension: (Google Drive) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-12]
CHR Extension: (YouTube) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12]
CHR Extension: (Adblock Plus) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-12]
CHR Extension: (Google Search) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12]
CHR Extension: (Google Sheets) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12]
CHR Extension: (Avira Browser Safety) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-12]
CHR Extension: (AdBlock) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-12]
CHR Extension: (Bookmark Manager) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Gmail) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) []
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-01] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-12] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 IAStorDataMgrSvc; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-25] (Avira Operations GmbH & Co. KG)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-01] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2014-09-06] (Windows (R) Win 7 DDK provider)
S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [227840 2013-09-25] (VIA Technologies, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [297472 2013-09-25] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 17:17 - 2015-05-24 17:17 - 00001633 _____ () C:\Users\Swen\Desktop\JRT.txt
2015-05-24 17:16 - 2015-05-24 17:16 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SWEN-Windows-8.1-(64-bit).dat
2015-05-24 17:16 - 2015-05-24 17:16 - 00000000 ____D () C:\RegBackup
2015-05-24 17:14 - 2015-05-24 17:14 - 00001398 _____ () C:\Users\Swen\Desktop\AdwCleaner[S4].txt
2015-05-24 17:06 - 2015-05-24 17:06 - 00001195 _____ () C:\Users\Swen\Desktop\mbam.txt
2015-05-24 16:49 - 2015-05-24 16:49 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Swen\Downloads\mbam-setup-2.1.6.1022 (1).exe
2015-05-24 14:46 - 2015-05-24 17:13 - 00007941 _____ () C:\Windows\WindowsUpdate.log
2015-05-23 23:03 - 2015-05-23 23:03 - 00081158 _____ () C:\Users\Swen\Downloads\Extras.Txt
2015-05-23 23:02 - 2015-05-23 23:02 - 00162106 _____ () C:\Users\Swen\Downloads\OTL.Txt
2015-05-23 22:56 - 2015-05-23 22:56 - 00602112 _____ (OldTimer Tools) C:\Users\Swen\Downloads\OTL.exe
2015-05-23 22:28 - 2015-05-23 22:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-23 22:20 - 2015-05-23 22:21 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Swen\Downloads\mbar-1.09.1.1004.exe
2015-05-23 22:04 - 2015-05-23 22:05 - 63320784 _____ (Microsoft Corporation) C:\Users\Swen\Downloads\IE11-Windows6.1-x64-de-de.exe
2015-05-23 21:27 - 2015-05-23 21:28 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Swen\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-21 15:51 - 2015-05-24 17:08 - 00000000 ____D () C:\AdwCleaner
2015-05-21 15:51 - 2015-05-23 21:36 - 02223104 _____ () C:\Users\Swen\Downloads\adwcleaner_4.205.exe
2015-05-21 15:50 - 2015-05-21 15:50 - 02209792 _____ () C:\Users\Swen\Downloads\adwcleaner_4.204.exe
2015-05-21 15:08 - 2015-05-24 17:05 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-21 15:08 - 2015-05-24 16:50 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-21 15:08 - 2015-05-24 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-21 15:08 - 2015-05-24 16:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-21 15:08 - 2015-05-21 15:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-21 15:08 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-21 15:08 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-21 15:08 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-21 15:06 - 2015-05-21 15:06 - 01196832 _____ () C:\Users\Swen\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-05-20 18:17 - 2015-05-20 18:17 - 00000000 ____D () C:\Users\Swen\Documents\Simply Super Software
2015-05-20 18:05 - 2015-05-20 18:14 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2015-05-20 18:05 - 2015-05-20 18:05 - 00000000 ____D () C:\ProgramData\Licenses
2015-05-20 18:03 - 2015-05-20 18:03 - 01196832 _____ () C:\Users\Swen\Downloads\Trojan Remover - CHIP-Installer.exe
2015-05-19 19:47 - 2015-05-19 19:47 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Swen\Downloads\revosetup95.exe
2015-05-19 19:47 - 2015-05-19 19:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-19 19:46 - 2015-05-19 19:46 - 00032412 _____ () C:\Users\Swen\Downloads\Addition.txt
2015-05-19 19:45 - 2015-05-19 19:46 - 00043534 _____ () C:\Users\Swen\Downloads\FRST.txt
2015-05-19 19:44 - 2015-05-24 17:20 - 00000000 ____D () C:\FRST
2015-05-19 19:44 - 2015-05-19 19:45 - 00000000 ____D () C:\Users\Swen\Downloads\FRST-OlderVersion
2015-05-19 19:37 - 2015-05-19 19:45 - 02107904 _____ (Farbar) C:\Users\Swen\Downloads\FRST64.exe
2015-05-13 17:58 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 17:58 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 15:37 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 15:37 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 15:37 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 15:37 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 15:37 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 15:37 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 15:37 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 15:37 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 15:37 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 15:37 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 15:37 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 15:37 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-13 15:37 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 15:37 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 15:37 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 15:37 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-13 15:37 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 15:37 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 15:37 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-13 15:37 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 15:37 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-13 15:37 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 15:37 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 15:37 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 15:37 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 15:37 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 15:37 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 15:37 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-13 15:37 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 15:37 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-13 15:37 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 15:37 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-13 15:37 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 15:37 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 15:37 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 15:37 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 15:37 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 15:37 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 15:37 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 15:37 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 15:37 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 15:37 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 15:37 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 15:37 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 15:37 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 15:37 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-13 15:37 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 15:37 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-13 15:37 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 15:37 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-13 15:37 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 15:37 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-13 15:37 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-13 15:37 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-13 15:37 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-13 15:37 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-13 15:37 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 15:37 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 15:37 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 15:37 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-13 15:37 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-13 15:37 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-13 15:37 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-13 15:37 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-13 15:37 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-13 15:37 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-13 15:37 - 2015-03-13 02:29 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-13 15:37 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 15:37 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 15:37 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-13 15:37 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 15:37 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-13 15:37 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 15:37 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 15:37 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-13 15:37 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 15:37 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-13 15:37 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-09 12:28 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-05-09 12:28 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-05-08 12:24 - 2015-05-08 12:24 - 00848608 _____ (Perion, Inc. ) C:\Users\Swen\Downloads\IncrediMailCH (1).exe
2015-05-08 12:23 - 2015-05-08 12:23 - 00848608 _____ (Perion, Inc. ) C:\Users\Swen\Downloads\IncrediMailCH.exe
2015-05-08 12:08 - 2015-05-08 12:08 - 00000000 _____ () C:\Users\Swen\Sti_Trace.log
2015-05-08 11:45 - 2015-05-08 11:45 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-05-08 11:45 - 2015-05-08 11:45 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-05-08 11:45 - 2015-05-08 11:45 - 00000000 ____D () C:\Program Files\MSBuild
2015-05-08 11:45 - 2015-05-08 11:45 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-05-08 11:45 - 2015-05-08 11:45 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-05-08 11:42 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2015-05-08 11:42 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2015-05-08 11:39 - 2015-05-08 11:39 - 07905320 _____ (383 Media, Inc.) C:\Users\Swen\Downloads\DriverRestore.exe
2015-05-08 11:35 - 2015-05-08 11:35 - 00000957 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2015-05-08 11:35 - 2015-05-08 11:35 - 00000000 ____D () C:\Users\Swen\AppData\Roaming\InstallShield
2015-05-08 11:35 - 2015-05-08 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-05-08 11:35 - 2015-05-08 11:35 - 00000000 ____D () C:\ProgramData\EPSON
2015-05-08 11:35 - 2015-05-08 11:35 - 00000000 ____D () C:\Program Files (x86)\epson
2015-05-08 11:35 - 2007-07-13 00:00 - 00083968 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxcwiad.dll
2015-05-08 11:35 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
2015-05-08 11:35 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EPPicMgr.dll
2015-05-08 11:35 - 2006-10-31 00:10 - 00000097 _____ () C:\Windows\SysWOW64\PICSDK.ini
2015-05-08 11:35 - 2006-10-20 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
2015-05-08 11:35 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
2015-05-08 11:35 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
2015-05-08 11:35 - 2005-06-01 00:20 - 00111932 _____ () C:\Windows\SysWOW64\EPPICPrinterDB.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00031053 _____ () C:\Windows\SysWOW64\EPPICPattern131.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00027417 _____ () C:\Windows\SysWOW64\EPPICPattern121.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00026154 _____ () C:\Windows\SysWOW64\EPPICPattern1.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00024903 _____ () C:\Windows\SysWOW64\EPPICPattern3.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00021390 _____ () C:\Windows\SysWOW64\EPPICPattern5.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00020148 _____ () C:\Windows\SysWOW64\EPPICPattern2.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00013732 _____ () C:\Windows\SysWOW64\EPPICLocal_EN.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00011811 _____ () C:\Windows\SysWOW64\EPPICPattern4.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00006442 _____ () C:\Windows\SysWOW64\EPPICLocal_IT.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006347 _____ () C:\Windows\SysWOW64\EPPICLocal_PT.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006347 _____ () C:\Windows\SysWOW64\EPPICLocal_BP.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006335 _____ () C:\Windows\SysWOW64\EPPICLocal_GE.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006195 _____ () C:\Windows\SysWOW64\EPPICLocal_FR.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006195 _____ () C:\Windows\SysWOW64\EPPICLocal_CF.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006122 _____ () C:\Windows\SysWOW64\EPPICLocal_DU.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006103 _____ () C:\Windows\SysWOW64\EPPICLocal_ES.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00005817 _____ () C:\Windows\SysWOW64\EPPICLocal_KO.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00005436 _____ () C:\Windows\SysWOW64\EPPICLocal_SC.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00004943 _____ () C:\Windows\SysWOW64\EPPICPattern6.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00002889 _____ () C:\Windows\SysWOW64\EPPICLocal_RU.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00002426 _____ () C:\Windows\SysWOW64\EPPICLocal_TC.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00001146 _____ () C:\Windows\SysWOW64\EPPICPresetData_DU.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001139 _____ () C:\Windows\SysWOW64\EPPICPresetData_PT.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001139 _____ () C:\Windows\SysWOW64\EPPICPresetData_BP.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001136 _____ () C:\Windows\SysWOW64\EPPICPresetData_ES.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001129 _____ () C:\Windows\SysWOW64\EPPICPresetData_FR.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001129 _____ () C:\Windows\SysWOW64\EPPICPresetData_CF.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001120 _____ () C:\Windows\SysWOW64\EPPICPresetData_IT.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001107 _____ () C:\Windows\SysWOW64\EPPICPresetData_GE.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001104 _____ () C:\Windows\SysWOW64\EPPICPresetData_EN.dat
2015-05-08 11:34 - 2015-05-08 11:34 - 02719744 _____ () C:\Users\Swen\Downloads\epson320996eu.exe
2015-05-08 11:33 - 2015-05-08 11:34 - 16389632 _____ () C:\Users\Swen\Downloads\epson324601eu.exe
2015-05-08 11:33 - 2015-05-08 11:33 - 12313600 _____ () C:\Users\Swen\Downloads\epson324852eu.exe
2015-05-01 11:03 - 2015-05-01 11:03 - 00014848 ___SH () C:\Users\Swen\Downloads\Thumbs.db
2015-05-01 09:06 - 2015-05-01 09:06 - 28917914 _____ () C:\Users\Swen\Downloads\The CraftingFabo Pack V.2.zip
2015-05-01 09:05 - 2015-05-01 09:05 - 08697855 _____ () C:\Users\Swen\Downloads\BDcraft Sounds Pack.zip
2015-04-30 18:27 - 2015-04-30 18:27 - 00001319 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2015-04-30 18:27 - 2015-04-30 18:27 - 00001307 _____ () C:\Users\Public\Desktop\paint.net.lnk
2015-04-30 18:27 - 2015-04-30 18:27 - 00000000 ____D () C:\Program Files\paint.net
2015-04-30 18:26 - 2015-04-30 18:28 - 00000000 ____D () C:\Users\Swen\AppData\Local\paint.net
2015-04-30 18:24 - 2015-04-30 18:25 - 06528454 _____ () C:\Users\Swen\Downloads\paint.net.4.0.5.install.zip
2015-04-30 18:24 - 2015-04-30 18:24 - 01203488 _____ () C:\Users\Swen\Downloads\Paint NET - CHIP-Installer.exe
2015-04-25 11:50 - 2015-04-25 11:50 - 00000000 _____ () C:\Windows\SysWOW64\REND3E8.tmp
2015-04-25 11:49 - 2015-04-25 11:49 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 17:16 - 2015-03-21 21:46 - 00000000 ____D () C:\Users\Swen\AppData\Local\LogMeIn Hamachi
2015-05-24 17:13 - 2015-03-11 16:13 - 00000000 ___DO () C:\Users\Swen\OneDrive
2015-05-24 17:12 - 2015-03-11 17:59 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-24 17:12 - 2015-03-11 17:35 - 00000000 ____D () C:\Users\Swen\AppData\Roaming\TS3Client
2015-05-24 17:11 - 2015-03-12 11:09 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 17:11 - 2015-03-11 16:04 - 00000000 ____D () C:\Users\Swen
2015-05-24 17:11 - 2015-01-27 13:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-24 17:11 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 17:08 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-24 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-24 16:24 - 2015-03-12 11:09 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 14:52 - 2015-03-12 10:15 - 00000000 ____D () C:\Users\Swen\AppData\Roaming\SpeedMon
2015-05-24 14:51 - 2015-03-12 11:05 - 00000000 ____D () C:\Users\Swen\AppData\Local\CrashDumps
2015-05-24 14:51 - 2015-03-11 16:14 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2B00C7BB-9E69-454D-962B-0745937E41F6}
2015-05-23 22:02 - 2015-03-11 16:05 - 00001351 _____ () C:\Users\Swen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-22 15:37 - 2015-03-11 16:24 - 00000000 ____D () C:\Users\Swen\AppData\Roaming\.minecraft
2015-05-21 20:58 - 2015-03-21 21:34 - 00000000 ____D () C:\Users\Swen\AppData\Local\ftblauncher
2015-05-21 18:27 - 2015-03-21 21:53 - 06628862 _____ () C:\Users\Swen\Downloads\FTB_Launcher (1).exe
2015-05-21 18:27 - 2015-03-21 21:34 - 00000000 ____D () C:\Users\Swen\AppData\Roaming\ftblauncher
2015-05-20 18:16 - 2015-03-12 11:51 - 00003844 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1426153860
2015-05-20 18:16 - 2015-03-12 11:51 - 00001070 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-05-20 18:16 - 2015-03-12 11:51 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-20 18:13 - 2015-01-27 13:05 - 00000000 ____D () C:\ProgramData\Temp
2015-05-20 18:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-20 17:25 - 2015-04-12 12:59 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 17:25 - 2015-04-12 12:59 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 17:25 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-19 19:51 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-19 19:49 - 2015-01-27 13:22 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-05-19 19:39 - 2015-03-11 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-19 18:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-05-16 13:19 - 2015-03-12 11:09 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 13:19 - 2015-03-12 11:09 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 15:53 - 2015-03-11 16:27 - 00961024 ___SH () C:\Users\Swen\Desktop\Thumbs.db
2015-05-14 15:47 - 2015-04-14 20:17 - 00000000 ____D () C:\Users\Swen\AppData\Roaming\ZoomBrowser EX
2015-05-14 15:47 - 2015-04-14 20:14 - 00000000 ____D () C:\ProgramData\ZoomBrowser
2015-05-14 09:27 - 2013-08-22 16:44 - 00389048 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 22:53 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-13 22:53 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 17:57 - 2015-03-13 19:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 17:55 - 2015-03-13 19:36 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 17:50 - 2014-11-21 05:13 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-11 15:26 - 2015-03-11 17:37 - 00000000 ____D () C:\ProgramData\Origin
2015-05-08 19:01 - 2014-11-21 05:35 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-08 19:01 - 2014-11-21 04:45 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2015-05-08 19:01 - 2014-11-21 04:45 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2015-05-08 17:40 - 2015-03-11 16:05 - 00000000 ____D () C:\Users\Swen\AppData\Local\Packages
2015-05-08 12:23 - 2015-03-12 09:41 - 00000000 ____D () C:\Users\Swen\AppData\Local\IM
2015-05-08 11:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-05-08 11:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\MUI
2015-05-07 19:00 - 2015-03-31 12:28 - 00000000 ____D () C:\Users\Swen\Desktop\Foto
2015-05-05 19:59 - 2014-11-21 13:01 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2014-11-21 13:01 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-05 13:41 - 2015-03-11 16:33 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 13:41 - 2015-03-11 16:33 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-01 18:51 - 2015-01-27 13:29 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-01 18:51 - 2015-01-27 13:29 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-05-01 18:50 - 2015-01-27 13:29 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-05-01 18:50 - 2015-01-27 13:29 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-05-01 11:07 - 2015-03-22 17:59 - 00000000 ___HD () C:\Users\Swen\Desktop\[Originaldateien]
2015-04-25 11:50 - 2015-03-21 22:10 - 00000000 ____D () C:\Program Files\Java
2015-04-25 11:50 - 2015-03-21 22:00 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-25 11:50 - 2015-03-11 16:59 - 00000000 ____D () C:\ProgramData\Oracle

==================== Files in the root of some directories =======

2015-03-12 10:36 - 2015-03-12 10:40 - 0000041 _____ () C:\Users\Swen\AppData\Roaming\sversion.ini

Some files in TEMP:
====================
C:\Users\Swen\AppData\Local\Temp\avgnt.exe
C:\Users\Swen\AppData\Local\Temp\Quarantine.exe
C:\Users\Swen\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-22 13:35

==================== End of log ============================
         
Addition
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by Swen (administrator) on SWEN on 24-05-2015 17:20:02
Running from C:\Users\Swen\AppData\Local\Microsoft\Windows\INetCache\IE\OFYVUVUJ
Loaded Profiles: Swen (Available Profiles: Swen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Swen\AppData\Local\Microsoft\Windows\INetCache\IE\OFYVUVUJ\FRST64[1].exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-22] (Realtek Semiconductor)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ACPW08DE] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe [1813776 2014-09-17] (ACD Systems)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-12] (Electronic Arts)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-15] (Valve Corporation)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [444840 2015-03-12] (IncrediMail, Ltd.)
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [SpeedMon] => C:\Users\Swen\AppData\Roaming\SpeedMon\speedmon.exe [840206 2015-03-12] ()
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [ACDSeeCommanderPro8] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe [2141192 2014-12-17] ()
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de
HKU\S-1-5-21-3216707188-2497091474-2308484383-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.hyrican.de
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-25] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Swen\AppData\Roaming\Mozilla\Firefox\Profiles\ynYzYHPh.default
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-01-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-01-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Swen\AppData\Roaming\Mozilla\Firefox\Profiles\ynYzYHPh.default\Extensions\abs@avira.com [2015-03-11]
FF Extension: No Name - C:\Users\Swen\AppData\Roaming\Mozilla\Firefox\Profiles\ynYzYHPh.default\extensions\iobitascsurfingprotection@iobit.com [not found]

Chrome: 
=======
CHR Profile: C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12]
CHR Extension: (Google Docs) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12]
CHR Extension: (Google Drive) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-12]
CHR Extension: (YouTube) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12]
CHR Extension: (Adblock Plus) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-12]
CHR Extension: (Google Search) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12]
CHR Extension: (Google Sheets) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12]
CHR Extension: (Avira Browser Safety) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-12]
CHR Extension: (AdBlock) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-12]
CHR Extension: (Bookmark Manager) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Gmail) - C:\Users\Swen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) []
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-01] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-12] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 IAStorDataMgrSvc; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-25] (Avira Operations GmbH & Co. KG)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-01] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2014-09-06] (Windows (R) Win 7 DDK provider)
S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [227840 2013-09-25] (VIA Technologies, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [297472 2013-09-25] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 17:17 - 2015-05-24 17:17 - 00001633 _____ () C:\Users\Swen\Desktop\JRT.txt
2015-05-24 17:16 - 2015-05-24 17:16 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SWEN-Windows-8.1-(64-bit).dat
2015-05-24 17:16 - 2015-05-24 17:16 - 00000000 ____D () C:\RegBackup
2015-05-24 17:14 - 2015-05-24 17:14 - 00001398 _____ () C:\Users\Swen\Desktop\AdwCleaner[S4].txt
2015-05-24 17:06 - 2015-05-24 17:06 - 00001195 _____ () C:\Users\Swen\Desktop\mbam.txt
2015-05-24 16:49 - 2015-05-24 16:49 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Swen\Downloads\mbam-setup-2.1.6.1022 (1).exe
2015-05-24 14:46 - 2015-05-24 17:13 - 00007941 _____ () C:\Windows\WindowsUpdate.log
2015-05-23 23:03 - 2015-05-23 23:03 - 00081158 _____ () C:\Users\Swen\Downloads\Extras.Txt
2015-05-23 23:02 - 2015-05-23 23:02 - 00162106 _____ () C:\Users\Swen\Downloads\OTL.Txt
2015-05-23 22:56 - 2015-05-23 22:56 - 00602112 _____ (OldTimer Tools) C:\Users\Swen\Downloads\OTL.exe
2015-05-23 22:28 - 2015-05-23 22:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-23 22:20 - 2015-05-23 22:21 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Swen\Downloads\mbar-1.09.1.1004.exe
2015-05-23 22:04 - 2015-05-23 22:05 - 63320784 _____ (Microsoft Corporation) C:\Users\Swen\Downloads\IE11-Windows6.1-x64-de-de.exe
2015-05-23 21:27 - 2015-05-23 21:28 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Swen\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-21 15:51 - 2015-05-24 17:08 - 00000000 ____D () C:\AdwCleaner
2015-05-21 15:51 - 2015-05-23 21:36 - 02223104 _____ () C:\Users\Swen\Downloads\adwcleaner_4.205.exe
2015-05-21 15:50 - 2015-05-21 15:50 - 02209792 _____ () C:\Users\Swen\Downloads\adwcleaner_4.204.exe
2015-05-21 15:08 - 2015-05-24 17:05 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-21 15:08 - 2015-05-24 16:50 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-21 15:08 - 2015-05-24 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-21 15:08 - 2015-05-24 16:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-21 15:08 - 2015-05-21 15:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-21 15:08 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-21 15:08 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-21 15:08 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-21 15:06 - 2015-05-21 15:06 - 01196832 _____ () C:\Users\Swen\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-05-20 18:17 - 2015-05-20 18:17 - 00000000 ____D () C:\Users\Swen\Documents\Simply Super Software
2015-05-20 18:05 - 2015-05-20 18:14 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2015-05-20 18:05 - 2015-05-20 18:05 - 00000000 ____D () C:\ProgramData\Licenses
2015-05-20 18:03 - 2015-05-20 18:03 - 01196832 _____ () C:\Users\Swen\Downloads\Trojan Remover - CHIP-Installer.exe
2015-05-19 19:47 - 2015-05-19 19:47 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Swen\Downloads\revosetup95.exe
2015-05-19 19:47 - 2015-05-19 19:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-19 19:46 - 2015-05-19 19:46 - 00032412 _____ () C:\Users\Swen\Downloads\Addition.txt
2015-05-19 19:45 - 2015-05-19 19:46 - 00043534 _____ () C:\Users\Swen\Downloads\FRST.txt
2015-05-19 19:44 - 2015-05-24 17:20 - 00000000 ____D () C:\FRST
2015-05-19 19:44 - 2015-05-19 19:45 - 00000000 ____D () C:\Users\Swen\Downloads\FRST-OlderVersion
2015-05-19 19:37 - 2015-05-19 19:45 - 02107904 _____ (Farbar) C:\Users\Swen\Downloads\FRST64.exe
2015-05-13 17:58 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 17:58 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 15:37 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 15:37 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 15:37 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 15:37 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 15:37 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 15:37 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 15:37 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 15:37 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 15:37 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 15:37 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 15:37 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 15:37 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-13 15:37 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 15:37 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 15:37 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 15:37 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-13 15:37 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 15:37 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 15:37 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-13 15:37 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 15:37 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-13 15:37 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 15:37 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 15:37 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 15:37 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 15:37 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 15:37 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 15:37 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-13 15:37 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 15:37 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-13 15:37 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 15:37 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-13 15:37 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 15:37 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 15:37 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 15:37 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 15:37 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 15:37 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 15:37 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 15:37 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 15:37 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 15:37 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 15:37 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 15:37 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 15:37 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 15:37 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-13 15:37 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 15:37 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-13 15:37 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 15:37 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-13 15:37 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 15:37 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-13 15:37 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-13 15:37 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-13 15:37 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-13 15:37 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-13 15:37 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 15:37 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 15:37 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 15:37 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-13 15:37 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-13 15:37 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-13 15:37 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-13 15:37 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-13 15:37 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-13 15:37 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-13 15:37 - 2015-03-13 02:29 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-13 15:37 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 15:37 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 15:37 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-13 15:37 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 15:37 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-13 15:37 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 15:37 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 15:37 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-13 15:37 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 15:37 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-13 15:37 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-09 12:28 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-05-09 12:28 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-05-08 12:24 - 2015-05-08 12:24 - 00848608 _____ (Perion, Inc. ) C:\Users\Swen\Downloads\IncrediMailCH (1).exe
2015-05-08 12:23 - 2015-05-08 12:23 - 00848608 _____ (Perion, Inc. ) C:\Users\Swen\Downloads\IncrediMailCH.exe
2015-05-08 12:08 - 2015-05-08 12:08 - 00000000 _____ () C:\Users\Swen\Sti_Trace.log
2015-05-08 11:45 - 2015-05-08 11:45 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-05-08 11:45 - 2015-05-08 11:45 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-05-08 11:45 - 2015-05-08 11:45 - 00000000 ____D () C:\Program Files\MSBuild
2015-05-08 11:45 - 2015-05-08 11:45 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-05-08 11:45 - 2015-05-08 11:45 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-05-08 11:42 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2015-05-08 11:42 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2015-05-08 11:39 - 2015-05-08 11:39 - 07905320 _____ (383 Media, Inc.) C:\Users\Swen\Downloads\DriverRestore.exe
2015-05-08 11:35 - 2015-05-08 11:35 - 00000957 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2015-05-08 11:35 - 2015-05-08 11:35 - 00000000 ____D () C:\Users\Swen\AppData\Roaming\InstallShield
2015-05-08 11:35 - 2015-05-08 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-05-08 11:35 - 2015-05-08 11:35 - 00000000 ____D () C:\ProgramData\EPSON
2015-05-08 11:35 - 2015-05-08 11:35 - 00000000 ____D () C:\Program Files (x86)\epson
2015-05-08 11:35 - 2007-07-13 00:00 - 00083968 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxcwiad.dll
2015-05-08 11:35 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
2015-05-08 11:35 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EPPicMgr.dll
2015-05-08 11:35 - 2006-10-31 00:10 - 00000097 _____ () C:\Windows\SysWOW64\PICSDK.ini
2015-05-08 11:35 - 2006-10-20 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
2015-05-08 11:35 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
2015-05-08 11:35 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
2015-05-08 11:35 - 2005-06-01 00:20 - 00111932 _____ () C:\Windows\SysWOW64\EPPICPrinterDB.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00031053 _____ () C:\Windows\SysWOW64\EPPICPattern131.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00027417 _____ () C:\Windows\SysWOW64\EPPICPattern121.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00026154 _____ () C:\Windows\SysWOW64\EPPICPattern1.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00024903 _____ () C:\Windows\SysWOW64\EPPICPattern3.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00021390 _____ () C:\Windows\SysWOW64\EPPICPattern5.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00020148 _____ () C:\Windows\SysWOW64\EPPICPattern2.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00013732 _____ () C:\Windows\SysWOW64\EPPICLocal_EN.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00011811 _____ () C:\Windows\SysWOW64\EPPICPattern4.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00006442 _____ () C:\Windows\SysWOW64\EPPICLocal_IT.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006347 _____ () C:\Windows\SysWOW64\EPPICLocal_PT.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006347 _____ () C:\Windows\SysWOW64\EPPICLocal_BP.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006335 _____ () C:\Windows\SysWOW64\EPPICLocal_GE.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006195 _____ () C:\Windows\SysWOW64\EPPICLocal_FR.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006195 _____ () C:\Windows\SysWOW64\EPPICLocal_CF.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006122 _____ () C:\Windows\SysWOW64\EPPICLocal_DU.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00006103 _____ () C:\Windows\SysWOW64\EPPICLocal_ES.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00005817 _____ () C:\Windows\SysWOW64\EPPICLocal_KO.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00005436 _____ () C:\Windows\SysWOW64\EPPICLocal_SC.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00004943 _____ () C:\Windows\SysWOW64\EPPICPattern6.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00002889 _____ () C:\Windows\SysWOW64\EPPICLocal_RU.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00002426 _____ () C:\Windows\SysWOW64\EPPICLocal_TC.cfg
2015-05-08 11:35 - 2004-03-03 06:10 - 00001146 _____ () C:\Windows\SysWOW64\EPPICPresetData_DU.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001139 _____ () C:\Windows\SysWOW64\EPPICPresetData_PT.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001139 _____ () C:\Windows\SysWOW64\EPPICPresetData_BP.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001136 _____ () C:\Windows\SysWOW64\EPPICPresetData_ES.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001129 _____ () C:\Windows\SysWOW64\EPPICPresetData_FR.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001129 _____ () C:\Windows\SysWOW64\EPPICPresetData_CF.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001120 _____ () C:\Windows\SysWOW64\EPPICPresetData_IT.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001107 _____ () C:\Windows\SysWOW64\EPPICPresetData_GE.dat
2015-05-08 11:35 - 2004-03-03 06:10 - 00001104 _____ () C:\Windows\SysWOW64\EPPICPresetData_EN.dat
2015-05-08 11:34 - 2015-05-08 11:34 - 02719744 _____ () C:\Users\Swen\Downloads\epson320996eu.exe
2015-05-08 11:33 - 2015-05-08 11:34 - 16389632 _____ () C:\Users\Swen\Downloads\epson324601eu.exe
2015-05-08 11:33 - 2015-05-08 11:33 - 12313600 _____ () C:\Users\Swen\Downloads\epson324852eu.exe
2015-05-01 11:03 - 2015-05-01 11:03 - 00014848 ___SH () C:\Users\Swen\Downloads\Thumbs.db
2015-05-01 09:06 - 2015-05-01 09:06 - 28917914 _____ () C:\Users\Swen\Downloads\The CraftingFabo Pack V.2.zip
2015-05-01 09:05 - 2015-05-01 09:05 - 08697855 _____ () C:\Users\Swen\Downloads\BDcraft Sounds Pack.zip
2015-04-30 18:27 - 2015-04-30 18:27 - 00001319 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2015-04-30 18:27 - 2015-04-30 18:27 - 00001307 _____ () C:\Users\Public\Desktop\paint.net.lnk
2015-04-30 18:27 - 2015-04-30 18:27 - 00000000 ____D () C:\Program Files\paint.net
2015-04-30 18:26 - 2015-04-30 18:28 - 00000000 ____D () C:\Users\Swen\AppData\Local\paint.net
2015-04-30 18:24 - 2015-04-30 18:25 - 06528454 _____ () C:\Users\Swen\Downloads\paint.net.4.0.5.install.zip
2015-04-30 18:24 - 2015-04-30 18:24 - 01203488 _____ () C:\Users\Swen\Downloads\Paint NET - CHIP-Installer.exe
2015-04-25 11:50 - 2015-04-25 11:50 - 00000000 _____ () C:\Windows\SysWOW64\REND3E8.tmp
2015-04-25 11:49 - 2015-04-25 11:49 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 17:16 - 2015-03-21 21:46 - 00000000 ____D () C:\Users\Swen\AppData\Local\LogMeIn Hamachi
2015-05-24 17:13 - 2015-03-11 16:13 - 00000000 ___DO () C:\Users\Swen\OneDrive
2015-05-24 17:12 - 2015-03-11 17:59 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-24 17:12 - 2015-03-11 17:35 - 00000000 ____D () C:\Users\Swen\AppData\Roaming\TS3Client
2015-05-24 17:11 - 2015-03-12 11:09 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 17:11 - 2015-03-11 16:04 - 00000000 ____D () C:\Users\Swen
2015-05-24 17:11 - 2015-01-27 13:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-24 17:11 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 17:08 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-24 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-24 16:24 - 2015-03-12 11:09 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 14:52 - 2015-03-12 10:15 - 00000000 ____D () C:\Users\Swen\AppData\Roaming\SpeedMon
2015-05-24 14:51 - 2015-03-12 11:05 - 00000000 ____D () C:\Users\Swen\AppData\Local\CrashDumps
2015-05-24 14:51 - 2015-03-11 16:14 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2B00C7BB-9E69-454D-962B-0745937E41F6}
2015-05-23 22:02 - 2015-03-11 16:05 - 00001351 _____ () C:\Users\Swen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-22 15:37 - 2015-03-11 16:24 - 00000000 ____D () C:\Users\Swen\AppData\Roaming\.minecraft
2015-05-21 20:58 - 2015-03-21 21:34 - 00000000 ____D () C:\Users\Swen\AppData\Local\ftblauncher
2015-05-21 18:27 - 2015-03-21 21:53 - 06628862 _____ () C:\Users\Swen\Downloads\FTB_Launcher (1).exe
2015-05-21 18:27 - 2015-03-21 21:34 - 00000000 ____D () C:\Users\Swen\AppData\Roaming\ftblauncher
2015-05-20 18:16 - 2015-03-12 11:51 - 00003844 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1426153860
2015-05-20 18:16 - 2015-03-12 11:51 - 00001070 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-05-20 18:16 - 2015-03-12 11:51 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-20 18:13 - 2015-01-27 13:05 - 00000000 ____D () C:\ProgramData\Temp
2015-05-20 18:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-20 17:25 - 2015-04-12 12:59 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 17:25 - 2015-04-12 12:59 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 17:25 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-19 19:51 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-19 19:49 - 2015-01-27 13:22 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-05-19 19:39 - 2015-03-11 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-19 18:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-05-16 13:19 - 2015-03-12 11:09 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 13:19 - 2015-03-12 11:09 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 15:53 - 2015-03-11 16:27 - 00961024 ___SH () C:\Users\Swen\Desktop\Thumbs.db
2015-05-14 15:47 - 2015-04-14 20:17 - 00000000 ____D () C:\Users\Swen\AppData\Roaming\ZoomBrowser EX
2015-05-14 15:47 - 2015-04-14 20:14 - 00000000 ____D () C:\ProgramData\ZoomBrowser
2015-05-14 09:27 - 2013-08-22 16:44 - 00389048 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 22:53 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-13 22:53 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 17:57 - 2015-03-13 19:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 17:55 - 2015-03-13 19:36 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 17:50 - 2014-11-21 05:13 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-11 15:26 - 2015-03-11 17:37 - 00000000 ____D () C:\ProgramData\Origin
2015-05-08 19:01 - 2014-11-21 05:35 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-08 19:01 - 2014-11-21 04:45 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2015-05-08 19:01 - 2014-11-21 04:45 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2015-05-08 17:40 - 2015-03-11 16:05 - 00000000 ____D () C:\Users\Swen\AppData\Local\Packages
2015-05-08 12:23 - 2015-03-12 09:41 - 00000000 ____D () C:\Users\Swen\AppData\Local\IM
2015-05-08 11:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-05-08 11:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\MUI
2015-05-07 19:00 - 2015-03-31 12:28 - 00000000 ____D () C:\Users\Swen\Desktop\Foto
2015-05-05 19:59 - 2014-11-21 13:01 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2014-11-21 13:01 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-05 13:41 - 2015-03-11 16:33 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 13:41 - 2015-03-11 16:33 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-01 18:51 - 2015-01-27 13:29 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-01 18:51 - 2015-01-27 13:29 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-05-01 18:50 - 2015-01-27 13:29 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-05-01 18:50 - 2015-01-27 13:29 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-05-01 11:07 - 2015-03-22 17:59 - 00000000 ___HD () C:\Users\Swen\Desktop\[Originaldateien]
2015-04-25 11:50 - 2015-03-21 22:10 - 00000000 ____D () C:\Program Files\Java
2015-04-25 11:50 - 2015-03-21 22:00 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-25 11:50 - 2015-03-11 16:59 - 00000000 ____D () C:\ProgramData\Oracle

==================== Files in the root of some directories =======

2015-03-12 10:36 - 2015-03-12 10:40 - 0000041 _____ () C:\Users\Swen\AppData\Roaming\sversion.ini

Some files in TEMP:
====================
C:\Users\Swen\AppData\Local\Temp\avgnt.exe
C:\Users\Swen\AppData\Local\Temp\Quarantine.exe
C:\Users\Swen\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-22 13:35

==================== End of log ============================
         
Müsste alles sein hoffe ich

Alt 25.05.2015, 11:33   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SuggestedSites.dat Trojaner auf Windows 8 - Standard

SuggestedSites.dat Trojaner auf Windows 8



addition.txt fehlt, du hast zwei mal die FRST.txt gepostet...
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Wie man Programme richtig installiert

Backup mit DriveSnapshot

Das TB unterstützen

Alt 25.05.2015, 13:15   #8
SWEN2805
 
SuggestedSites.dat Trojaner auf Windows 8 - Standard

SuggestedSites.dat Trojaner auf Windows 8



Das tut mir Leid ich hatte FRST Nochmal als Addition.txt gespeichert aber als ich FRST nochmal gestartet habe ,wurde mir nur noch FRST Angezeigt? Wo ist mein Fehler?

Geändert von SWEN2805 (25.05.2015 um 13:16 Uhr) Grund: Wortfehler

Alt 25.05.2015, 13:32   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SuggestedSites.dat Trojaner auf Windows 8 - Standard

SuggestedSites.dat Trojaner auf Windows 8



Zitat:
Running from C:\Users\Swen\AppData\Local\Microsoft\Windows\INetCache\IE\OFYVUVUJ
Bitte die Anleitung in Zukunft genauer lesen und umsetzen!

Alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.

Mach es bitte mit FRST jetzt nochmal richtig.
FRST.exe auf den Desktop, per Doppelklick starten, sicherstellen, dass ein Haken bei Addition.txt gesetzt ist.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Wie man Programme richtig installiert

Backup mit DriveSnapshot

Das TB unterstützen

Antwort

Themen zu SuggestedSites.dat Trojaner auf Windows 8
angemeldet, angst, appdata, aufeinmal, browser, cache, ccleaner, entdeck, entdeckt, explorer, gemeldet, gestartet, helfer, interne, internetexplorer, microsoft, nichts, problem, schnelle, troja, trojaner, users, werbung, windows, zutun



Ähnliche Themen: SuggestedSites.dat Trojaner auf Windows 8


  1. Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002
    Log-Analyse und Auswertung - 11.09.2015 (60)
  2. Windows 7: Trojaner - Windows Updates, Firewall defekt
    Log-Analyse und Auswertung - 20.03.2015 (24)
  3. CCleaner "SuggestedSites.dat" obwohl IE nicht genutzt wird - Trojaner?
    Log-Analyse und Auswertung - 08.02.2015 (7)
  4. Windows 7: Nach BKA Trojaner Fehlermeldung beim Starten, Windows Sicherheitscenter kann nicht gestartet werden
    Log-Analyse und Auswertung - 18.11.2014 (9)
  5. SuggestedSites.dat entdeckt und beim GMER Scan ist system abgestützt (blue screen)
    Log-Analyse und Auswertung - 18.10.2014 (11)
  6. Trojaner "Suggestedsites.dat"
    Plagegeister aller Art und deren Bekämpfung - 10.02.2014 (43)
  7. Windows-Verschlüsselungs-Trojaner unter Windows 7 auf einem MAC
    Log-Analyse und Auswertung - 14.06.2012 (3)
  8. Nach BKA Trojaner, Windows Firewall deaktiviert sich (Windows XP)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  9. Willkomen bei Windows Update, Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 06.06.2012 (1)
  10. UKash Windows Secure Trojaner mit Windows XP eingefangen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  11. Windows Notfall Sicherheits Update Center - Windows XP Trojaner
    Log-Analyse und Auswertung - 21.05.2012 (2)
  12. Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (19)
  13. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  14. "Willkommen bei Windows Update Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 27.04.2012 (3)
  15. 'Windows Security Center' Trojaner - Windows-Benutzer gesperrt !
    Log-Analyse und Auswertung - 16.03.2012 (5)
  16. Windows Vista Home Premium 32-Bit Trojaner Windows gesperrt 50€ zahlen.
    Log-Analyse und Auswertung - 23.01.2012 (1)
  17. Trojaner Fake.AV c:\Users\Sexgott\AppData\Roaming\microsoft\Windows\start menu\Programs\windows reco
    Mülltonne - 28.04.2011 (1)

Zum Thema SuggestedSites.dat Trojaner auf Windows 8 - Hallo liebes Helferteam Ich habe ein Problem mit einem Vermeintlichen Trojaner Als ich letztens an meinem PC gearbeitet habe kam aufeinmal Werbung obwohl ich keinen Browser geöffnet habe.Also habe ich - SuggestedSites.dat Trojaner auf Windows 8...
Archiv
Du betrachtest: SuggestedSites.dat Trojaner auf Windows 8 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.