Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Ordner und Dateien auf externen Laufwerken werden nur als Verknüpfungen angezeigt (https://www.trojaner-board.de/158511-ordner-dateien-externen-laufwerken-nur-verknuepfungen-angezeigt.html)

Matziosika 10.09.2014 04:53
Ordner und Dateien auf externen Laufwerken werden nur als Verknüpfungen angezeigt
 
Guten Tag,

im vorhinein möchte ich mich für die angebotene Hilfe in diesem Forum bedanken!

Problembeschreibung:
Beim Anschließen von externen Laufwerken(USB-Stick, Handy, SD-Card,...) werden mir die Dateien und Ordner auf dem jeweiligen Medium nur als Verknüpfungen angezeigt. Die Verknüpfung verweist jeweils auf "C:\WINDOWS\system32". Nachdem ich unter den Ordneroptionen "Geschützte Systemdateien ausblenden (empfohlen)" deaktiviert habe, werden mir die Dateien und Ordner versteckt angezeigt.

Erste eingeleitete Schritte(chronologisch):
1) Antivir Systemscan ohne Fund
2) Scan mit Malwarebyte ohne Fund
3) Scan mit ADWcleaner mit Fund -> gelöscht(Logfile nicht gespeichert)
4) Durchführen von defoggger
5) Erstellen von Logfiles durch FRST
6) Scan mit GMER: öftere Fehlermeldung, dass Dateien nicht gescannt werden können, da sie durch andere Programme geöffnet sind(meines Erachtens waren alle Programme beendet)

Erstellte Logfiles:

A) FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Matthias (administrator) on LAPTOPMATTHIAS on 10-09-2014 04:49:01
Running from C:\Users\Matthias\Desktop\FRST
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Dropbox, Inc.) C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16384_x64__8wekyb3d8bbwe\glcnd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Matthias\Desktop\defogger\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016432 2013-03-07] (Synaptics Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [807696 2013-12-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] ( (Atheros Communications))
HKU\.DEFAULT\...\Run: [Mobile Partner] => C:\Program Files (x86)\MobileWiFi\MobileWiFi
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [Spotify Web Helper] => C:\Users\Matthias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-07] (Spotify Ltd)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [filename] => wscript.exe //B "C:\Users\Matthias\AppData\Local\Temp\filename.vbs" <===== ATTENTION
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {1a7cf42a-02ab-11e4-be9f-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {1a7cf487-02ab-11e4-be9f-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {1bff3dda-064a-11e4-bea2-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {4c8460df-0330-11e4-bea1-582c80139263} - "F:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {4c846f02-0330-11e4-bea1-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {4d0bbd82-f80b-11e3-be9b-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {6c166977-00c2-11e4-be9e-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {6c166cfc-00c2-11e4-be9e-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {b463a469-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {b463a6ab-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {b463ae5c-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {e48da9a5-ded8-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {e48da9f6-ded8-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {eaa3bc95-ef3e-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {eaa3bcbc-ef3e-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Matthias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-07] (Spotify Ltd)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [filename] => wscript.exe //B "C:\Users\Matthias\AppData\Local\Temp\filename.vbs" <===== ATTENTION
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1a7cf42a-02ab-11e4-be9f-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1a7cf487-02ab-11e4-be9f-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1bff3dda-064a-11e4-bea2-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4c8460df-0330-11e4-bea1-582c80139263} - "F:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4c846f02-0330-11e4-bea1-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4d0bbd82-f80b-11e3-be9b-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6c166977-00c2-11e4-be9e-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6c166cfc-00c2-11e4-be9e-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b463a469-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b463a6ab-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b463ae5c-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e48da9a5-ded8-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e48da9f6-ded8-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {eaa3bc95-ef3e-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {eaa3bcbc-ef3e-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.vbs ()
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - {6F8AE43D-7FF7-443E-B332-02E1C998FDA5} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {F3DEED0F-B681-42C8-ADC4-A6123CB8984D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {F3DEED0F-B681-42C8-ADC4-A6123CB8984D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {6F8AE43D-7FF7-443E-B332-02E1C998FDA5} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {F3DEED0F-B681-42C8-ADC4-A6123CB8984D} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1601235C-8BE2-42AD-A516-95A4B5503B4B}: [NameServer] 192.168.77.1

FireFox:
========
FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default
FF SearchEngineOrder.1: SuchMaschine
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\searchplugins\search_engine.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\Extensions\youtubeunblocker@unblocker.yt [2014-01-24]
FF Extension: DownloadHelper - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Adblock Plus - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\extensions\cliqz@cliqz.com

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-28] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [42040 2014-07-17] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-07] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; \SystemRoot\system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 04:48 - 2014-09-10 04:49 - 00000000 ____D () C:\FRST
2014-09-10 04:46 - 2014-09-10 04:46 - 00000000 _____ () C:\Users\Matthias\defogger_reenable
2014-09-10 04:39 - 2014-09-10 04:39 - 00000000 ____D () C:\Users\Matthias\Desktop\GMER
2014-09-10 04:38 - 2014-09-10 04:49 - 00000000 ____D () C:\Users\Matthias\Desktop\FRST
2014-09-10 04:37 - 2014-09-10 04:46 - 00000000 ____D () C:\Users\Matthias\Desktop\defogger
2014-09-10 02:54 - 2014-09-10 03:02 - 00000000 ____D () C:\AdwCleaner
2014-09-10 02:53 - 2014-09-10 02:54 - 00000000 ____D () C:\Users\Matthias\Desktop\adwcleaner
2014-09-10 01:19 - 2014-09-10 01:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Matthias\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-10 01:17 - 2014-09-10 01:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 01:16 - 2014-09-10 04:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-10 01:16 - 2014-09-10 03:08 - 00128728 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 01:13 - 2014-09-10 03:07 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-10 01:11 - 2014-09-10 01:13 - 00000000 ____D () C:\Users\Matthias\Desktop\Malwarebyte
2014-09-09 03:27 - 2014-09-09 03:27 - 00000911 _____ () C:\Users\Matthias\Downloads\Downloads - Verknüpfung.lnk
2014-09-06 07:24 - 2014-09-06 07:25 - 00000000 ____D () C:\Users\Matthias\Desktop\delete DRM
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\Users\Matthias\Documents\Epubsoft
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\ProgramData\Epubsoft
2014-09-06 07:22 - 2014-09-06 07:22 - 00002805 _____ () C:\Users\Public\Desktop\EPubsoft DRM Removal.lnk
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\Users\Matthias\Desktop\Ultimate-DRM-Removal-last
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\Program Files (x86)\EPUBSOFT
2014-09-06 07:20 - 2014-09-06 07:20 - 10050414 _____ () C:\Users\Matthias\Desktop\Ultimate-DRM-Removal-last.zip
2014-09-06 06:59 - 2014-09-06 06:59 - 00000000 ____D () C:\Users\Matthias\Desktop\tools_v6.0.9
2014-09-06 06:58 - 2014-09-06 06:58 - 01816358 _____ () C:\Users\Matthias\Desktop\tools_v6.0.9.zip
2014-09-06 06:34 - 2014-09-06 06:34 - 00000000 ____D () C:\Users\Matthias\AppData\Local\calibre-cache
2014-09-06 06:32 - 2014-09-06 08:20 - 00000000 ____D () C:\Users\Matthias\Desktop\Calibre
2014-09-06 06:29 - 2014-09-06 07:18 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\calibre
2014-09-06 06:28 - 2014-09-06 06:28 - 00000936 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-09-06 06:08 - 2014-09-06 06:08 - 01101648 _____ () C:\Users\Matthias\Downloads\Calibre 32 Bit - CHIP-Installer.exe
2014-09-02 07:27 - 2014-09-03 05:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-09-02 07:26 - 2014-09-02 07:26 - 00001050 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-02 07:26 - 2014-09-02 07:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-02 07:25 - 2014-09-02 07:25 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-02 07:22 - 2014-09-02 07:24 - 25597312 _____ () C:\Users\Matthias\Downloads\vlc-2.1.5-win32.exe
2014-08-31 20:58 - 2014-08-31 20:58 - 00003985 _____ () C:\Users\Matthias\AppData\Local\recently-used.xbel
2014-08-30 22:54 - 2014-08-30 22:54 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\DesktopIconGoodgame
2014-08-30 22:53 - 2014-08-30 22:53 - 01101648 _____ () C:\Users\Matthias\Downloads\Skype - CHIP-Installer.exe
2014-08-29 05:16 - 2014-08-28 18:35 - 05194858 ___SH () C:\Users\Matthias\Desktop\scanner 1.tif
2014-08-28 05:26 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-22 19:10 - 2014-08-22 19:10 - 00000738 _____ () C:\Users\Matthias\Desktop\File0006.lnk
2014-08-20 05:36 - 2014-08-20 05:36 - 00215162 _____ () C:\Users\Matthias\Desktop\bbbb.bmp
2014-08-20 05:32 - 2014-08-20 05:33 - 00215094 _____ () C:\Users\Matthias\Desktop\Neue Bitmap.bmp
2014-08-14 03:54 - 2014-08-02 05:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-13 15:39 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-13 15:39 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-13 15:39 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-13 15:39 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-13 15:39 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-13 15:39 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-13 15:39 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-13 15:39 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-13 15:39 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-13 15:39 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-13 15:39 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-13 15:39 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-13 15:39 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-13 15:39 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-13 15:39 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-13 15:39 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-13 15:39 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-13 15:39 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-13 15:39 - 2014-07-25 13:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-13 15:39 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 15:39 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-13 15:39 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-13 15:39 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-13 15:39 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-13 15:39 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-13 15:39 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-13 15:39 - 2014-07-25 13:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-13 15:39 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-13 15:39 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-13 15:39 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-13 15:39 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-13 15:39 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-13 15:39 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-13 15:39 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-13 15:39 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-13 15:37 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-13 15:37 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-13 15:37 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-13 15:37 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-13 15:37 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-13 15:37 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-13 15:36 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-13 15:35 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-13 15:35 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-13 15:35 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-13 15:35 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-13 15:35 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-13 15:35 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-13 15:35 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-13 15:35 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-13 15:35 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-13 15:35 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-13 15:35 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-13 15:35 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-13 15:35 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-13 15:35 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-13 15:35 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-13 15:35 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-13 15:35 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-13 15:35 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-13 15:35 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-13 15:35 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-13 15:35 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-13 15:35 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-13 15:35 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-13 15:35 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-13 15:35 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-13 15:35 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-13 15:35 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-13 15:35 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-13 15:35 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-13 15:35 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-13 15:35 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-13 15:35 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-13 15:35 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-13 15:35 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-13 15:35 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-13 15:35 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-13 15:35 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-13 15:35 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-13 15:35 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-13 15:35 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-13 15:35 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-13 15:35 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-13 15:35 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-13 15:35 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-13 15:35 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-13 15:35 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-13 15:35 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-13 15:35 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-13 15:35 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-13 15:35 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-13 15:35 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-13 15:35 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-13 15:27 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-13 15:27 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-13 15:27 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-13 15:27 - 2014-05-31 12:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-13 15:27 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-13 15:27 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-13 15:27 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-13 15:27 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-13 15:27 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-13 15:27 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-13 15:27 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-13 15:27 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-13 15:27 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-13 15:27 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-13 15:27 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-13 15:27 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-13 15:27 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-13 15:27 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-13 15:27 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-13 15:25 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-13 15:25 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-13 15:25 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-13 15:25 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-13 15:25 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-13 15:25 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-13 15:25 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-13 15:25 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-13 15:25 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-13 15:25 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-12 03:33 - 2014-08-28 19:21 - 00001117 _____ () C:\Users\Public\Desktop\Avira.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 04:49 - 2014-09-10 04:48 - 00000000 ____D () C:\FRST
2014-09-10 04:49 - 2014-09-10 04:38 - 00000000 ____D () C:\Users\Matthias\Desktop\FRST
2014-09-10 04:49 - 2014-08-01 15:55 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Skype
2014-09-10 04:46 - 2014-09-10 04:46 - 00000000 _____ () C:\Users\Matthias\defogger_reenable
2014-09-10 04:46 - 2014-09-10 04:37 - 00000000 ____D () C:\Users\Matthias\Desktop\defogger
2014-09-10 04:46 - 2014-01-14 13:09 - 00000000 ____D () C:\Users\Matthias
2014-09-10 04:39 - 2014-09-10 04:39 - 00000000 ____D () C:\Users\Matthias\Desktop\GMER
2014-09-10 04:27 - 2014-09-10 01:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-10 04:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-10 03:38 - 2014-01-10 11:11 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2766631942-3345956868-1473168875-1001
2014-09-10 03:10 - 2014-01-10 20:12 - 00000000 ___RD () C:\Users\Matthias\Dropbox
2014-09-10 03:09 - 2014-01-10 20:00 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Dropbox
2014-09-10 03:08 - 2014-09-10 01:16 - 00128728 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 03:07 - 2014-09-10 01:13 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-10 03:04 - 2013-11-14 00:18 - 00455688 _____ () C:\WINDOWS\PFRO.log
2014-09-10 03:04 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-10 03:03 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-10 03:02 - 2014-09-10 02:54 - 00000000 ____D () C:\AdwCleaner
2014-09-10 02:54 - 2014-09-10 02:53 - 00000000 ____D () C:\Users\Matthias\Desktop\adwcleaner
2014-09-10 01:21 - 2014-09-10 01:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Matthias\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-10 01:17 - 2014-09-10 01:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 01:17 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-10 01:17 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-09-10 01:17 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-09-10 01:13 - 2014-09-10 01:11 - 00000000 ____D () C:\Users\Matthias\Desktop\Malwarebyte
2014-09-09 20:41 - 2014-01-11 02:42 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\stickies
2014-09-09 09:17 - 2014-01-14 13:23 - 01319863 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-09 03:27 - 2014-09-09 03:27 - 00000911 _____ () C:\Users\Matthias\Downloads\Downloads - Verknüpfung.lnk
2014-09-08 05:22 - 2013-08-22 16:46 - 00331075 _____ () C:\WINDOWS\setupact.log
2014-09-08 00:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-07 10:51 - 2014-01-11 14:44 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Spotify
2014-09-07 10:51 - 2014-01-11 14:44 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Spotify
2014-09-06 08:20 - 2014-09-06 06:32 - 00000000 ____D () C:\Users\Matthias\Desktop\Calibre
2014-09-06 07:25 - 2014-09-06 07:24 - 00000000 ____D () C:\Users\Matthias\Desktop\delete DRM
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\Users\Matthias\Documents\Epubsoft
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\ProgramData\Epubsoft
2014-09-06 07:22 - 2014-09-06 07:22 - 00002805 _____ () C:\Users\Public\Desktop\EPubsoft DRM Removal.lnk
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\Users\Matthias\Desktop\Ultimate-DRM-Removal-last
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\Program Files (x86)\EPUBSOFT
2014-09-06 07:20 - 2014-09-06 07:20 - 10050414 _____ () C:\Users\Matthias\Desktop\Ultimate-DRM-Removal-last.zip
2014-09-06 07:18 - 2014-09-06 06:29 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\calibre
2014-09-06 06:59 - 2014-09-06 06:59 - 00000000 ____D () C:\Users\Matthias\Desktop\tools_v6.0.9
2014-09-06 06:58 - 2014-09-06 06:58 - 01816358 _____ () C:\Users\Matthias\Desktop\tools_v6.0.9.zip
2014-09-06 06:34 - 2014-09-06 06:34 - 00000000 ____D () C:\Users\Matthias\AppData\Local\calibre-cache
2014-09-06 06:28 - 2014-09-06 06:28 - 00000936 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-09-06 06:08 - 2014-09-06 06:08 - 01101648 _____ () C:\Users\Matthias\Downloads\Calibre 32 Bit - CHIP-Installer.exe
2014-09-05 01:08 - 2014-07-29 19:14 - 00000000 ____D () C:\Users\Matthias\.gimp-2.8
2014-09-03 05:52 - 2014-09-02 07:27 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-09-02 07:26 - 2014-09-02 07:26 - 00001050 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-02 07:26 - 2014-09-02 07:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-02 07:25 - 2014-09-02 07:25 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-02 07:24 - 2014-09-02 07:22 - 25597312 _____ () C:\Users\Matthias\Downloads\vlc-2.1.5-win32.exe
2014-08-31 20:58 - 2014-08-31 20:58 - 00003985 _____ () C:\Users\Matthias\AppData\Local\recently-used.xbel
2014-08-31 20:58 - 2014-07-30 22:47 - 00000000 ____D () C:\Users\Matthias\AppData\Local\gtk-2.0
2014-08-30 22:57 - 2014-08-01 15:54 - 00000000 ____D () C:\ProgramData\Skype
2014-08-30 22:54 - 2014-08-30 22:54 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\DesktopIconGoodgame
2014-08-30 22:53 - 2014-08-30 22:53 - 01101648 _____ () C:\Users\Matthias\Downloads\Skype - CHIP-Installer.exe
2014-08-28 19:21 - 2014-08-12 03:33 - 00001117 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-28 19:21 - 2014-08-09 02:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-28 19:21 - 2014-02-19 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-28 19:21 - 2014-02-19 00:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-28 19:15 - 2013-08-22 16:44 - 00362760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-28 18:35 - 2014-08-29 05:16 - 05194858 ___SH () C:\Users\Matthias\Desktop\scanner 1.tif
2014-08-28 06:17 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-24 01:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-23 02:42 - 2014-08-28 05:26 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-22 19:10 - 2014-08-22 19:10 - 00000738 _____ () C:\Users\Matthias\Desktop\File0006.lnk
2014-08-20 05:36 - 2014-08-20 05:36 - 00215162 _____ () C:\Users\Matthias\Desktop\bbbb.bmp
2014-08-20 05:33 - 2014-08-20 05:32 - 00215094 _____ () C:\Users\Matthias\Desktop\Neue Bitmap.bmp
2014-08-16 05:19 - 2014-01-13 14:57 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-16 05:15 - 2014-01-13 14:57 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-16 04:04 - 2014-08-01 15:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-14 22:01 - 2014-01-10 20:12 - 00001086 _____ () C:\Users\Matthias\Desktop\Dropbox.lnk
2014-08-14 22:01 - 2014-01-10 20:10 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-13 15:30 - 2014-04-16 02:25 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-13 15:30 - 2014-04-16 02:19 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-13 15:30 - 2014-04-16 00:00 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-13 15:30 - 2014-04-16 00:00 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-13 15:30 - 2014-04-16 00:00 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-13 15:30 - 2014-04-15 23:37 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-13 15:30 - 2014-04-09 15:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-13 15:30 - 2014-04-09 15:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-13 15:30 - 2014-03-29 19:57 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-13 15:30 - 2014-03-11 22:43 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-13 15:24 - 2014-06-11 07:02 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-12 07:22 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-12 03:53 - 2014-01-10 11:03 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Packages

Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\avgnt.exe
C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdbdyot.dll
C:\Users\Matthias\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Matthias\AppData\Local\Temp\Quarantine.exe
C:\Users\Matthias\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-09 23:02

==================== End Of Log ============================
--- --- ---


B) FRST Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Matthias at 2014-09-10 04:50:50
Running from C:\Users\Matthias\Desktop\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{44181DF6-2751-48C7-B918-72F14508F127}) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{4ED40090-5A38-415F-B222-26DD6D3C1AEF}) (Version: 2.2.0 - Kovid Goyal)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.0.1 - Cliqz.com)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.20.00.03 - Huawei Technologies Co.,Ltd)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.43 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stickies 7.1e (HKLM-x32\...\ZhornStickies) (Version:  - Zhorn Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.31 - Synaptics Incorporated)
Turbonett móvil (HKLM-x32\...\Turbonett móvil) (Version: 11.302.09.09.519 - Huawei Technologies Co.,Ltd)
Ultimate EPubsoft DRM Removal 8.5.5 (HKLM-x32\...\{49617AB8-5A31-44A7-95A6-BE6CE251A6F1}) (Version: 8.5.5 - EPUBSOFT)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2766631942-3345956868-1473168875-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2766631942-3345956868-1473168875-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2766631942-3345956868-1473168875-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2766631942-3345956868-1473168875-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2766631942-3345956868-1473168875-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2766631942-3345956868-1473168875-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2766631942-3345956868-1473168875-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2766631942-3345956868-1473168875-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2766631942-3345956868-1473168875-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

23-08-2014 23:39:14 Geplanter Prüfpunkt
28-08-2014 04:17:12 Windows Update
05-09-2014 02:05:47 Geplanter Prüfpunkt
06-09-2014 04:27:19 Installed calibre

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {126D0984-76FD-4D0F-B862-94595D28C643} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {191E0490-401B-4A02-AAD4-C4C4ACCA1588} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {1AB3DDF2-73A0-46AC-92CB-881493B59D39} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4EE48068-91E6-41F3-99C9-91E64F4191BB} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {673F7FF1-409E-420F-9F55-26D9223EEA86} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-01-23] (Acer Incorporated)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7689FF12-676F-4174-B5CF-8FA9F0CAE73A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {843D1255-E3E8-4FB0-8705-04F46D2EF61E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-16] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {CE0A42AA-EF39-44C0-BB03-9D3C9712424E} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D727F8AA-67AA-401F-B38A-7B6A6D4AAAE8} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-26] (Acer Incorporate)
Task: {D8363C53-9456-4A29-8D7B-02BEEA1F7F73} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E41F8FFD-8E2A-4B91-B50A-E1EC17D7C2E7} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2014-07-04 06:06 - 2013-01-28 04:49 - 00239184 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2013-02-28 18:05 - 2013-02-28 18:05 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-02-28 18:02 - 2013-02-28 18:02 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-02-28 18:06 - 2013-02-28 18:06 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-09-10 04:37 - 2014-09-10 04:37 - 00050477 _____ () C:\Users\Matthias\Desktop\defogger\Defogger.exe
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-09-10 03:06 - 2014-09-10 03:06 - 00043008 _____ () c:\users\matthias\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdbdyot.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Matthias\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-11 02:42 - 2014-01-11 02:42 - 00049152 _____ () C:\Program Files (x86)\Stickies\shook70.dll
2014-08-09 02:36 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\Matthias\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2013-09-25 22:31 - 2013-03-20 09:47 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-07-31 04:45 - 2014-07-31 04:45 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-25 23:11 - 2013-02-20 22:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKCU\...\StartupApproved\Run: => "PC Suite Tray"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"

==================== Faulty Device Manager Devices =============

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2014 03:41:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/10/2014 03:35:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 4a8

Startzeit: 01cfcc975cb4d6ce

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\wwahost.exe

Berichts-ID: cab04862-388a-11e4-beb8-3c77e69e7702

Vollständiger Name des fehlerhaften Pakets: Microsoft.BingHealthAndFitness_3.0.1.176_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppexHealthAndFitness

Error: (09/10/2014 03:04:40 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (09/08/2014 07:09:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/08/2014 07:07:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/08/2014 01:09:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156

Error: (09/08/2014 01:09:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156

Error: (09/08/2014 01:09:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/07/2014 00:01:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14578

Error: (09/07/2014 00:01:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14578


System errors:
=============
Error: (09/10/2014 03:39:22 AM) (Source: DCOM) (EventID: 10010) (User: LaptopMatthias)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/10/2014 03:38:52 AM) (Source: DCOM) (EventID: 10010) (User: LaptopMatthias)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/10/2014 03:04:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (09/10/2014 00:14:37 AM) (Source: DCOM) (EventID: 10010) (User: LaptopMatthias)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/10/2014 00:14:07 AM) (Source: DCOM) (EventID: 10010) (User: LaptopMatthias)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/08/2014 07:05:56 AM) (Source: DCOM) (EventID: 10010) (User: LaptopMatthias)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/08/2014 07:05:26 AM) (Source: DCOM) (EventID: 10010) (User: LaptopMatthias)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/08/2014 07:01:13 AM) (Source: DCOM) (EventID: 10010) (User: LaptopMatthias)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/08/2014 07:00:43 AM) (Source: DCOM) (EventID: 10010) (User: LaptopMatthias)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/08/2014 06:56:16 AM) (Source: DCOM) (EventID: 10010) (User: LaptopMatthias)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


Microsoft Office Sessions:
=========================
Error: (09/10/2014 03:41:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (09/10/2014 03:35:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.170314a801cfcc975cb4d6ce4294967295C:\WINDOWS\system32\wwahost.execab04862-388a-11e4-beb8-3c77e69e7702Microsoft.BingHealthAndFitness_3.0.1.176_x64__8wekyb3d8bbweAppexHealthAndFitness

Error: (09/10/2014 03:04:40 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (09/08/2014 07:09:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (09/08/2014 07:07:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (09/08/2014 01:09:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156

Error: (09/08/2014 01:09:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156

Error: (09/08/2014 01:09:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/07/2014 00:01:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14578

Error: (09/07/2014 00:01:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14578


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 47%
Total physical RAM: 3976.27 MB
Available physical RAM: 2083.01 MB
Total Pagefile: 4680.27 MB
Available Pagefile: 2253.5 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.61 GB) (Free:181.68 GB) NTFS
Drive d: (Kindle) (Removable) (Total:1.36 GB) (Free:1.04 GB) FAT32
Drive e: () (Removable) (Total:14.72 GB) (Free:4.33 GB) FAT32
Drive f: () (Removable) (Total:7.48 GB) (Free:3.94 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F75D8376)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: B3A44061)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)

========================================================
Disk: 2 (Size: 14.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 3 (Size: 1.4 GB) (Disk ID: 00000003)
Partition 1: (Not Active) - (Size=1.4 GB) - (Type=0B)

==================== End Of Log ============================
C) GMER:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-10 05:10:51
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002a TOSHIBA_MQ01ABF050 rev.AM001J 465,76GB
Running: e66l518i.exe; Driver: C:\Users\Matthias\AppData\Local\Temp\kgrdrpod.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3936] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                                                                                                00007ffe7e8c1f6a 4 bytes [8C, 7E, FE, 7F]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3936] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                                                                                                00007ffe7e8c1f82 4 bytes [8C, 7E, FE, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                00007ffe8765169a 4 bytes [65, 87, FE, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                00007ffe876516a2 4 bytes [65, 87, FE, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                    00007ffe8765181a 4 bytes [65, 87, FE, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                    00007ffe87651832 4 bytes [65, 87, FE, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1900] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                              00007ffe8765169a 4 bytes [65, 87, FE, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1900] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                              00007ffe876516a2 4 bytes [65, 87, FE, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1900] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                00007ffe8765181a 4 bytes [65, 87, FE, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1900] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                00007ffe87651832 4 bytes [65, 87, FE, 7F]
.text    C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4940] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                    00007ffe8765169a 4 bytes [65, 87, FE, 7F]
.text    C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4940] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                    00007ffe876516a2 4 bytes [65, 87, FE, 7F]
.text    C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4940] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                        00007ffe8765181a 4 bytes [65, 87, FE, 7F]
.text    C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4940] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                        00007ffe87651832 4 bytes [65, 87, FE, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [600:624]                                                                                                                                                                                    fffff960009c9b90
---- Processes - GMER 2.1 ----

Library  C:\Users\Matthias\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe [3712](2014-07-30 00:20:20)                                                0000000003dd0000
Library  c:\users\matthias\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfp0nue.dll (*** suspicious ***) @ C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe [3712](2014-09-10 03:03:09)  0000000004470000
Library  C:\Users\Matthias\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe [3712](2013-08-23 19:01:44)                                                      0000000064000000
Library  C:\Users\Matthias\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe [3712] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42)                        00000000619a0000

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                                                                                      unknown MBR code

---- EOF - GMER 2.1 ----

Auf Rückmeldung freue ich mich,
vielen Dank,
Matthias

schrauber 10.09.2014 06:35
hi,

http://www.filepony.de/icon/panda_usb_vaccine.png Panda USB Vaccine

Bitte lade Dir von hier Panda USB Vaccine herunter.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Matziosika 10.09.2014 07:54
Hallo,

1. USB Vaccine ausgeführt

2. MBAM:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10.09.2014
Scan Time: 07:52:04
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.10.03
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Matthias

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 336997
Time Elapsed: 23 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Bandoo, C:\Users\Matthias\Downloads\iLividSetup-r394-n-bf.exe, Quarantined, [df1c32b94f2c999dc6f1cf49c1405da3],

Physical Sectors: 0
(No malicious items detected)


(end)
3. ADWCleaner:
Code:
# AdwCleaner v3.309 - Bericht erstellt am 10/09/2014 um 08:31:17
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Matthias - LAPTOPMATTHIAS
# Gestartet von : C:\Users\Matthias\Desktop\adwcleaner\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2332 octets] - [10/09/2014 02:54:43]
AdwCleaner[R1].txt - [1016 octets] - [10/09/2014 05:35:57]
AdwCleaner[R2].txt - [1076 octets] - [10/09/2014 08:29:50]
AdwCleaner[S0].txt - [2223 octets] - [10/09/2014 03:02:27]
AdwCleaner[S1].txt - [1017 octets] - [10/09/2014 08:31:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1077 octets] ##########
4. Junkware Removal Tool:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Matthias on 10.09.2014 at  8:37:52,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"



~~~ FireFox

Emptied folder: C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\g1swjhou.default\minidumps [56 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.09.2014 at  8:42:38,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5. neues FRST-Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Matthias (administrator) on LAPTOPMATTHIAS on 10-09-2014 08:46:26
Running from C:\Users\Matthias\Desktop\FRST
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Dropbox, Inc.) C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016432 2013-03-07] (Synaptics Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [807696 2013-12-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] ( (Atheros Communications))
HKU\.DEFAULT\...\Run: [Mobile Partner] => C:\Program Files (x86)\MobileWiFi\MobileWiFi
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [Spotify Web Helper] => C:\Users\Matthias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-07] (Spotify Ltd)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [filename] => wscript.exe //B "C:\Users\Matthias\AppData\Local\Temp\filename.vbs" <===== ATTENTION
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {1a7cf42a-02ab-11e4-be9f-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {1a7cf487-02ab-11e4-be9f-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {1bff3dda-064a-11e4-bea2-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {4c8460df-0330-11e4-bea1-582c80139263} - "F:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {4c846f02-0330-11e4-bea1-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {4d0bbd82-f80b-11e3-be9b-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {6c166977-00c2-11e4-be9e-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {6c166cfc-00c2-11e4-be9e-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {b463a469-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {b463a6ab-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {b463ae5c-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {e48da9a5-ded8-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {e48da9f6-ded8-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {eaa3bc95-ef3e-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {eaa3bcbc-ef3e-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.vbs ()
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - {6F8AE43D-7FF7-443E-B332-02E1C998FDA5} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {F3DEED0F-B681-42C8-ADC4-A6123CB8984D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {F3DEED0F-B681-42C8-ADC4-A6123CB8984D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {6F8AE43D-7FF7-443E-B332-02E1C998FDA5} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {F3DEED0F-B681-42C8-ADC4-A6123CB8984D} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1601235C-8BE2-42AD-A516-95A4B5503B4B}: [NameServer] 192.168.77.1

FireFox:
========
FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default
FF SearchEngineOrder.1: SuchMaschine
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\searchplugins\search_engine.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\Extensions\youtubeunblocker@unblocker.yt [2014-01-24]
FF Extension: DownloadHelper - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Adblock Plus - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\extensions\cliqz@cliqz.com

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-28] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [42040 2014-07-17] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-07] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; \SystemRoot\system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 08:42 - 2014-09-10 08:42 - 00000822 _____ () C:\Users\Matthias\Desktop\JRT.txt
2014-09-10 08:37 - 2014-09-10 08:37 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-10 07:50 - 2014-09-10 07:50 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-10 07:50 - 2014-09-10 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-10 07:50 - 2014-09-10 07:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-10 07:50 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-09-10 07:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-10 07:47 - 2014-09-10 07:47 - 00003108 _____ () C:\WINDOWS\System32\Tasks\PandaUSBVaccine
2014-09-10 07:47 - 2014-09-10 07:47 - 00000000 ____D () C:\ProgramData\Panda Security
2014-09-10 07:47 - 2014-09-10 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-09-10 07:47 - 2014-09-10 07:47 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-09-10 07:45 - 2014-09-10 08:43 - 00000000 ____D () C:\Users\Matthias\Desktop\Junkware removal tool
2014-09-10 07:43 - 2014-09-10 08:21 - 00000000 ____D () C:\Users\Matthias\Desktop\Malwarebytes anti malware
2014-09-10 07:42 - 2014-09-10 07:42 - 00000000 ____D () C:\Users\Matthias\Desktop\USB Vaccine
2014-09-10 04:48 - 2014-09-10 08:46 - 00000000 ____D () C:\FRST
2014-09-10 04:46 - 2014-09-10 04:46 - 00000000 _____ () C:\Users\Matthias\defogger_reenable
2014-09-10 04:39 - 2014-09-10 05:10 - 00000000 ____D () C:\Users\Matthias\Desktop\GMER
2014-09-10 04:39 - 2014-09-10 04:39 - 00380416 _____ () C:\Users\Matthias\Desktop\e66l518i.exe
2014-09-10 04:38 - 2014-09-10 08:46 - 00000000 ____D () C:\Users\Matthias\Desktop\FRST
2014-09-10 04:37 - 2014-09-10 04:46 - 00000000 ____D () C:\Users\Matthias\Desktop\defogger
2014-09-10 02:54 - 2014-09-10 08:31 - 00000000 ____D () C:\AdwCleaner
2014-09-10 02:53 - 2014-09-10 08:34 - 00000000 ____D () C:\Users\Matthias\Desktop\adwcleaner
2014-09-10 01:19 - 2014-09-10 01:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Matthias\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-10 01:17 - 2014-09-10 07:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 01:16 - 2014-09-10 08:26 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 01:16 - 2014-09-10 08:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-10 01:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-10 01:11 - 2014-09-10 01:13 - 00000000 ____D () C:\Users\Matthias\Desktop\Malwarebyte
2014-09-09 03:27 - 2014-09-09 03:27 - 00000911 _____ () C:\Users\Matthias\Downloads\Downloads - Verknüpfung.lnk
2014-09-06 07:24 - 2014-09-06 07:25 - 00000000 ____D () C:\Users\Matthias\Desktop\delete DRM
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\Users\Matthias\Documents\Epubsoft
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\ProgramData\Epubsoft
2014-09-06 07:22 - 2014-09-06 07:22 - 00002805 _____ () C:\Users\Public\Desktop\EPubsoft DRM Removal.lnk
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\Users\Matthias\Desktop\Ultimate-DRM-Removal-last
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\Program Files (x86)\EPUBSOFT
2014-09-06 07:20 - 2014-09-06 07:20 - 10050414 _____ () C:\Users\Matthias\Desktop\Ultimate-DRM-Removal-last.zip
2014-09-06 06:59 - 2014-09-06 06:59 - 00000000 ____D () C:\Users\Matthias\Desktop\tools_v6.0.9
2014-09-06 06:58 - 2014-09-06 06:58 - 01816358 _____ () C:\Users\Matthias\Desktop\tools_v6.0.9.zip
2014-09-06 06:34 - 2014-09-06 06:34 - 00000000 ____D () C:\Users\Matthias\AppData\Local\calibre-cache
2014-09-06 06:32 - 2014-09-06 08:20 - 00000000 ____D () C:\Users\Matthias\Desktop\Calibre
2014-09-06 06:29 - 2014-09-06 07:18 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\calibre
2014-09-06 06:28 - 2014-09-06 06:28 - 00000936 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-09-06 06:08 - 2014-09-06 06:08 - 01101648 _____ () C:\Users\Matthias\Downloads\Calibre 32 Bit - CHIP-Installer.exe
2014-09-02 07:27 - 2014-09-03 05:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-09-02 07:26 - 2014-09-02 07:26 - 00001050 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-02 07:26 - 2014-09-02 07:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-02 07:25 - 2014-09-02 07:25 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-02 07:22 - 2014-09-02 07:24 - 25597312 _____ () C:\Users\Matthias\Downloads\vlc-2.1.5-win32.exe
2014-08-31 20:58 - 2014-08-31 20:58 - 00003985 _____ () C:\Users\Matthias\AppData\Local\recently-used.xbel
2014-08-30 22:54 - 2014-08-30 22:54 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\DesktopIconGoodgame
2014-08-30 22:53 - 2014-08-30 22:53 - 01101648 _____ () C:\Users\Matthias\Downloads\Skype - CHIP-Installer.exe
2014-08-29 05:16 - 2014-08-28 18:35 - 05194858 ___SH () C:\Users\Matthias\Desktop\scanner 1.tif
2014-08-28 05:26 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-22 19:10 - 2014-08-22 19:10 - 00000738 _____ () C:\Users\Matthias\Desktop\File0006.lnk
2014-08-20 05:36 - 2014-08-20 05:36 - 00215162 _____ () C:\Users\Matthias\Desktop\bbbb.bmp
2014-08-20 05:32 - 2014-08-20 05:33 - 00215094 _____ () C:\Users\Matthias\Desktop\Neue Bitmap.bmp
2014-08-14 03:54 - 2014-08-02 05:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-13 15:39 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-13 15:39 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-13 15:39 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-13 15:39 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-13 15:39 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-13 15:39 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-13 15:39 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-13 15:39 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-13 15:39 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-13 15:39 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-13 15:39 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-13 15:39 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-13 15:39 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-13 15:39 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-13 15:39 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-13 15:39 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-13 15:39 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-13 15:39 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-13 15:39 - 2014-07-25 13:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-13 15:39 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 15:39 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-13 15:39 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-13 15:39 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-13 15:39 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-13 15:39 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-13 15:39 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-13 15:39 - 2014-07-25 13:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-13 15:39 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-13 15:39 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-13 15:39 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-13 15:39 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-13 15:39 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-13 15:39 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-13 15:39 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-13 15:39 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-13 15:37 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-13 15:37 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-13 15:37 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-13 15:37 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-13 15:37 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-13 15:37 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-13 15:36 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-13 15:35 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-13 15:35 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-13 15:35 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-13 15:35 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-13 15:35 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-13 15:35 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-13 15:35 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-13 15:35 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-13 15:35 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-13 15:35 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-13 15:35 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-13 15:35 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-13 15:35 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-13 15:35 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-13 15:35 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-13 15:35 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-13 15:35 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-13 15:35 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-13 15:35 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-13 15:35 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-13 15:35 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-13 15:35 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-13 15:35 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-13 15:35 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-13 15:35 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-13 15:35 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-13 15:35 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-13 15:35 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-13 15:35 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-13 15:35 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-13 15:35 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-13 15:35 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-13 15:35 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-13 15:35 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-13 15:35 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-13 15:35 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-13 15:35 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-13 15:35 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-13 15:35 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-13 15:35 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-13 15:35 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-13 15:35 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-13 15:35 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-13 15:35 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-13 15:35 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-13 15:35 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-13 15:35 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-13 15:35 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-13 15:35 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-13 15:35 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-13 15:35 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-13 15:35 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-13 15:27 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-13 15:27 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-13 15:27 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-13 15:27 - 2014-05-31 12:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-13 15:27 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-13 15:27 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-13 15:27 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-13 15:27 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-13 15:27 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-13 15:27 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-13 15:27 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-13 15:27 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-13 15:27 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-13 15:27 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-13 15:27 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-13 15:27 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-13 15:27 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-13 15:27 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-13 15:27 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-13 15:25 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-13 15:25 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-13 15:25 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-13 15:25 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-13 15:25 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-13 15:25 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-13 15:25 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-13 15:25 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-13 15:25 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-13 15:25 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-12 03:33 - 2014-09-10 08:29 - 00001117 _____ () C:\Users\Public\Desktop\Avira.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 08:46 - 2014-09-10 04:48 - 00000000 ____D () C:\FRST
2014-09-10 08:46 - 2014-09-10 04:38 - 00000000 ____D () C:\Users\Matthias\Desktop\FRST
2014-09-10 08:44 - 2014-01-10 11:11 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2766631942-3345956868-1473168875-1001
2014-09-10 08:43 - 2014-09-10 07:45 - 00000000 ____D () C:\Users\Matthias\Desktop\Junkware removal tool
2014-09-10 08:42 - 2014-09-10 08:42 - 00000822 _____ () C:\Users\Matthias\Desktop\JRT.txt
2014-09-10 08:37 - 2014-09-10 08:37 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-10 08:35 - 2014-01-10 20:12 - 00000000 ___RD () C:\Users\Matthias\Dropbox
2014-09-10 08:35 - 2014-01-10 20:00 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Dropbox
2014-09-10 08:34 - 2014-09-10 02:53 - 00000000 ____D () C:\Users\Matthias\Desktop\adwcleaner
2014-09-10 08:33 - 2014-08-01 15:55 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Skype
2014-09-10 08:32 - 2013-11-14 00:18 - 00456892 _____ () C:\WINDOWS\PFRO.log
2014-09-10 08:32 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-10 08:31 - 2014-09-10 02:54 - 00000000 ____D () C:\AdwCleaner
2014-09-10 08:31 - 2014-01-14 13:23 - 01496645 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-10 08:31 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-10 08:29 - 2014-08-12 03:33 - 00001117 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-10 08:29 - 2014-08-09 02:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-10 08:29 - 2014-02-19 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-10 08:29 - 2014-02-19 00:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-10 08:26 - 2014-09-10 01:16 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 08:24 - 2014-01-11 02:42 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\stickies
2014-09-10 08:23 - 2014-09-10 01:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-10 08:21 - 2014-09-10 07:43 - 00000000 ____D () C:\Users\Matthias\Desktop\Malwarebytes anti malware
2014-09-10 08:19 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-09-10 08:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-10 07:50 - 2014-09-10 07:50 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-10 07:50 - 2014-09-10 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-10 07:50 - 2014-09-10 07:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-10 07:50 - 2014-09-10 01:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 07:47 - 2014-09-10 07:47 - 00003108 _____ () C:\WINDOWS\System32\Tasks\PandaUSBVaccine
2014-09-10 07:47 - 2014-09-10 07:47 - 00000000 ____D () C:\ProgramData\Panda Security
2014-09-10 07:47 - 2014-09-10 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-09-10 07:47 - 2014-09-10 07:47 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-09-10 07:42 - 2014-09-10 07:42 - 00000000 ____D () C:\Users\Matthias\Desktop\USB Vaccine
2014-09-10 05:10 - 2014-09-10 04:39 - 00000000 ____D () C:\Users\Matthias\Desktop\GMER
2014-09-10 04:46 - 2014-09-10 04:46 - 00000000 _____ () C:\Users\Matthias\defogger_reenable
2014-09-10 04:46 - 2014-09-10 04:37 - 00000000 ____D () C:\Users\Matthias\Desktop\defogger
2014-09-10 04:46 - 2014-01-14 13:09 - 00000000 ____D () C:\Users\Matthias
2014-09-10 04:39 - 2014-09-10 04:39 - 00380416 _____ () C:\Users\Matthias\Desktop\e66l518i.exe
2014-09-10 01:21 - 2014-09-10 01:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Matthias\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-10 01:17 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-10 01:17 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-09-10 01:17 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-09-10 01:13 - 2014-09-10 01:11 - 00000000 ____D () C:\Users\Matthias\Desktop\Malwarebyte
2014-09-09 03:27 - 2014-09-09 03:27 - 00000911 _____ () C:\Users\Matthias\Downloads\Downloads - Verknüpfung.lnk
2014-09-08 05:22 - 2013-08-22 16:46 - 00331075 _____ () C:\WINDOWS\setupact.log
2014-09-08 00:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-07 10:51 - 2014-01-11 14:44 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Spotify
2014-09-07 10:51 - 2014-01-11 14:44 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Spotify
2014-09-06 08:20 - 2014-09-06 06:32 - 00000000 ____D () C:\Users\Matthias\Desktop\Calibre
2014-09-06 07:25 - 2014-09-06 07:24 - 00000000 ____D () C:\Users\Matthias\Desktop\delete DRM
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\Users\Matthias\Documents\Epubsoft
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\ProgramData\Epubsoft
2014-09-06 07:22 - 2014-09-06 07:22 - 00002805 _____ () C:\Users\Public\Desktop\EPubsoft DRM Removal.lnk
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\Users\Matthias\Desktop\Ultimate-DRM-Removal-last
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\Program Files (x86)\EPUBSOFT
2014-09-06 07:20 - 2014-09-06 07:20 - 10050414 _____ () C:\Users\Matthias\Desktop\Ultimate-DRM-Removal-last.zip
2014-09-06 07:18 - 2014-09-06 06:29 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\calibre
2014-09-06 06:59 - 2014-09-06 06:59 - 00000000 ____D () C:\Users\Matthias\Desktop\tools_v6.0.9
2014-09-06 06:58 - 2014-09-06 06:58 - 01816358 _____ () C:\Users\Matthias\Desktop\tools_v6.0.9.zip
2014-09-06 06:34 - 2014-09-06 06:34 - 00000000 ____D () C:\Users\Matthias\AppData\Local\calibre-cache
2014-09-06 06:28 - 2014-09-06 06:28 - 00000936 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-09-06 06:08 - 2014-09-06 06:08 - 01101648 _____ () C:\Users\Matthias\Downloads\Calibre 32 Bit - CHIP-Installer.exe
2014-09-05 01:08 - 2014-07-29 19:14 - 00000000 ____D () C:\Users\Matthias\.gimp-2.8
2014-09-03 05:52 - 2014-09-02 07:27 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-09-02 07:26 - 2014-09-02 07:26 - 00001050 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-02 07:26 - 2014-09-02 07:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-02 07:25 - 2014-09-02 07:25 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-02 07:24 - 2014-09-02 07:22 - 25597312 _____ () C:\Users\Matthias\Downloads\vlc-2.1.5-win32.exe
2014-08-31 20:58 - 2014-08-31 20:58 - 00003985 _____ () C:\Users\Matthias\AppData\Local\recently-used.xbel
2014-08-31 20:58 - 2014-07-30 22:47 - 00000000 ____D () C:\Users\Matthias\AppData\Local\gtk-2.0
2014-08-30 22:57 - 2014-08-01 15:54 - 00000000 ____D () C:\ProgramData\Skype
2014-08-30 22:54 - 2014-08-30 22:54 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\DesktopIconGoodgame
2014-08-30 22:53 - 2014-08-30 22:53 - 01101648 _____ () C:\Users\Matthias\Downloads\Skype - CHIP-Installer.exe
2014-08-28 19:15 - 2013-08-22 16:44 - 00362760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-28 18:35 - 2014-08-29 05:16 - 05194858 ___SH () C:\Users\Matthias\Desktop\scanner 1.tif
2014-08-28 06:17 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-24 01:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-23 02:42 - 2014-08-28 05:26 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-22 19:10 - 2014-08-22 19:10 - 00000738 _____ () C:\Users\Matthias\Desktop\File0006.lnk
2014-08-20 05:36 - 2014-08-20 05:36 - 00215162 _____ () C:\Users\Matthias\Desktop\bbbb.bmp
2014-08-20 05:33 - 2014-08-20 05:32 - 00215094 _____ () C:\Users\Matthias\Desktop\Neue Bitmap.bmp
2014-08-16 05:19 - 2014-01-13 14:57 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-16 05:15 - 2014-01-13 14:57 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-16 04:04 - 2014-08-01 15:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-14 22:01 - 2014-01-10 20:12 - 00001086 _____ () C:\Users\Matthias\Desktop\Dropbox.lnk
2014-08-14 22:01 - 2014-01-10 20:10 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-13 15:30 - 2014-04-16 02:25 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-13 15:30 - 2014-04-16 02:19 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-13 15:30 - 2014-04-16 00:00 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-13 15:30 - 2014-04-16 00:00 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-13 15:30 - 2014-04-16 00:00 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-13 15:30 - 2014-04-15 23:37 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-13 15:30 - 2014-04-09 15:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-13 15:30 - 2014-04-09 15:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-13 15:30 - 2014-03-29 19:57 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-13 15:30 - 2014-03-11 22:43 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-13 15:24 - 2014-06-11 07:02 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-12 07:22 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-12 03:53 - 2014-01-10 11:03 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Packages

Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\avgnt.exe
C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk6fqoy.dll
C:\Users\Matthias\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Matthias\AppData\Local\Temp\Quarantine.exe
C:\Users\Matthias\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-09 23:02

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 10.09.2014 20:09

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Matziosika 11.09.2014 02:13
1. ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a0161edb54dce841906714f8c560c811
# engine=20094
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-11 12:29:44
# local_time=2014-09-11 02:29:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 27752 23813546 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 10308745 35276677 0 0
# scanned=253711
# found=10
# cleaned=0
# scan_time=8498
sh=07A151C36309CE520E4D2661DFA322488D45AE89 ft=0 fh=0000000000000000 vn="LNK/Agent.AK Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2766631942-3345956868-1473168875-1001\$R54M2CK.lnk"
sh=AC5DF9FC444063303AD1B13532DD8BD912CEBA40 ft=0 fh=0000000000000000 vn="LNK/Agent.AK Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2766631942-3345956868-1473168875-1001\$RQFIQLF.lnk"
sh=FED7CAA2E24771B66065C8D30131FC8037B6BD2A ft=1 fh=b41296876ed186e5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Matthias\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=C45E295A4F8C57A8A26187876B852B00385AEE31 ft=1 fh=92657eb204f0f992 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="VBS/Kryptik.BL Trojaner" ac=I fn="C:\Users\Matthias\AppData\Local\Temp\filename.vbs"
sh=D8F9876B6A799C3BE74326A825F684AB0A246102 ft=0 fh=0000000000000000 vn="VBS/Kryptik.BL Trojaner" ac=I fn="C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.vbs"
sh=F0A8D77C7AE0DB17687767691572F252AADC1A7B ft=0 fh=0000000000000000 vn="LNK/Agent.AK Trojaner" ac=I fn="C:\Users\Matthias\Desktop\File0006.lnk"
sh=E441CAA5F2ACDCB307262B3C093698D8B0BDEEBF ft=1 fh=a7c3ffa22a32a3f2 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Matthias\Downloads\dffsetup-d3dx9_34.exe"
sh=E0D69AA8A393FD98AC9899EF3A143C90DF1503F1 ft=1 fh=47978917b33c8b08 vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\Matthias\Downloads\vlc-2.1.2-win32.exe"
sh=9FEDDA5E2FBD7A1C43BA2D924AB1475AE96690C3 ft=1 fh=3daaad025b8f03d2 vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\Matthias\Downloads\vlc-2.1.5-win32.exe"
2. SecurityCheck:

Code:
Results of screen317's Security Check version 0.99.87 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop     
Windows Defender 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player        14.0.0.179 
 Mozilla Firefox (31.0)
 Mozilla Thunderbird (24.6.0)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
3. neues FRST:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Matthias (administrator) on LAPTOPMATTHIAS on 11-09-2014 03:05:21
Running from C:\Users\Matthias\Desktop\FRST
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Dropbox, Inc.) C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16384_x64__8wekyb3d8bbwe\glcnd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Users\Matthias\Desktop\security check\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016432 2013-03-07] (Synaptics Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [807696 2013-12-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] ( (Atheros Communications))
HKU\.DEFAULT\...\Run: [Mobile Partner] => C:\Program Files (x86)\MobileWiFi\MobileWiFi
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [Spotify Web Helper] => C:\Users\Matthias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-07] (Spotify Ltd)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [filename] => wscript.exe //B "C:\Users\Matthias\AppData\Local\Temp\filename.vbs" <===== ATTENTION
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {1a7cf42a-02ab-11e4-be9f-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {1a7cf487-02ab-11e4-be9f-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {1bff3dda-064a-11e4-bea2-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {4c8460df-0330-11e4-bea1-582c80139263} - "F:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {4c846f02-0330-11e4-bea1-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {4d0bbd82-f80b-11e3-be9b-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {6c166977-00c2-11e4-be9e-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {6c166cfc-00c2-11e4-be9e-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {b463a469-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {b463a6ab-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {b463ae5c-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {e48da9a5-ded8-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {e48da9f6-ded8-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {eaa3bc95-ef3e-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {eaa3bcbc-ef3e-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.vbs ()
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - {6F8AE43D-7FF7-443E-B332-02E1C998FDA5} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {F3DEED0F-B681-42C8-ADC4-A6123CB8984D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {F3DEED0F-B681-42C8-ADC4-A6123CB8984D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {6F8AE43D-7FF7-443E-B332-02E1C998FDA5} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {F3DEED0F-B681-42C8-ADC4-A6123CB8984D} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1601235C-8BE2-42AD-A516-95A4B5503B4B}: [NameServer] 192.168.77.1

FireFox:
========
FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default
FF SearchEngineOrder.1: SuchMaschine
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\searchplugins\search_engine.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\Extensions\youtubeunblocker@unblocker.yt [2014-01-24]
FF Extension: DownloadHelper - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Adblock Plus - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\extensions\cliqz@cliqz.com

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-28] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [42040 2014-07-17] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-07] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; \SystemRoot\system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 03:02 - 2014-09-11 03:03 - 00000000 ____D () C:\Users\Matthias\Desktop\security check
2014-09-10 23:59 - 2014-09-11 03:00 - 00000000 ____D () C:\Users\Matthias\Desktop\eset online scanner
2014-09-10 08:42 - 2014-09-10 08:42 - 00000822 _____ () C:\Users\Matthias\Desktop\JRT.txt
2014-09-10 08:37 - 2014-09-10 08:37 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-10 07:50 - 2014-09-10 07:50 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-10 07:50 - 2014-09-10 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-10 07:50 - 2014-09-10 07:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-10 07:50 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-09-10 07:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-10 07:47 - 2014-09-10 07:47 - 00003108 _____ () C:\WINDOWS\System32\Tasks\PandaUSBVaccine
2014-09-10 07:47 - 2014-09-10 07:47 - 00000000 ____D () C:\ProgramData\Panda Security
2014-09-10 07:47 - 2014-09-10 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-09-10 07:47 - 2014-09-10 07:47 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-09-10 07:45 - 2014-09-10 08:43 - 00000000 ____D () C:\Users\Matthias\Desktop\Junkware removal tool
2014-09-10 07:43 - 2014-09-10 08:21 - 00000000 ____D () C:\Users\Matthias\Desktop\Malwarebytes anti malware
2014-09-10 07:42 - 2014-09-10 07:42 - 00000000 ____D () C:\Users\Matthias\Desktop\USB Vaccine
2014-09-10 04:48 - 2014-09-11 03:05 - 00000000 ____D () C:\FRST
2014-09-10 04:46 - 2014-09-10 04:46 - 00000000 _____ () C:\Users\Matthias\defogger_reenable
2014-09-10 04:39 - 2014-09-10 05:10 - 00000000 ____D () C:\Users\Matthias\Desktop\GMER
2014-09-10 04:39 - 2014-09-10 04:39 - 00380416 _____ () C:\Users\Matthias\Desktop\e66l518i.exe
2014-09-10 04:38 - 2014-09-11 03:05 - 00000000 ____D () C:\Users\Matthias\Desktop\FRST
2014-09-10 04:37 - 2014-09-10 04:46 - 00000000 ____D () C:\Users\Matthias\Desktop\defogger
2014-09-10 02:54 - 2014-09-10 08:31 - 00000000 ____D () C:\AdwCleaner
2014-09-10 02:53 - 2014-09-10 08:34 - 00000000 ____D () C:\Users\Matthias\Desktop\adwcleaner
2014-09-10 01:19 - 2014-09-10 01:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Matthias\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-10 01:17 - 2014-09-10 07:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 01:16 - 2014-09-10 08:26 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 01:16 - 2014-09-10 08:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-10 01:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-10 01:11 - 2014-09-10 01:13 - 00000000 ____D () C:\Users\Matthias\Desktop\Malwarebyte
2014-09-09 03:27 - 2014-09-09 03:27 - 00000911 _____ () C:\Users\Matthias\Downloads\Downloads - Verknüpfung.lnk
2014-09-06 07:24 - 2014-09-06 07:25 - 00000000 ____D () C:\Users\Matthias\Desktop\delete DRM
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\Users\Matthias\Documents\Epubsoft
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\ProgramData\Epubsoft
2014-09-06 07:22 - 2014-09-06 07:22 - 00002805 _____ () C:\Users\Public\Desktop\EPubsoft DRM Removal.lnk
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\Users\Matthias\Desktop\Ultimate-DRM-Removal-last
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\Program Files (x86)\EPUBSOFT
2014-09-06 07:20 - 2014-09-06 07:20 - 10050414 _____ () C:\Users\Matthias\Desktop\Ultimate-DRM-Removal-last.zip
2014-09-06 06:59 - 2014-09-06 06:59 - 00000000 ____D () C:\Users\Matthias\Desktop\tools_v6.0.9
2014-09-06 06:58 - 2014-09-06 06:58 - 01816358 _____ () C:\Users\Matthias\Desktop\tools_v6.0.9.zip
2014-09-06 06:34 - 2014-09-06 06:34 - 00000000 ____D () C:\Users\Matthias\AppData\Local\calibre-cache
2014-09-06 06:32 - 2014-09-06 08:20 - 00000000 ____D () C:\Users\Matthias\Desktop\Calibre
2014-09-06 06:29 - 2014-09-06 07:18 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\calibre
2014-09-06 06:28 - 2014-09-06 06:28 - 00000936 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-09-06 06:08 - 2014-09-06 06:08 - 01101648 _____ () C:\Users\Matthias\Downloads\Calibre 32 Bit - CHIP-Installer.exe
2014-09-02 07:27 - 2014-09-03 05:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-09-02 07:26 - 2014-09-02 07:26 - 00001050 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-02 07:26 - 2014-09-02 07:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-02 07:25 - 2014-09-02 07:25 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-02 07:22 - 2014-09-02 07:24 - 25597312 _____ () C:\Users\Matthias\Downloads\vlc-2.1.5-win32.exe
2014-08-31 20:58 - 2014-08-31 20:58 - 00003985 _____ () C:\Users\Matthias\AppData\Local\recently-used.xbel
2014-08-30 22:54 - 2014-08-30 22:54 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\DesktopIconGoodgame
2014-08-30 22:53 - 2014-08-30 22:53 - 01101648 _____ () C:\Users\Matthias\Downloads\Skype - CHIP-Installer.exe
2014-08-29 05:16 - 2014-08-28 18:35 - 05194858 ___SH () C:\Users\Matthias\Desktop\scanner 1.tif
2014-08-28 05:26 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-22 19:10 - 2014-08-22 19:10 - 00000738 _____ () C:\Users\Matthias\Desktop\File0006.lnk
2014-08-20 05:36 - 2014-08-20 05:36 - 00215162 _____ () C:\Users\Matthias\Desktop\bbbb.bmp
2014-08-20 05:32 - 2014-08-20 05:33 - 00215094 _____ () C:\Users\Matthias\Desktop\Neue Bitmap.bmp
2014-08-14 03:54 - 2014-08-02 05:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-13 15:39 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-13 15:39 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-13 15:39 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-13 15:39 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-13 15:39 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-13 15:39 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-13 15:39 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-13 15:39 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-13 15:39 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-13 15:39 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-13 15:39 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-13 15:39 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-13 15:39 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-13 15:39 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-13 15:39 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-13 15:39 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-13 15:39 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-13 15:39 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-13 15:39 - 2014-07-25 13:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-13 15:39 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 15:39 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-13 15:39 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-13 15:39 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-13 15:39 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-13 15:39 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-13 15:39 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-13 15:39 - 2014-07-25 13:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-13 15:39 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-13 15:39 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-13 15:39 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-13 15:39 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-13 15:39 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-13 15:39 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-13 15:39 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-13 15:39 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-13 15:37 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-13 15:37 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-13 15:37 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-13 15:37 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-13 15:37 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-13 15:37 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-13 15:36 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-13 15:35 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-13 15:35 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-13 15:35 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-13 15:35 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-13 15:35 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-13 15:35 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-13 15:35 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-13 15:35 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-13 15:35 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-13 15:35 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-13 15:35 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-13 15:35 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-13 15:35 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-13 15:35 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-13 15:35 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-13 15:35 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-13 15:35 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-13 15:35 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-13 15:35 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-13 15:35 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-13 15:35 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-13 15:35 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-13 15:35 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-13 15:35 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-13 15:35 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-13 15:35 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-13 15:35 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-13 15:35 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-13 15:35 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-13 15:35 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-13 15:35 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-13 15:35 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-13 15:35 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-13 15:35 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-13 15:35 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-13 15:35 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-13 15:35 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-13 15:35 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-13 15:35 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-13 15:35 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-13 15:35 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-13 15:35 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-13 15:35 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-13 15:35 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-13 15:35 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-13 15:35 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-13 15:35 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-13 15:35 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-13 15:35 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-13 15:35 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-13 15:35 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-13 15:35 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-13 15:27 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-13 15:27 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-13 15:27 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-13 15:27 - 2014-05-31 12:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-13 15:27 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-13 15:27 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-13 15:27 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-13 15:27 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-13 15:27 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-13 15:27 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-13 15:27 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-13 15:27 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-13 15:27 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-13 15:27 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-13 15:27 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-13 15:27 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-13 15:27 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-13 15:27 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-13 15:27 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-13 15:25 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-13 15:25 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-13 15:25 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-13 15:25 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-13 15:25 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-13 15:25 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-13 15:25 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-13 15:25 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-13 15:25 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-13 15:25 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-12 03:33 - 2014-09-10 08:29 - 00001117 _____ () C:\Users\Public\Desktop\Avira.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 03:05 - 2014-09-10 04:48 - 00000000 ____D () C:\FRST
2014-09-11 03:05 - 2014-09-10 04:38 - 00000000 ____D () C:\Users\Matthias\Desktop\FRST
2014-09-11 03:03 - 2014-09-11 03:02 - 00000000 ____D () C:\Users\Matthias\Desktop\security check
2014-09-11 03:03 - 2014-08-01 15:55 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Skype
2014-09-11 03:00 - 2014-09-10 23:59 - 00000000 ____D () C:\Users\Matthias\Desktop\eset online scanner
2014-09-11 03:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-11 01:42 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-11 01:42 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-09-11 01:42 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-09-10 19:34 - 2014-01-10 11:11 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2766631942-3345956868-1473168875-1001
2014-09-10 18:44 - 2014-01-10 20:12 - 00000000 ___RD () C:\Users\Matthias\Dropbox
2014-09-10 18:44 - 2014-01-10 20:00 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Dropbox
2014-09-10 18:42 - 2014-01-11 02:42 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\stickies
2014-09-10 18:41 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-10 09:19 - 2014-01-14 13:23 - 01546447 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-10 08:43 - 2014-09-10 07:45 - 00000000 ____D () C:\Users\Matthias\Desktop\Junkware removal tool
2014-09-10 08:42 - 2014-09-10 08:42 - 00000822 _____ () C:\Users\Matthias\Desktop\JRT.txt
2014-09-10 08:37 - 2014-09-10 08:37 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-10 08:34 - 2014-09-10 02:53 - 00000000 ____D () C:\Users\Matthias\Desktop\adwcleaner
2014-09-10 08:32 - 2013-11-14 00:18 - 00456892 _____ () C:\WINDOWS\PFRO.log
2014-09-10 08:31 - 2014-09-10 02:54 - 00000000 ____D () C:\AdwCleaner
2014-09-10 08:31 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-10 08:29 - 2014-08-12 03:33 - 00001117 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-10 08:29 - 2014-08-09 02:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-10 08:29 - 2014-02-19 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-10 08:29 - 2014-02-19 00:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-10 08:26 - 2014-09-10 01:16 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 08:23 - 2014-09-10 01:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-10 08:23 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-09-10 08:21 - 2014-09-10 07:43 - 00000000 ____D () C:\Users\Matthias\Desktop\Malwarebytes anti malware
2014-09-10 07:50 - 2014-09-10 07:50 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-10 07:50 - 2014-09-10 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-10 07:50 - 2014-09-10 07:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-10 07:50 - 2014-09-10 01:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 07:47 - 2014-09-10 07:47 - 00003108 _____ () C:\WINDOWS\System32\Tasks\PandaUSBVaccine
2014-09-10 07:47 - 2014-09-10 07:47 - 00000000 ____D () C:\ProgramData\Panda Security
2014-09-10 07:47 - 2014-09-10 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-09-10 07:47 - 2014-09-10 07:47 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-09-10 07:42 - 2014-09-10 07:42 - 00000000 ____D () C:\Users\Matthias\Desktop\USB Vaccine
2014-09-10 05:10 - 2014-09-10 04:39 - 00000000 ____D () C:\Users\Matthias\Desktop\GMER
2014-09-10 04:46 - 2014-09-10 04:46 - 00000000 _____ () C:\Users\Matthias\defogger_reenable
2014-09-10 04:46 - 2014-09-10 04:37 - 00000000 ____D () C:\Users\Matthias\Desktop\defogger
2014-09-10 04:46 - 2014-01-14 13:09 - 00000000 ____D () C:\Users\Matthias
2014-09-10 04:39 - 2014-09-10 04:39 - 00380416 _____ () C:\Users\Matthias\Desktop\e66l518i.exe
2014-09-10 01:21 - 2014-09-10 01:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Matthias\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-10 01:13 - 2014-09-10 01:11 - 00000000 ____D () C:\Users\Matthias\Desktop\Malwarebyte
2014-09-09 03:27 - 2014-09-09 03:27 - 00000911 _____ () C:\Users\Matthias\Downloads\Downloads - Verknüpfung.lnk
2014-09-08 05:22 - 2013-08-22 16:46 - 00331075 _____ () C:\WINDOWS\setupact.log
2014-09-08 00:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-07 10:51 - 2014-01-11 14:44 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Spotify
2014-09-07 10:51 - 2014-01-11 14:44 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Spotify
2014-09-06 08:20 - 2014-09-06 06:32 - 00000000 ____D () C:\Users\Matthias\Desktop\Calibre
2014-09-06 07:25 - 2014-09-06 07:24 - 00000000 ____D () C:\Users\Matthias\Desktop\delete DRM
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\Users\Matthias\Documents\Epubsoft
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\ProgramData\Epubsoft
2014-09-06 07:22 - 2014-09-06 07:22 - 00002805 _____ () C:\Users\Public\Desktop\EPubsoft DRM Removal.lnk
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\Users\Matthias\Desktop\Ultimate-DRM-Removal-last
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\Program Files (x86)\EPUBSOFT
2014-09-06 07:20 - 2014-09-06 07:20 - 10050414 _____ () C:\Users\Matthias\Desktop\Ultimate-DRM-Removal-last.zip
2014-09-06 07:18 - 2014-09-06 06:29 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\calibre
2014-09-06 06:59 - 2014-09-06 06:59 - 00000000 ____D () C:\Users\Matthias\Desktop\tools_v6.0.9
2014-09-06 06:58 - 2014-09-06 06:58 - 01816358 _____ () C:\Users\Matthias\Desktop\tools_v6.0.9.zip
2014-09-06 06:34 - 2014-09-06 06:34 - 00000000 ____D () C:\Users\Matthias\AppData\Local\calibre-cache
2014-09-06 06:28 - 2014-09-06 06:28 - 00000936 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-09-06 06:08 - 2014-09-06 06:08 - 01101648 _____ () C:\Users\Matthias\Downloads\Calibre 32 Bit - CHIP-Installer.exe
2014-09-05 01:08 - 2014-07-29 19:14 - 00000000 ____D () C:\Users\Matthias\.gimp-2.8
2014-09-03 05:52 - 2014-09-02 07:27 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-09-02 07:26 - 2014-09-02 07:26 - 00001050 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-02 07:26 - 2014-09-02 07:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-02 07:25 - 2014-09-02 07:25 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-02 07:24 - 2014-09-02 07:22 - 25597312 _____ () C:\Users\Matthias\Downloads\vlc-2.1.5-win32.exe
2014-08-31 20:58 - 2014-08-31 20:58 - 00003985 _____ () C:\Users\Matthias\AppData\Local\recently-used.xbel
2014-08-31 20:58 - 2014-07-30 22:47 - 00000000 ____D () C:\Users\Matthias\AppData\Local\gtk-2.0
2014-08-30 22:57 - 2014-08-01 15:54 - 00000000 ____D () C:\ProgramData\Skype
2014-08-30 22:54 - 2014-08-30 22:54 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\DesktopIconGoodgame
2014-08-30 22:53 - 2014-08-30 22:53 - 01101648 _____ () C:\Users\Matthias\Downloads\Skype - CHIP-Installer.exe
2014-08-28 19:15 - 2013-08-22 16:44 - 00362760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-28 18:35 - 2014-08-29 05:16 - 05194858 ___SH () C:\Users\Matthias\Desktop\scanner 1.tif
2014-08-28 06:17 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-24 01:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-23 02:42 - 2014-08-28 05:26 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-22 19:10 - 2014-08-22 19:10 - 00000738 _____ () C:\Users\Matthias\Desktop\File0006.lnk
2014-08-20 05:36 - 2014-08-20 05:36 - 00215162 _____ () C:\Users\Matthias\Desktop\bbbb.bmp
2014-08-20 05:33 - 2014-08-20 05:32 - 00215094 _____ () C:\Users\Matthias\Desktop\Neue Bitmap.bmp
2014-08-16 05:19 - 2014-01-13 14:57 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-16 05:15 - 2014-01-13 14:57 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-16 04:04 - 2014-08-01 15:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-14 22:01 - 2014-01-10 20:12 - 00001086 _____ () C:\Users\Matthias\Desktop\Dropbox.lnk
2014-08-14 22:01 - 2014-01-10 20:10 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-13 15:30 - 2014-04-16 02:25 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-13 15:30 - 2014-04-16 02:19 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-13 15:30 - 2014-04-16 00:00 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-13 15:30 - 2014-04-16 00:00 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-13 15:30 - 2014-04-16 00:00 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-13 15:30 - 2014-04-15 23:37 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-13 15:30 - 2014-04-09 15:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-13 15:30 - 2014-04-09 15:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-13 15:30 - 2014-03-29 19:57 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-13 15:30 - 2014-03-11 22:43 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-13 15:24 - 2014-06-11 07:02 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-12 07:22 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-12 03:53 - 2014-01-10 11:03 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Packages

Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\avgnt.exe
C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1uhlbv.dll
C:\Users\Matthias\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Matthias\AppData\Local\Temp\Quarantine.exe
C:\Users\Matthias\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-09 23:02

==================== End Of Log ============================
--- --- ---

schrauber 11.09.2014 19:25
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\$Recycle.Bin
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [filename] => wscript.exe //B "C:\Users\Matthias\AppData\Local\Temp\filename.vbs" <===== ATTENTION
C:\Users\Matthias\AppData\Local\Temp\filename.vbs

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Matziosika 12.09.2014 01:40
1. Fixlog

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Matthias at 2014-09-12 02:23:48 Run:1
Running from C:\Users\Matthias\Desktop\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\$Recycle.Bin
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [filename] => wscript.exe //B "C:\Users\Matthias\AppData\Local\Temp\filename.vbs" <===== ATTENTION
C:\Users\Matthias\AppData\Local\Temp\filename.vbs
*****************

C:\$Recycle.Bin => Moved successfully.
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\Software\Microsoft\Windows\CurrentVersion\Run\\filename => value deleted successfully.
Could not move "C:\Users\Matthias\AppData\Local\Temp\filename.vbs" => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-12 02:29:06)<=

C:\Users\Matthias\AppData\Local\Temp\filename.vbs => Is moved successfully.

==== End of Fixlog ====
2. Von den externen Geräten müsste sämtliche Schadsoftware entfernt sein, oder?

3. Die abschließenden Schritte lasse ich nun folgen

4. Vielen Dank an dich, die Unterstützung war sehr hilfreich, schnell und kompetent! Danke!

Freundliche Grüße

schrauber 12.09.2014 20:12
Jap :)

Gern Geschehen :)

Matziosika 15.09.2014 04:24
Hallo,

leider melde ich mich nocheinmal.

Gerade eben wollte ich meine SD-Karte wiederbenutzen und es sind immernoch nur Verknüpfungen zu finden. Ich habe keine Verknüpfung angeklickt.

Bei unserer Bearbeitung hatte ich nur beim ESET-Scanner, weil ausdrücklich dazu aufgefordert, die externen Geräte angeschlossen. Hätten diese bei den weiteren Schritten angeschlossen sein müssen?
Kann es sein, dass die Kamera, für welche ich die Karte benutze, infiziert ist?

Freundliche Grüße,
Matthias

schrauber 15.09.2014 18:46
Poste mal ein frisches FRST log.

Matziosika 16.09.2014 02:00
Externe Geräte sind nicht angeschlossen.


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Matthias (administrator) on LAPTOPMATTHIAS on 16-09-2014 02:56:16
Running from C:\Users\Matthias\Desktop\FRST
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dropbox, Inc.) C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16384_x64__8wekyb3d8bbwe\glcnd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016432 2013-03-07] (Synaptics Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [807696 2013-12-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] ( (Atheros Communications))
HKU\.DEFAULT\...\Run: [Mobile Partner] => C:\Program Files (x86)\MobileWiFi\MobileWiFi
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [Spotify Web Helper] => C:\Users\Matthias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-07] (Spotify Ltd)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {1a7cf42a-02ab-11e4-be9f-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {1a7cf487-02ab-11e4-be9f-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {1bff3dda-064a-11e4-bea2-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {4c8460df-0330-11e4-bea1-582c80139263} - "F:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {4c846f02-0330-11e4-bea1-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {4d0bbd82-f80b-11e3-be9b-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {6c166977-00c2-11e4-be9e-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {6c166cfc-00c2-11e4-be9e-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {b463a469-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {b463a6ab-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {b463ae5c-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {e48da9a5-ded8-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {e48da9f6-ded8-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {eaa3bc95-ef3e-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {eaa3bcbc-ef3e-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Matthias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-07] (Spotify Ltd)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1a7cf42a-02ab-11e4-be9f-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1a7cf487-02ab-11e4-be9f-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1bff3dda-064a-11e4-bea2-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4c8460df-0330-11e4-bea1-582c80139263} - "F:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4c846f02-0330-11e4-bea1-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4d0bbd82-f80b-11e3-be9b-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6c166977-00c2-11e4-be9e-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6c166cfc-00c2-11e4-be9e-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b463a469-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b463a6ab-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b463ae5c-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e48da9a5-ded8-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e48da9f6-ded8-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {eaa3bc95-ef3e-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {eaa3bcbc-ef3e-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.vbs ()
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - {6F8AE43D-7FF7-443E-B332-02E1C998FDA5} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {F3DEED0F-B681-42C8-ADC4-A6123CB8984D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {F3DEED0F-B681-42C8-ADC4-A6123CB8984D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {6F8AE43D-7FF7-443E-B332-02E1C998FDA5} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {F3DEED0F-B681-42C8-ADC4-A6123CB8984D} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1601235C-8BE2-42AD-A516-95A4B5503B4B}: [NameServer] 192.168.77.1

FireFox:
========
FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default
FF SearchEngineOrder.1: SuchMaschine
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\searchplugins\search_engine.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\Extensions\youtubeunblocker@unblocker.yt [2014-01-24]
FF Extension: DownloadHelper - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Adblock Plus - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-13]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\extensions\cliqz@cliqz.com

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-28] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [42040 2014-07-17] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-07] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; \SystemRoot\system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 02:56 - 2014-09-16 02:56 - 00000000 ____D () C:\FRST
2014-09-14 05:11 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-13 20:48 - 2014-09-13 20:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 02:44 - 2014-09-12 02:46 - 00000959 _____ () C:\DelFix.txt
2014-09-11 16:26 - 2014-08-16 04:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-11 16:26 - 2014-08-16 04:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-11 16:26 - 2014-08-16 04:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-11 16:26 - 2014-08-16 04:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-11 16:26 - 2014-08-16 03:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-11 16:26 - 2014-08-16 03:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-11 16:26 - 2014-08-16 03:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-11 16:26 - 2014-08-16 03:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-11 16:26 - 2014-08-16 03:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-11 16:26 - 2014-08-16 03:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-11 16:26 - 2014-08-16 03:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-11 16:26 - 2014-08-16 03:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-11 16:26 - 2014-08-16 03:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-11 16:26 - 2014-08-16 03:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-11 16:26 - 2014-08-16 03:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-11 16:26 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-11 16:26 - 2014-08-16 03:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-11 16:26 - 2014-08-16 03:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-11 16:26 - 2014-08-16 03:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-11 16:26 - 2014-08-16 03:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-11 16:26 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-11 16:26 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 16:26 - 2014-08-16 02:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-11 16:26 - 2014-08-16 02:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-11 16:26 - 2014-08-16 02:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-11 16:26 - 2014-08-16 02:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-11 16:26 - 2014-08-16 02:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-11 16:26 - 2014-08-16 02:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-11 16:26 - 2014-08-16 02:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-11 16:26 - 2014-08-16 02:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-11 16:26 - 2014-08-16 02:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-11 16:26 - 2014-08-16 02:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-11 16:26 - 2014-08-16 02:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-11 16:26 - 2014-08-16 02:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-11 16:26 - 2014-08-16 02:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-11 15:58 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-11 15:58 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-11 15:58 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-10 08:37 - 2014-09-12 02:44 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-10 07:50 - 2014-09-10 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-10 07:50 - 2014-09-10 07:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-10 07:50 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-09-10 07:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-10 07:47 - 2014-09-10 07:47 - 00003108 _____ () C:\WINDOWS\System32\Tasks\PandaUSBVaccine
2014-09-10 07:47 - 2014-09-10 07:47 - 00000000 ____D () C:\ProgramData\Panda Security
2014-09-10 07:47 - 2014-09-10 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-09-10 07:47 - 2014-09-10 07:47 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-09-10 04:38 - 2014-09-16 02:56 - 00000000 ____D () C:\Users\Matthias\Desktop\FRST
2014-09-10 01:17 - 2014-09-10 07:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 01:16 - 2014-09-15 05:30 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 01:16 - 2014-09-10 08:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-10 01:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-09 03:27 - 2014-09-09 03:27 - 00000911 _____ () C:\Users\Matthias\Downloads\Downloads - Verknüpfung.lnk
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\Users\Matthias\Documents\Epubsoft
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\ProgramData\Epubsoft
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\Program Files (x86)\EPUBSOFT
2014-09-06 06:34 - 2014-09-06 06:34 - 00000000 ____D () C:\Users\Matthias\AppData\Local\calibre-cache
2014-09-06 06:29 - 2014-09-06 07:18 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\calibre
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-09-06 06:08 - 2014-09-06 06:08 - 01101648 _____ () C:\Users\Matthias\Downloads\Calibre 32 Bit - CHIP-Installer.exe
2014-09-02 07:27 - 2014-09-03 05:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-09-02 07:26 - 2014-09-02 07:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-02 07:25 - 2014-09-02 07:25 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-02 07:22 - 2014-09-02 07:24 - 25597312 _____ () C:\Users\Matthias\Downloads\vlc-2.1.5-win32.exe
2014-08-31 20:58 - 2014-08-31 20:58 - 00003985 _____ () C:\Users\Matthias\AppData\Local\recently-used.xbel
2014-08-30 22:54 - 2014-08-30 22:54 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\DesktopIconGoodgame
2014-08-30 22:53 - 2014-08-30 22:53 - 01101648 _____ () C:\Users\Matthias\Downloads\Skype - CHIP-Installer.exe
2014-08-29 05:16 - 2014-08-28 18:35 - 05194858 ___SH () C:\Users\Matthias\Desktop\scanner 1.tif
2014-08-28 05:26 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 02:56 - 2014-09-16 02:56 - 00000000 ____D () C:\FRST
2014-09-16 02:56 - 2014-09-10 04:38 - 00000000 ____D () C:\Users\Matthias\Desktop\FRST
2014-09-16 02:46 - 2014-08-01 15:55 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Skype
2014-09-16 02:22 - 2014-01-10 20:12 - 00000000 ___RD () C:\Users\Matthias\Dropbox
2014-09-16 02:22 - 2014-01-10 20:00 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Dropbox
2014-09-16 02:21 - 2014-01-11 02:42 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\stickies
2014-09-16 02:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-15 10:14 - 2014-01-14 13:23 - 01637255 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-15 05:30 - 2014-09-10 01:16 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 05:13 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-14 06:41 - 2014-01-10 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-14 03:28 - 2014-01-11 02:45 - 00000000 ____D () C:\Users\Matthias\Desktop\Programme
2014-09-14 01:33 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-13 20:48 - 2014-09-13 20:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 02:52 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-12 02:51 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-12 02:46 - 2014-09-12 02:44 - 00000959 _____ () C:\DelFix.txt
2014-09-12 02:44 - 2014-09-10 08:37 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-12 02:42 - 2014-01-14 13:09 - 00000000 ____D () C:\Users\Matthias
2014-09-12 02:16 - 2014-01-11 14:44 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Spotify
2014-09-11 16:27 - 2014-06-11 06:57 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-11 16:27 - 2014-06-11 06:57 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-11 16:27 - 2014-06-11 06:36 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-11 16:27 - 2014-06-11 06:36 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-11 16:27 - 2014-06-11 06:36 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-11 16:27 - 2014-06-11 06:36 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-11 16:27 - 2014-06-11 06:36 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-11 16:27 - 2014-06-11 06:36 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-11 16:27 - 2014-06-11 06:36 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-11 16:27 - 2014-06-11 06:36 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-11 16:27 - 2014-06-11 06:36 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-11 16:27 - 2014-06-11 06:36 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-11 16:27 - 2014-06-11 06:36 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-11 16:27 - 2014-06-11 06:36 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-11 16:27 - 2014-05-02 21:17 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-11 16:27 - 2014-05-02 21:17 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-11 04:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-11 03:17 - 2013-11-14 00:18 - 00457710 _____ () C:\WINDOWS\PFRO.log
2014-09-11 01:42 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-11 01:42 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-09-11 01:42 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-09-10 19:34 - 2014-01-10 11:11 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2766631942-3345956868-1473168875-1001
2014-09-10 08:29 - 2014-08-12 03:33 - 00001117 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-10 08:29 - 2014-08-09 02:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-10 08:29 - 2014-02-19 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-10 08:29 - 2014-02-19 00:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-10 08:23 - 2014-09-10 01:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-10 08:23 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-09-10 07:50 - 2014-09-10 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-10 07:50 - 2014-09-10 07:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-10 07:50 - 2014-09-10 01:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 07:47 - 2014-09-10 07:47 - 00003108 _____ () C:\WINDOWS\System32\Tasks\PandaUSBVaccine
2014-09-10 07:47 - 2014-09-10 07:47 - 00000000 ____D () C:\ProgramData\Panda Security
2014-09-10 07:47 - 2014-09-10 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-09-10 07:47 - 2014-09-10 07:47 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-09-09 03:27 - 2014-09-09 03:27 - 00000911 _____ () C:\Users\Matthias\Downloads\Downloads - Verknüpfung.lnk
2014-09-08 05:22 - 2013-08-22 16:46 - 00331075 _____ () C:\WINDOWS\setupact.log
2014-09-08 00:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-07 10:51 - 2014-01-11 14:44 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Spotify
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\Users\Matthias\Documents\Epubsoft
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\ProgramData\Epubsoft
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\Program Files (x86)\EPUBSOFT
2014-09-06 07:18 - 2014-09-06 06:29 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\calibre
2014-09-06 06:34 - 2014-09-06 06:34 - 00000000 ____D () C:\Users\Matthias\AppData\Local\calibre-cache
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-09-06 06:08 - 2014-09-06 06:08 - 01101648 _____ () C:\Users\Matthias\Downloads\Calibre 32 Bit - CHIP-Installer.exe
2014-09-05 01:08 - 2014-07-29 19:14 - 00000000 ____D () C:\Users\Matthias\.gimp-2.8
2014-09-03 05:52 - 2014-09-02 07:27 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-09-02 22:06 - 2014-07-09 18:32 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-02 22:06 - 2014-07-09 18:32 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-02 07:26 - 2014-09-02 07:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-02 07:25 - 2014-09-02 07:25 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-02 07:24 - 2014-09-02 07:22 - 25597312 _____ () C:\Users\Matthias\Downloads\vlc-2.1.5-win32.exe
2014-08-31 20:58 - 2014-08-31 20:58 - 00003985 _____ () C:\Users\Matthias\AppData\Local\recently-used.xbel
2014-08-31 20:58 - 2014-07-30 22:47 - 00000000 ____D () C:\Users\Matthias\AppData\Local\gtk-2.0
2014-08-30 22:57 - 2014-08-01 15:54 - 00000000 ____D () C:\ProgramData\Skype
2014-08-30 22:54 - 2014-08-30 22:54 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\DesktopIconGoodgame
2014-08-30 22:53 - 2014-08-30 22:53 - 01101648 _____ () C:\Users\Matthias\Downloads\Skype - CHIP-Installer.exe
2014-08-28 19:15 - 2013-08-22 16:44 - 00362760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-28 18:35 - 2014-08-29 05:16 - 05194858 ___SH () C:\Users\Matthias\Desktop\scanner 1.tif
2014-08-23 02:42 - 2014-08-28 05:26 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\avgnt.exe
C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnkos7e.dll
C:\Users\Matthias\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Matthias\AppData\Local\Temp\Quarantine.exe
C:\Users\Matthias\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-09 23:02

==================== End Of Log ============================
--- --- ---


Ester

schrauber 16.09.2014 19:35
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.vbs ()

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Ordneroptionen, versteckte Dateien sichtbar machen, Haken raus bei geschützte Dateien ausblenden. Siehst Du nun alle Originalordner und Files auf der Karte?

Matziosika 17.09.2014 23:22
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Matthias at 2014-09-18 00:19:50 Run:1
Running from C:\Users\Matthias\Desktop\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.vbs ()
*****************

C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.vbs not found.

==== End of Fixlog ====
Mit den umgestellten Einstellungen sind die Ordner zu sehen.

schrauber 18.09.2014 14:01
Rechtsklick Eigenschaften auf die Ordner, kannste den Haken bei versteckt und geschützt rausmachen?

Matziosika 19.09.2014 01:27
Den Haken für "schreibgeschützt" kann ich entfernen, für "versteckt" nicht.

Als ich gerade meine Handy anschließen wollte, hat AntiVir eine Autorun.inf in der Ausführung gestoppt. Das Handy war auch angeschlossen, als wir den Suchlauf mit den externen Geräten durchgeführt haben.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:05 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131