Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   winlogon.exe - ATRAPS.Gen (https://www.trojaner-board.de/159911-winlogon-exe-atraps-gen.html)

donma08 19.10.2014 23:29
winlogon.exe - ATRAPS.Gen
 
Liste der Anhänge anzeigen (Anzahl: 2)
Bekomme seit gerade von Avira die unten abgebildete Meldung + das Fenster (und 1 WIN-CMD Fenster). Klicke ich auf OK kommt es wieder und wieder und weider. Hab auch schon Malwarebytes drüberlaufen lassen. Nach dem entfernen ploppt das Fenster ca. 20x auf und bleibt dann wieder dauerhaft da. Was für ein Zeug ist das (hab in letzter Zeit KEINE Downloads getätigt). Nutze aktuellstes Win 8.1 :)

Malware-Log

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 20.10.2014
Suchlauf-Zeit: 00:15:51
Logdatei: mal.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.09.19.05
Rootkit Datenbank: v2014.10.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Matthias

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 303968
Verstrichene Zeit: 6 Min, 27 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 22
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\60.exe, 3408, , [bbc630bf7efd02347559fb27b050659b]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\395.exe, 1060, , [077a2fc0780337ffce0034ee34ccd030]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\985.exe, 1616, , [ff829b540378f244a826869cb14f5ea2]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\870.exe, 5620, , [2a578768334820168c421909ae528f71]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\211.exe, 4992, , [29580ae5215a6fc77757b66c8b75b34d]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\829.exe, 820, , [8af7aa45abd0d462c00ef032f907629e]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\174.exe, 5088, , [5a27c629bfbc50e65579c95940c0817f]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\967.exe, 6388, , [047da24d7b00a492e7e7cb570cf48d73]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\320.exe, 6664, , [c3be539cf08b76c0af1f3ee4629e7a86]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\662.exe, 6948, , [1a6702ed8cefe5515975170be02042be]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\264.exe, 6184, , [1d645a951764d95dc509d44ed729768a]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\932.exe, 7104, , [6021c32c6615db5b1db1be64e7193dc3]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\739.exe, 2480, , [324ff5fa176404323f8fdc4643bd19e7]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\545.exe, 1036, , [9de48f606318ca6c0dc1d64ced13a858]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\355.exe, 6152, , [bec308e7d8a3cf674a8469b9768ad729]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\205.exe, 5196, , [b0d1915e601b06305c72ab77f70912ee]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\214.exe, 5588, , [a0e1b03f3a41290d26a8e43eaf5105fb]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\554.exe, 900, , [2160f5fa7dfef442339b26fc629e23dd]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\175.exe, 752, , [6f1224cb176439fdc20cad7598687987]
Trojan.Dropper, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe, 360, , [c1c02fc06714ae88634cf80c13f0b14f]
Trojan.Agent, C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe, 6180, , [344d10dfee8d3bfb0b9c65cf9d6639c7]
Backdoor.Agent.DC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe, 3880, , [651cdb142e4de84e0879f20609faba46]

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 1
Malware.Trace, HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\DC3_FEXEC, , [5031559a394265d1b5c4dffc6d96ea16],

Registrierungswerte: 2
Backdoor.Agent.DCE, HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Winlogon, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe, , [2f526f801d5e989e81dca4cfdd2753ad]
Backdoor.Agent.DC, HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MicroUpdate, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe, , [651cdb142e4de84e0879f20609faba46]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 31
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\60.exe, , [bbc630bf7efd02347559fb27b050659b],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\395.exe, , [077a2fc0780337ffce0034ee34ccd030],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\985.exe, , [ff829b540378f244a826869cb14f5ea2],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\870.exe, , [2a578768334820168c421909ae528f71],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\211.exe, , [29580ae5215a6fc77757b66c8b75b34d],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\829.exe, , [8af7aa45abd0d462c00ef032f907629e],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\174.exe, , [5a27c629bfbc50e65579c95940c0817f],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\967.exe, , [047da24d7b00a492e7e7cb570cf48d73],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\320.exe, , [c3be539cf08b76c0af1f3ee4629e7a86],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\662.exe, , [1a6702ed8cefe5515975170be02042be],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\264.exe, , [1d645a951764d95dc509d44ed729768a],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\932.exe, , [6021c32c6615db5b1db1be64e7193dc3],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\739.exe, , [324ff5fa176404323f8fdc4643bd19e7],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\545.exe, , [9de48f606318ca6c0dc1d64ced13a858],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\355.exe, , [bec308e7d8a3cf674a8469b9768ad729],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\205.exe, , [b0d1915e601b06305c72ab77f70912ee],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\214.exe, , [a0e1b03f3a41290d26a8e43eaf5105fb],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\554.exe, , [2160f5fa7dfef442339b26fc629e23dd],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\175.exe, , [6f1224cb176439fdc20cad7598687987],
Backdoor.MSIL.PGen, C:\Users\Matthias\AppData\Roaming\loader_crypt.exe, , [1c65eb04403bb086ab5bd5c3bb457a86],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\886.exe, , [b9c829c67308ac8a06c8d84a916ffc04],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\71.exe, , [2f52549baecdaf87d3fb061cf30de61a],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\421.exe, , [8ef39a55adce21158549a280b44ccb35],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\552.exe, , [d3ae707f017a0b2bf0de0022f40cf10f],
Trojan.Dropper, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe, , [c1c02fc06714ae88634cf80c13f0b14f],
Trojan.Agent, C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe, , [344d10dfee8d3bfb0b9c65cf9d6639c7],
Trojan.Bitminer, C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.bat, , [671a6986ec8fd46256db046fa85cea16],
Trojan.Bitminer, C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.vbs, , [b2cfa34cc9b2181e230e165d4fb53dc3],
Trojan.Bitminer, C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\cpu.exe, , [9fe28a65770478be76bd076cea1af30d],
Backdoor.Agent.DCE, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe, , [2f526f801d5e989e81dca4cfdd2753ad],
Backdoor.Agent.DC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe, , [651cdb142e4de84e0879f20609faba46],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
AVIRA-Log

Zitat:
Exportierte Ereignisse:

19.10.2014 23:42 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\862.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

19.10.2014 23:42 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\862.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:33 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Matthias\AppData\Local\Temp\600.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.

19.10.2014 23:33 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Matthias\AppData\Local\Temp\818.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.

19.10.2014 23:33 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Matthias\AppData\Local\Temp\253.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\600.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\818.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\357.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\253.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\253.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\600.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\818.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\357.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\253.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\818.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\357.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\818.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\600.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\818.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\253.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\600.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\357.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\357.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\600.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\357.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\253.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\253.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\357.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\357.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19.10.2014 23:31 [System-Scanner] Malware gefunden
Die Datei 'A:\Final Fantasy XIII\white_data\prog\win\bin\steam_api.dll'
enthielt einen Virus oder unerwünschtes Programm 'SPR/Crack.890372' [riskware].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.

19.10.2014 23:31 [System-Scanner] Malware gefunden
Die Datei 'A:\Final Fantasy XIII\steam_api.dll'
enthielt einen Virus oder unerwünschtes Programm 'SPR/Crack.890372' [riskware].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.

19.10.2014 23:30 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Matthias\AppData\Local\Temp\442.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.

19.10.2014 23:30 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Matthias\AppData\Local\Temp\145.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.

19.10.2014 23:30 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matthias\AppData\Local\Temp\442.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Bootsektor 20.10.2014 01:09
:hallo:

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:
  • Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
  • Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
  • Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.


Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


donma08 20.10.2014 01:54
Hallo Sandra,
freue mich über hilfe ...und das um diese Uhrzeit - kann aber eh nicht schlafen :)



FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2014
Ran by Matthias (administrator) on MATTHIAS on 20-10-2014 02:51:08
Running from D:\
Loaded Profiles: Matthias &  (Available profiles: Matthias)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(FinalWire Ltd.) C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Outertech) C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe
(Dropbox, Inc.) C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NirSoft) C:\Windows\nircmd.exe
(NirSoft) C:\Windows\nircmd.exe
(NirSoft) C:\Windows\nircmd.exe
(NirSoft) C:\Windows\nircmd.exe
(NirSoft) C:\Windows\nircmd.exe
(NirSoft) C:\Windows\nircmd.exe
(NirSoft) C:\Windows\nircmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe
(Microsoft Corporation) C:\Windows\System32\control.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(AppWork GmbH) C:\Program Files\JDownloader\JDownloader2.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2014-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day0] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day1] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day2] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day3] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day4] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day5] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day6] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [AsrOMG_Day0] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [AsrOMG_Day1] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [AsrOMG_Day2] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [AsrOMG_Day3] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [AsrOMG_Day4] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [AsrOMG_Day5] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [AsrOMG_Day6] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [AsrOMG_Day0] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [AsrOMG_Day1] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [AsrOMG_Day2] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [AsrOMG_Day3] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [AsrOMG_Day4] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [AsrOMG_Day5] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [AsrOMG_Day6] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [AsrOMG_Day0] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [AsrOMG_Day1] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [AsrOMG_Day2] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [AsrOMG_Day3] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [AsrOMG_Day4] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [AsrOMG_Day5] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [AsrOMG_Day6] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\RunOnce: [AsrOMG_Day0] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\RunOnce: [AsrOMG_Day1] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\RunOnce: [AsrOMG_Day2] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\RunOnce: [AsrOMG_Day3] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\RunOnce: [AsrOMG_Day4] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\RunOnce: [AsrOMG_Day5] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\RunOnce: [AsrOMG_Day6] => [X]
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-13]

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-04-20]
CHR Extension: (Google*Übersetzer) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-04-20]
CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (Pushbullet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-04-20]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-04-20]
CHR Extension: (Session Buddy) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-04-20]
CHR Extension: (My JDownloader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2014-04-20]
CHR Extension: (Avira Browser Safety) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-04-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-04-20]
CHR Extension: (AdBlock) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-20]
CHR Extension: (Cr!Box) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp [2014-04-20]
CHR Extension: (In Google Drive speichern) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-04-20]
CHR Extension: (Scroll To Top) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegiignepmecppikdlbohnnbfjdoaghj [2014-04-20]
CHR Extension: (ModHeader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2014-07-15]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-04-20]
CHR Extension: (Panel View for Keep) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2014-04-20]
CHR Extension: (LongClick New Tab) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphlcgnallcfbnpgmblmlmkehbffnoph [2014-04-20]
CHR Extension: (Reload All Tabs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2014-04-20]
CHR Extension: (Hangouts) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-04-20]
CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-20]
CHR Extension: (Close Right) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\npemobdkdcknhfaiioheeffincgpgafj [2014-04-20]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Matthias\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe [51016 2014-08-21] (Google Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [326760 2014-09-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2014-07-20] (Realtek Semiconductor)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 [34136 2014-07-29] ()
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-07-09] (ASRock Incorporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
U0 obpgw; C:\Windows\System32\drivers\ltqaudkh.sys [79064 2014-10-20] (Malwarebytes Corporation)
U0 renwmrm; C:\Windows\System32\drivers\ncrgv.sys [79064 2014-10-20] (Malwarebytes Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [X]
S3 GPU-Z; \??\C:\Users\Matthias\AppData\Local\Temp\GPU-Z.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 02:29 - 2014-10-20 02:51 - 00000000 ____D () C:\FRST
2014-10-20 02:16 - 2014-10-20 02:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-20 01:04 - 2014-10-20 01:04 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\ltqaudkh.sys
2014-10-20 00:54 - 2014-10-20 00:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-20 00:54 - 2014-10-20 00:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-20 00:54 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-20 00:54 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-20 00:54 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-20 00:23 - 2014-10-20 00:23 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\ncrgv.sys
2014-10-19 23:27 - 2014-10-19 23:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-19 22:46 - 2014-10-19 22:46 - 00000000 __SHD () C:\Users\Matthias\AppData\Roaming\SubFolder
2014-10-19 14:31 - 2014-10-19 14:31 - 00000882 _____ () C:\Windows\setupact.log
2014-10-19 14:31 - 2014-10-19 14:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-19 05:54 - 2014-10-19 05:54 - 00000000 ____D () C:\Program Files\Calibre2
2014-10-19 05:15 - 2014-10-19 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy XIII
2014-10-14 20:32 - 2014-10-14 20:32 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-10-14 19:16 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 19:16 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 19:16 - 2014-09-10 08:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-10-14 19:16 - 2014-09-08 05:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-14 19:16 - 2014-09-08 05:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-14 19:16 - 2014-09-08 00:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-14 19:16 - 2014-09-05 00:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-14 19:16 - 2014-09-05 00:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-14 19:16 - 2014-09-04 05:15 - 00561416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-10-14 19:16 - 2014-09-04 05:14 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-10-14 19:16 - 2014-09-04 05:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-10-14 19:16 - 2014-09-04 04:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-10-14 19:16 - 2014-09-04 03:19 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-10-14 19:16 - 2014-09-04 03:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-10-14 19:16 - 2014-09-04 02:45 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-10-14 19:16 - 2014-09-04 02:41 - 01420288 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-14 19:16 - 2014-09-04 02:36 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-14 19:16 - 2014-09-04 02:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-10-14 19:16 - 2014-09-04 02:15 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-14 19:16 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-14 19:16 - 2014-09-04 01:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-14 19:16 - 2014-09-04 01:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-14 19:16 - 2014-08-31 02:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-10-14 19:16 - 2014-08-31 02:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-14 19:16 - 2014-08-31 00:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-14 19:16 - 2014-08-31 00:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-10-14 19:16 - 2014-08-30 23:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-10-14 19:16 - 2014-08-30 23:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-10-14 19:16 - 2014-08-30 22:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-10-14 19:16 - 2014-08-30 22:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-10-14 19:16 - 2014-08-28 04:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 19:16 - 2014-08-28 02:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-10-14 19:16 - 2014-08-28 02:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-10-14 19:16 - 2014-08-23 07:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-10-14 19:16 - 2014-08-23 07:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-10-14 19:16 - 2014-08-23 06:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-10-14 19:16 - 2014-08-02 02:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-10-14 19:16 - 2014-08-02 02:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-10-14 19:15 - 2014-09-28 00:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 19:15 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 19:15 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 19:15 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 19:15 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 19:15 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 19:15 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 19:15 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 19:15 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 19:15 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 19:15 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 19:15 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 19:15 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 19:15 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 19:15 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 19:15 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 19:15 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 19:15 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 19:15 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 19:15 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 19:15 - 2014-09-19 02:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 19:15 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 19:15 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 19:15 - 2014-09-19 02:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 19:15 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 19:15 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 19:15 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 19:15 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 19:15 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 19:15 - 2014-09-08 02:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-14 19:14 - 2014-09-13 08:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 19:14 - 2014-09-13 08:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 19:14 - 2014-09-13 07:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 19:14 - 2014-09-13 07:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 19:14 - 2014-09-08 05:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-14 19:14 - 2014-09-08 03:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-14 19:14 - 2014-09-08 03:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-14 19:14 - 2014-09-08 02:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-14 19:14 - 2014-09-08 02:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-14 19:14 - 2014-09-08 02:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-14 19:14 - 2014-09-08 02:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-14 19:14 - 2014-09-08 02:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-14 19:14 - 2014-09-08 02:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-14 19:14 - 2014-09-08 01:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-14 19:14 - 2014-09-08 01:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-14 19:14 - 2014-09-08 01:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-14 19:14 - 2014-09-08 01:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-14 19:14 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 19:14 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-09-29 20:25 - 2014-09-29 20:35 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\FileBot
2014-09-20 07:50 - 2014-09-17 06:51 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-09-20 07:50 - 2014-09-17 06:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-09-20 07:50 - 2014-09-17 06:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-09-20 07:50 - 2014-09-14 01:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00834880 _____ () C:\Windows\system32\nvmcumd.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 02:51 - 2014-07-05 23:47 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\NetSpeedMonitor
2014-10-20 02:32 - 2014-09-10 20:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-20 02:08 - 2014-04-20 17:40 - 00000000 ____D () C:\Program Files\JDownloader
2014-10-20 02:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-20 01:52 - 2014-04-20 09:32 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 01:24 - 2014-07-29 17:06 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-10-20 01:24 - 2014-04-20 09:19 - 01162765 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 01:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\L2Schemas
2014-10-20 00:37 - 2014-04-20 17:26 - 00014860 _____ () C:\Users\Matthias\Documents\metadata_db_prefs_backup.json
2014-10-20 00:37 - 2014-04-20 17:25 - 00185344 _____ () C:\Users\Matthias\Documents\metadata.db
2014-10-20 00:23 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-19 20:52 - 2014-04-20 09:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-19 20:21 - 2014-05-20 18:16 - 00005084 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MATTHIAS-Matthias Matthias
2014-10-19 08:44 - 2014-03-18 12:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-19 08:44 - 2014-03-18 11:25 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2014-10-19 08:44 - 2014-03-18 11:25 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2014-10-19 08:38 - 2014-04-20 17:21 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Dropbox
2014-10-19 08:38 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 08:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-19 08:26 - 2014-04-20 09:28 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-357331442-1347990815-2063067355-1001
2014-10-19 05:21 - 2014-06-07 19:32 - 00000000 ____D () C:\ProgramData\Steam
2014-10-17 20:47 - 2014-04-20 09:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 20:47 - 2014-04-20 09:32 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 20:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-17 15:16 - 2013-08-22 16:44 - 00434768 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 04:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-10-14 19:57 - 2014-03-18 03:51 - 00103448 _____ () C:\Windows\PFRO.log
2014-10-14 19:55 - 2014-06-07 19:12 - 00101329 _____ () C:\Windows\DirectX.log
2014-10-14 19:49 - 2014-04-21 02:26 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-14 19:49 - 2014-04-20 17:49 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 19:49 - 2014-04-20 17:49 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2014-10-14 19:26 - 2014-05-01 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-14 19:26 - 2014-05-01 18:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-14 19:26 - 2014-04-20 09:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 19:26 - 2013-08-22 15:25 - 00000167 _____ () C:\Windows\win.ini
2014-10-14 19:24 - 2014-04-20 09:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 17:01 - 2014-06-12 02:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-14 04:33 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias
2014-10-13 15:22 - 2014-08-13 16:06 - 00000000 ____D () C:\Users\Matthias\Downloads\LiveSetup
2014-10-13 15:15 - 2014-04-20 17:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-13 15:15 - 2014-04-20 17:47 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-03 22:35 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Packages
2014-10-01 23:48 - 2014-04-20 09:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-30 00:45 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-30 00:45 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-20 19:12 - 2014-07-29 17:06 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-20 07:51 - 2014-05-17 17:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-20 07:51 - 2014-05-17 17:46 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\avgnt.exe
C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp365go7.dll
C:\Users\Matthias\AppData\Local\Temp\proxy_vole2341580373285448016.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-19 08:26

==================== End Of Log ============================
--- --- ---

--- --- ---




Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-10-2014
Ran by Matthias at 2014-10-20 02:51:27
Running from D:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{755DDD59-9690-4F1A-BE9C-D39BDCFA77C9}) (Version: 12.1.3.153 - Adobe Systems, Inc)
AIDA64 Extreme v4.60 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.60 - FinalWire Ltd.)
ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
A-Tuning v2.0.51.1 (HKLM-x32\...\A-Tuning_is1) (Version: 2.0.51.1 - )
Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
calibre 64bit (HKLM\...\{FA9B4DB2-986E-4CFB-BB54-1D7EFB747E5D}) (Version: 2.6.0 - Kovid Goyal)
Chrome Remote Desktop Host (HKLM-x32\...\{61F565EB-B101-4EBE-89BB-EF0AA3F2FFB8}) (Version: 38.0.2125.9 - Google Inc.)
Clipboard History (HKLM-x32\...\ClipboardHistory) (Version: 2.0 - Outertech)
Dropbox (HKCU\...\Dropbox) (Version: 2.11.28 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Final Fantasy XIII (HKLM-x32\...\RmluYWxGYW50YXN5WElJSQ==_is1) (Version: 1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel(R) Network Connections 19.1.51.0 (Version: 19.1.51.0 - Intel) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60830 (HKLM-x32\...\{9dba0447-b749-41ea-90bc-2aa19a9eb580}) (Version: 11.0.60830.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Systemsteuerung 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
ZOTAC FireStorm (HKLM-x32\...\ZOTAC FireStorm) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

14-10-2014 06:07:42 Geplanter Prüfpunkt
19-10-2014 03:54:04 Removed calibre 64bit

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {029F2A3B-41C9-4133-A412-9232DB15C921} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0BC32B2D-93F4-45F4-B338-9BC59A6EB744} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {1F2D7BAE-62D4-4467-A97F-CD9E86C0B564} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2A6136D7-4328-45F8-8103-89D3671F96C5} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4DBCF4FA-4C43-478B-8694-C6C613DDBB11} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {5143121E-9F73-4FEF-B0C8-B93C31515BB2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-14] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {7353CD31-57DB-4A2F-BA6A-E92C87310380} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7B7B54AC-2096-4501-A7B6-A3F27C625BB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-20] (Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9EDC9185-48C1-41E0-9907-D3946760D44F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-20] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A6CD4944-7B2E-46DB-B3D4-12498FFA36F4} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {A9B946C6-71F6-4504-A414-449D3B0347DF} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {AB7590CF-E753-4E98-BDF1-43B416A4C545} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MATTHIAS-Matthias Matthias => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {B7ABDADF-8CF0-4DE0-8C7E-4FA3EB397C73} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {CB7AB92B-CE34-41D3-A177-4DA7352D66A0} - System32\Tasks\AIDA64 AutoStart => C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe [2014-07-29] (FinalWire Ltd.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D29726FE-5A61-421C-92C3-E4C42C833391} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCE3D606-9E17-4E65-B72D-0EF3F4603DE5} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {ECED11F4-FB82-4015-9EE2-74E3E0DC5D64} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-17 17:46 - 2014-09-13 23:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-09 21:46 - 2013-05-28 17:58 - 00454656 _____ () C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
2014-10-15 05:11 - 2014-10-10 03:31 - 01366856 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-15 05:11 - 2014-10-10 03:31 - 00204616 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-15 05:11 - 2014-10-10 03:31 - 10578760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-15 05:11 - 2014-10-10 03:31 - 01859400 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
2014-10-19 22:46 - 2014-10-19 22:46 - 01552384 ____N () C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe
2014-10-20 02:08 - 2014-10-20 02:08 - 00040448 ____N () C:\Users\Matthias\AppData\Local\Temp\proxy_vole2341580373285448016.dll
2014-10-20 02:08 - 2014-10-20 02:08 - 00566439 _____ () C:\Program Files\JDownloader\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2014-10-20 02:08 - 2014-10-20 02:08 - 04078962 _____ () C:\Program Files\JDownloader\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2014-10-19 08:38 - 2014-10-19 08:38 - 00098816 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32api.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00110080 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\pywintypes27.dll
2014-10-19 08:38 - 2014-10-19 08:38 - 00364544 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\pythoncom27.dll
2014-10-19 08:38 - 2014-10-19 08:38 - 00045568 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\_socket.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 01160704 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\_ssl.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00320512 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32com.shell.shell.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00713216 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\_hashlib.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 01175040 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\wx._core_.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00805888 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\wx._gdi_.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00811008 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\wx._windows_.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 01062400 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\wx._controls_.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00735232 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\wx._misc_.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00128512 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\_elementtree.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00127488 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\pyexpat.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00557056 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\pysqlite2._sqlite.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00007168 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\hashobjs_ext.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00087552 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\_ctypes.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00119808 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32file.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00108544 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32security.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00018432 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32event.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00038912 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32inet.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00070656 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\wx._html2.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00167936 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32gui.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00011264 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32crypt.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00027136 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\_multiprocessing.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00686080 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\unicodedata.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00122368 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\wx._wizard.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00010240 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\select.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00024064 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32pipe.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00025600 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32pdh.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00525640 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\windows._lib_cacheinvalidation.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00035840 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32process.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00017408 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32profile.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00022528 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32ts.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00078336 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\wx._animate.pyd
2010-11-22 15:26 - 2010-11-22 15:26 - 00047880 _____ () C:\Program Files (x86)\ClipboardHistory\ClipboardHotkey.dll
2014-09-19 01:32 - 2014-09-19 01:32 - 00750080 _____ () C:\Users\Matthias\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-10-19 08:38 - 2014-10-19 08:38 - 00043008 _____ () c:\users\matthias\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp365go7.dll
2014-09-19 01:32 - 2014-09-19 01:32 - 00047616 _____ () C:\Users\Matthias\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-09-19 01:32 - 2014-09-19 01:32 - 00863744 _____ () C:\Users\Matthias\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-09-19 01:32 - 2014-09-19 01:32 - 00200704 _____ () C:\Users\Matthias\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-04-20 11:05 - 2013-09-03 16:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00113171 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 02396691 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00268307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00031251 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00066579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00296979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2013-10-04 16:40 - 2014-07-29 15:55 - 00012814 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libsrpos2186_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 02043411 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00100371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00244243 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00076307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00045587 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00060947 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00531475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00708627 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00114195 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00040467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00133139 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01512467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01248787 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00054291 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00038419 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00189971 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00091667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00067603 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00077331 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00074259 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00016403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libtta_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00023059 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00021523 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libwav_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00929299 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsid_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00118803 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00144403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libogg_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01194003 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 11148307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00036371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00292371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00017939 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01280019 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00018451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00336403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00344595 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00198675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00027155 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015891 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01393171 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00146451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00022035 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00733203 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00026131 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00171027 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 10447379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00746515 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00026643 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00587283 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00113683 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00053779 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00016915 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00032275 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00020499 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00017427 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00068115 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00130579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00168979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00058899 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01496083 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00013331 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00383507 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00021011 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00017427 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKCU\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"

========================= Accounts: ==========================

Administrator (S-1-5-21-357331442-1347990815-2063067355-500 - Administrator - Disabled)
Gast (S-1-5-21-357331442-1347990815-2063067355-501 - Limited - Disabled)
Matthias (S-1-5-21-357331442-1347990815-2063067355 - Administrator - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/20/2014 02:16:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/20/2014 02:16:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/20/2014 02:16:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/20/2014 02:15:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/20/2014 01:25:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17284 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 8a8

Startzeit: 01cfeb674c54bdc7

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 1a739a20-57e7-11e4-8413-bc5ff4d074a5

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/20/2014 00:45:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avscan.exe, Version 14.0.7.266 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 610

Startzeit: 01cfebed7d9fe965

Endzeit: 60000

Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe

Berichts-ID: 66bf3bd0-57e1-11e4-8413-bc5ff4d074a5

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/19/2014 05:54:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (10/18/2014 05:48:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm PlayTV.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17bc

Startzeit: 01cfea653f668785

Endzeit: 0

Anwendungspfad: D:\PlayTV v2.2\PlayTV.exe

Berichts-ID: a475f58b-5679-11e4-8412-bc5ff4d074a5

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/17/2014 09:21:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: notepad.exe, Version: 6.3.9600.16384, Zeitstempel: 0x52158714
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x5f1a90df
ID des fehlerhaften Prozesses: 0xfa0
Startzeit der fehlerhaften Anwendung: 0xnotepad.exe0
Pfad der fehlerhaften Anwendung: notepad.exe1
Pfad des fehlerhaften Moduls: notepad.exe2
Berichtskennung: notepad.exe3
Vollständiger Name des fehlerhaften Pakets: notepad.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: notepad.exe5

Error: (10/17/2014 05:51:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DisplaySwitch.exe, Version: 6.3.9600.16384, Zeitstempel: 0x5215e98b
Name des fehlerhaften Moduls: nvwgf2umx.dll, Version: 9.18.13.4411, Zeitstempel: 0x5414a27b
Ausnahmecode: 0xc000041d
Fehleroffset: 0x00000000008490fa
ID des fehlerhaften Prozesses: 0xc44
Startzeit der fehlerhaften Anwendung: 0xDisplaySwitch.exe0
Pfad der fehlerhaften Anwendung: DisplaySwitch.exe1
Pfad des fehlerhaften Moduls: DisplaySwitch.exe2
Berichtskennung: DisplaySwitch.exe3
Vollständiger Name des fehlerhaften Pakets: DisplaySwitch.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DisplaySwitch.exe5


System errors:
=============
Error: (10/19/2014 08:38:39 AM) (Source: DCOM) (EventID: 10016) (User: MATTHIAS)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MatthiasMatthiasS-1-5-21-357331442-1347990815-2063067355-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (10/19/2014 08:38:39 AM) (Source: DCOM) (EventID: 10016) (User: MATTHIAS)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MatthiasMatthiasS-1-5-21-357331442-1347990815-2063067355-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (10/19/2014 08:38:23 AM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT-AUTORITÄT)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1

Error: (10/17/2014 03:16:17 PM) (Source: DCOM) (EventID: 10016) (User: MATTHIAS)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MatthiasMatthiasS-1-5-21-357331442-1347990815-2063067355-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (10/17/2014 03:16:17 PM) (Source: DCOM) (EventID: 10016) (User: MATTHIAS)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MatthiasMatthiasS-1-5-21-357331442-1347990815-2063067355-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (10/17/2014 03:16:00 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT-AUTORITÄT)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1

Error: (10/15/2014 03:53:55 PM) (Source: DCOM) (EventID: 10016) (User: MATTHIAS)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MatthiasMatthiasS-1-5-21-357331442-1347990815-2063067355-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (10/15/2014 03:53:55 PM) (Source: DCOM) (EventID: 10016) (User: MATTHIAS)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MatthiasMatthiasS-1-5-21-357331442-1347990815-2063067355-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (10/15/2014 03:53:34 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT-AUTORITÄT)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1

Error: (10/14/2014 08:02:19 PM) (Source: DCOM) (EventID: 10016) (User: MATTHIAS)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MatthiasMatthiasS-1-5-21-357331442-1347990815-2063067355-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


Microsoft Office Sessions:
=========================
Error: (10/20/2014 02:16:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestD:\esetsmartinstaller_deu.exe

Error: (10/20/2014 02:16:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestD:\esetsmartinstaller_deu.exe

Error: (10/20/2014 02:16:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestD:\esetsmartinstaller_deu.exe

Error: (10/20/2014 02:15:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestD:\esetsmartinstaller_deu.exe

Error: (10/20/2014 01:25:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.172848a801cfeb674c54bdc70C:\Windows\Explorer.EXE1a739a20-57e7-11e4-8413-bc5ff4d074a5

Error: (10/20/2014 00:45:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avscan.exe14.0.7.26661001cfebed7d9fe96560000C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe66bf3bd0-57e1-11e4-8413-bc5ff4d074a5

Error: (10/19/2014 05:54:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert

Error: (10/18/2014 05:48:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: PlayTV.exe1.0.0.017bc01cfea653f6687850D:\PlayTV v2.2\PlayTV.exea475f58b-5679-11e4-8412-bc5ff4d074a5

Error: (10/17/2014 09:21:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: notepad.exe6.3.9600.1638452158714unknown0.0.0.000000000c00000055f1a90dffa001cfea3f92bf21b9C:\Windows\SysWOW64\notepad.exeunknownd07898a0-5632-11e4-8412-bc5ff4d074a5

Error: (10/17/2014 05:51:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DisplaySwitch.exe6.3.9600.163845215e98bnvwgf2umx.dll9.18.13.44115414a27bc000041d00000000008490fac4401cfea22323f2537C:\Windows\System32\DisplaySwitch.exeC:\Windows\System32\nvwgf2umx.dll7196a0bf-5615-11e4-8412-bc5ff4d074a5


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 27%
Total physical RAM: 16229.05 MB
Available physical RAM: 11687.43 MB
Total Pagefile: 18661.05 MB
Available Pagefile: 12144.23 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive a: (Multimedia) (Fixed) (Total:2794.39 GB) (Free:1595.24 GB) NTFS
Drive b: (Multimedia II) (Fixed) (Total:735.84 GB) (Free:202.37 GB) NTFS
Drive c: () (Fixed) (Total:111.27 GB) (Free:73.59 GB) NTFS
Drive d: (Daten) (Fixed) (Total:195.67 GB) (Free:154.21 GB) NTFS
Drive f: (Extern) (Fixed) (Total:840.57 GB) (Free:613.59 GB) NTFS
Drive g: () (Removable) (Total:29.76 GB) (Free:29.5 GB) FAT32
Drive i: (SAFE) (Fixed) (Total:90.94 GB) (Free:33.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: A98184E0)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 97F0BB35)
Partition 1: (Active) - (Size=195.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=735.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: B0445822)
Partition 1: (Active) - (Size=29.8 GB) - (Type=0C)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1B537923)
Partition 1: (Not Active) - (Size=90.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=840.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Bootsektor 20.10.2014 11:36
Hallo,

ja das sieht unnett aus.

Schritt 1


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
() C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
C:\Users\Matthias\AppData\Roaming\SubFolder
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
reboot:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

donma08 20.10.2014 15:17
Guten Tag Sandra,
aufgewacht und ausgeruht gehts jetzt weiter :kaffee: Muss noch erwähnen das ich heute Nacht noch zwei Aktionen 'eigenmächtig' ausgeführt habe: 1. habe ich Avira Anti-Vir Free vom Rechner geschmissen ...inkl. Reg-Einträge (:applaus:) und 2. hab ich MalwareBytes Free installiert, drüberlaufen lassen und die Funde entfernen lassen. Danach war zumindest das Fenster mit der Meldung weg und es werden von Malware keine Funde mehr genannt. Das ist der aktuelle Stand und ab jetzt werde ich mich punktgenau nach deinen Anweisungen richten :dankeschoen:



Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-10-2014
Ran by Matthias at 2014-10-20 16:05:39 Run:1
Running from D:\
Loaded Profile: Matthias (Available profiles: Matthias)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
() C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
C:\Users\Matthias\AppData\Roaming\SubFolder
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
reboot:
*****************

C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe => No running process found
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => Value not found.
C:\Users\Matthias\AppData\Roaming\SubFolder => Moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog ====


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014
Ran by Matthias (administrator) on MATTHIAS on 20-10-2014 16:12:54
Running from D:\
Loaded Profile: Matthias (Available profiles: Matthias)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Outertech) C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe
(Dropbox, Inc.) C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2014-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day0] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day1] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day2] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day3] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day4] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day5] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day6] => [X]
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-13]

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-04-20]
CHR Extension: (Google*Übersetzer) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-04-20]
CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (Pushbullet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-04-20]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-04-20]
CHR Extension: (Session Buddy) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-04-20]
CHR Extension: (My JDownloader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2014-04-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-04-20]
CHR Extension: (AdBlock) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-20]
CHR Extension: (Cr!Box) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp [2014-04-20]
CHR Extension: (In Google Drive speichern) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-04-20]
CHR Extension: (Scroll To Top) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegiignepmecppikdlbohnnbfjdoaghj [2014-04-20]
CHR Extension: (ModHeader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2014-07-15]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-04-20]
CHR Extension: (Panel View for Keep) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2014-04-20]
CHR Extension: (LongClick New Tab) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphlcgnallcfbnpgmblmlmkehbffnoph [2014-04-20]
CHR Extension: (Reload All Tabs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2014-04-20]
CHR Extension: (Hangouts) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-04-20]
CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-20]
CHR Extension: (Close Right) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\npemobdkdcknhfaiioheeffincgpgafj [2014-04-20]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Matthias\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe [51016 2014-08-21] (Google Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [326760 2014-09-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2014-07-20] (Realtek Semiconductor)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-07-09] (ASRock Incorporation)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [X]
S3 GPU-Z; \??\C:\Users\Matthias\AppData\Local\Temp\GPU-Z.sys [X]
S3 mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 16:05 - 2014-10-20 16:12 - 00000000 ____D () C:\FRST
2014-10-20 05:00 - 2014-10-20 05:00 - 00102844 _____ () C:\ProgramData\1413773998.bdinstall.bin
2014-10-20 04:59 - 2014-10-20 04:59 - 00037671 _____ () C:\ProgramData\1413773997.bdinstall.bin
2014-10-20 04:56 - 2014-10-20 04:56 - 00174873 _____ () C:\ProgramData\1413773762.bdinstall.bin
2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\QuickScan
2014-10-20 04:56 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-10-19 14:31 - 2014-10-20 04:56 - 00001483 _____ () C:\Windows\setupact.log
2014-10-19 14:31 - 2014-10-19 14:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-19 05:54 - 2014-10-19 05:54 - 00000000 ____D () C:\Program Files\Calibre2
2014-10-19 05:15 - 2014-10-19 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy XIII
2014-10-14 20:32 - 2014-10-14 20:32 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-10-14 19:16 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 19:16 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 19:16 - 2014-09-10 08:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-10-14 19:16 - 2014-09-08 05:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-14 19:16 - 2014-09-08 05:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-14 19:16 - 2014-09-08 00:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-14 19:16 - 2014-09-05 00:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-14 19:16 - 2014-09-05 00:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-14 19:16 - 2014-09-04 05:15 - 00561416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-10-14 19:16 - 2014-09-04 05:14 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-10-14 19:16 - 2014-09-04 05:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-10-14 19:16 - 2014-09-04 04:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-10-14 19:16 - 2014-09-04 03:19 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-10-14 19:16 - 2014-09-04 03:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-10-14 19:16 - 2014-09-04 02:45 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-10-14 19:16 - 2014-09-04 02:41 - 01420288 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-14 19:16 - 2014-09-04 02:36 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-14 19:16 - 2014-09-04 02:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-10-14 19:16 - 2014-09-04 02:15 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-14 19:16 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-14 19:16 - 2014-09-04 01:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-14 19:16 - 2014-09-04 01:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-14 19:16 - 2014-08-31 02:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-10-14 19:16 - 2014-08-31 02:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-14 19:16 - 2014-08-31 00:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-14 19:16 - 2014-08-31 00:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-10-14 19:16 - 2014-08-30 23:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-10-14 19:16 - 2014-08-30 23:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-10-14 19:16 - 2014-08-30 22:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-10-14 19:16 - 2014-08-30 22:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-10-14 19:16 - 2014-08-28 04:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 19:16 - 2014-08-28 02:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-10-14 19:16 - 2014-08-28 02:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-10-14 19:16 - 2014-08-23 07:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-10-14 19:16 - 2014-08-23 07:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-10-14 19:16 - 2014-08-23 06:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-10-14 19:16 - 2014-08-02 02:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-10-14 19:16 - 2014-08-02 02:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-10-14 19:15 - 2014-09-28 00:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 19:15 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 19:15 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 19:15 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 19:15 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 19:15 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 19:15 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 19:15 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 19:15 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 19:15 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 19:15 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 19:15 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 19:15 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 19:15 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 19:15 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 19:15 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 19:15 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 19:15 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 19:15 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 19:15 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 19:15 - 2014-09-19 02:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 19:15 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 19:15 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 19:15 - 2014-09-19 02:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 19:15 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 19:15 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 19:15 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 19:15 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 19:15 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 19:15 - 2014-09-08 02:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-14 19:14 - 2014-09-13 08:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 19:14 - 2014-09-13 08:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 19:14 - 2014-09-13 07:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 19:14 - 2014-09-13 07:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 19:14 - 2014-09-08 05:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-14 19:14 - 2014-09-08 03:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-14 19:14 - 2014-09-08 03:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-14 19:14 - 2014-09-08 02:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-14 19:14 - 2014-09-08 02:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-14 19:14 - 2014-09-08 02:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-14 19:14 - 2014-09-08 02:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-14 19:14 - 2014-09-08 02:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-14 19:14 - 2014-09-08 02:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-14 19:14 - 2014-09-08 01:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-14 19:14 - 2014-09-08 01:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-14 19:14 - 2014-09-08 01:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-14 19:14 - 2014-09-08 01:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-14 19:14 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 19:14 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-09-29 20:25 - 2014-09-29 20:35 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\FileBot
2014-09-20 07:50 - 2014-09-17 06:51 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-09-20 07:50 - 2014-09-17 06:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-09-20 07:50 - 2014-09-17 06:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-09-20 07:50 - 2014-09-14 01:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00834880 _____ () C:\Windows\system32\nvmcumd.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 16:12 - 2014-07-05 23:47 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\NetSpeedMonitor
2014-10-20 16:12 - 2014-03-18 12:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 16:12 - 2014-03-18 11:25 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2014-10-20 16:12 - 2014-03-18 11:25 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2014-10-20 16:07 - 2014-05-20 18:16 - 00005084 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MATTHIAS-Matthias Matthias
2014-10-20 16:06 - 2014-04-20 17:21 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Dropbox
2014-10-20 16:06 - 2014-04-20 09:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-20 16:06 - 2014-03-18 03:51 - 00372728 _____ () C:\Windows\PFRO.log
2014-10-20 16:06 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 16:05 - 2014-04-20 17:40 - 00000000 ____D () C:\Program Files\JDownloader
2014-10-20 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-20 15:52 - 2014-04-20 09:32 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 10:32 - 2014-09-10 20:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-20 09:31 - 2014-04-20 09:28 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-357331442-1347990815-2063067355-1001
2014-10-20 08:18 - 2014-04-20 09:19 - 01292382 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 08:00 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-20 07:54 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\L2Schemas
2014-10-20 07:54 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-20 05:33 - 2014-04-20 17:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-20 05:27 - 2014-04-20 17:26 - 00014860 _____ () C:\Users\Matthias\Documents\metadata_db_prefs_backup.json
2014-10-20 05:27 - 2014-04-20 17:25 - 00185344 _____ () C:\Users\Matthias\Documents\metadata.db
2014-10-20 04:29 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Packages
2014-10-20 04:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-20 01:24 - 2014-07-29 17:06 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-10-19 08:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-19 05:21 - 2014-06-07 19:32 - 00000000 ____D () C:\ProgramData\Steam
2014-10-17 20:47 - 2014-04-20 09:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 20:47 - 2014-04-20 09:32 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 15:16 - 2013-08-22 16:44 - 00434768 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 04:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-10-14 19:55 - 2014-06-07 19:12 - 00101329 _____ () C:\Windows\DirectX.log
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2014-10-14 19:26 - 2014-05-01 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-14 19:26 - 2014-05-01 18:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-14 19:26 - 2014-04-20 09:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 19:26 - 2013-08-22 15:25 - 00000167 _____ () C:\Windows\win.ini
2014-10-14 19:24 - 2014-04-20 09:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 17:01 - 2014-06-12 02:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-14 04:33 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias
2014-10-13 15:22 - 2014-08-13 16:06 - 00000000 ____D () C:\Users\Matthias\Downloads\LiveSetup
2014-10-01 23:48 - 2014-04-20 09:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-30 00:45 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-30 00:45 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 08:42 - 2014-04-20 09:29 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-20 19:12 - 2014-07-29 17:06 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-20 07:51 - 2014-05-17 17:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-20 07:51 - 2014-05-17 17:46 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\avgnt.exe
C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa1btw4.dll
C:\Users\Matthias\AppData\Local\Temp\proxy_vole1715959011113459827.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-20 04:36

==================== End Of Log ============================
--- --- ---

--- --- ---

Bootsektor 20.10.2014 22:20
Hallo,

viel besser :)

Mir ist aufgefallen, dass du einen Crack von Final Fantasy auf dem Rechner hast, der muss bitte runter sonst können wir nicht weitermachen:

Zitat:

A:\Final Fantasy XIII\white_data\prog\win\bin\steam_api.dll'

A:\Final Fantasy XIII\steam_api.dll'
Die von mir gelisteten Einträge deuten stark darauf hin, dass auf diesem Rechner Software benutzt wird, die nicht legal erworben wurde.

Supportunterbrechung
Lesestoff:

Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert.

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle solange nicht weiter bereinigen, bis die Software entfernt wurde. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen.

Bitte entscheide Dich also, wie Du weiter vorgehen möchtest und teile mir dieses hier in Deinem Thread mit.
Unsere Hilfe beschränkt sich, wenn Du diese Software nicht entfernst, nur auf das Neuaufsetzen und Absichern deines Systems.
Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum.

donma08 21.10.2014 15:27
Zitat:
Zitat von Bootsektor (Beitrag 1374237)
Mir ist aufgefallen, dass du einen Crack von Final Fantasy auf dem Rechner hast, der muss bitte runter sonst können wir nicht weitermachen:
Hi,
sehr sehr gerne und was soll ich hier groß rumschwadronieren/lügen: dadurch hab ICH mir wohl den MIST auf den Rechner geholt :headbang:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by Matthias (administrator) on MATTHIAS on 21-10-2014 16:24:59
Running from D:\
Loaded Profile: Matthias (Available profiles: Matthias)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(FinalWire Ltd.) C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Outertech) C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe
(Dropbox, Inc.) C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2014-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day0] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day1] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day2] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day3] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day4] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day5] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day6] => [X]
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-13]

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-04-20]
CHR Extension: (Google*Übersetzer) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-04-20]
CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (Pushbullet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-04-20]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-04-20]
CHR Extension: (Session Buddy) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-04-20]
CHR Extension: (My JDownloader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2014-04-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-04-20]
CHR Extension: (AdBlock) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-20]
CHR Extension: (Cr!Box) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp [2014-04-20]
CHR Extension: (In Google Drive speichern) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-04-20]
CHR Extension: (Scroll To Top) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegiignepmecppikdlbohnnbfjdoaghj [2014-04-20]
CHR Extension: (ModHeader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2014-07-15]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-04-20]
CHR Extension: (Panel View for Keep) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2014-04-20]
CHR Extension: (LongClick New Tab) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphlcgnallcfbnpgmblmlmkehbffnoph [2014-04-20]
CHR Extension: (Reload All Tabs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2014-04-20]
CHR Extension: (Hangouts) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-04-20]
CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-20]
CHR Extension: (Close Right) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\npemobdkdcknhfaiioheeffincgpgafj [2014-04-20]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Matthias\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe [51016 2014-08-21] (Google Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [326760 2014-09-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2014-07-20] (Realtek Semiconductor)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 [34136 2014-10-06] ()
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-07-09] (ASRock Incorporation)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [X]
S3 GPU-Z; \??\C:\Users\Matthias\AppData\Local\Temp\GPU-Z.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 16:24 - 2014-10-21 16:25 - 00000000 ____D () C:\FRST
2014-10-20 16:50 - 2014-10-20 16:50 - 00003222 _____ () C:\Windows\System32\Tasks\AIDA64 AutoStart
2014-10-20 16:34 - 2014-10-20 16:34 - 00000000 ____D () C:\Program Files (x86)\FinalWire
2014-10-20 16:17 - 2014-10-21 02:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-20 16:17 - 2014-10-20 16:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-20 16:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-20 16:17 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-20 16:17 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-20 05:00 - 2014-10-20 05:00 - 00102844 _____ () C:\ProgramData\1413773998.bdinstall.bin
2014-10-20 04:59 - 2014-10-20 04:59 - 00037671 _____ () C:\ProgramData\1413773997.bdinstall.bin
2014-10-20 04:56 - 2014-10-20 04:56 - 00174873 _____ () C:\ProgramData\1413773762.bdinstall.bin
2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\QuickScan
2014-10-20 04:56 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-10-19 14:31 - 2014-10-20 04:56 - 00001483 _____ () C:\Windows\setupact.log
2014-10-19 14:31 - 2014-10-19 14:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-19 05:54 - 2014-10-19 05:54 - 00000000 ____D () C:\Program Files\Calibre2
2014-10-19 05:15 - 2014-10-19 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy XIII
2014-10-14 20:32 - 2014-10-14 20:32 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-10-14 19:16 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 19:16 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 19:16 - 2014-09-10 08:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-10-14 19:16 - 2014-09-08 05:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-14 19:16 - 2014-09-08 05:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-14 19:16 - 2014-09-08 00:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-14 19:16 - 2014-09-05 00:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-14 19:16 - 2014-09-05 00:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-14 19:16 - 2014-09-04 05:15 - 00561416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-10-14 19:16 - 2014-09-04 05:14 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-10-14 19:16 - 2014-09-04 05:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-10-14 19:16 - 2014-09-04 04:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-10-14 19:16 - 2014-09-04 03:19 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-10-14 19:16 - 2014-09-04 03:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-10-14 19:16 - 2014-09-04 02:45 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-10-14 19:16 - 2014-09-04 02:41 - 01420288 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-14 19:16 - 2014-09-04 02:36 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-14 19:16 - 2014-09-04 02:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-10-14 19:16 - 2014-09-04 02:15 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-14 19:16 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-14 19:16 - 2014-09-04 01:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-14 19:16 - 2014-09-04 01:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-14 19:16 - 2014-08-31 02:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-10-14 19:16 - 2014-08-31 02:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-14 19:16 - 2014-08-31 00:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-14 19:16 - 2014-08-31 00:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-10-14 19:16 - 2014-08-30 23:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-10-14 19:16 - 2014-08-30 23:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-10-14 19:16 - 2014-08-30 22:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-10-14 19:16 - 2014-08-30 22:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-10-14 19:16 - 2014-08-28 04:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 19:16 - 2014-08-28 02:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-10-14 19:16 - 2014-08-28 02:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-10-14 19:16 - 2014-08-23 07:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-10-14 19:16 - 2014-08-23 07:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-10-14 19:16 - 2014-08-23 06:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-10-14 19:16 - 2014-08-02 02:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-10-14 19:16 - 2014-08-02 02:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-10-14 19:15 - 2014-09-28 00:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 19:15 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 19:15 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 19:15 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 19:15 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 19:15 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 19:15 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 19:15 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 19:15 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 19:15 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 19:15 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 19:15 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 19:15 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 19:15 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 19:15 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 19:15 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 19:15 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 19:15 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 19:15 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 19:15 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 19:15 - 2014-09-19 02:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 19:15 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 19:15 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 19:15 - 2014-09-19 02:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 19:15 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 19:15 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 19:15 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 19:15 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 19:15 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 19:15 - 2014-09-08 02:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-14 19:14 - 2014-09-13 08:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 19:14 - 2014-09-13 08:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 19:14 - 2014-09-13 07:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 19:14 - 2014-09-13 07:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 19:14 - 2014-09-08 05:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-14 19:14 - 2014-09-08 03:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-14 19:14 - 2014-09-08 03:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-14 19:14 - 2014-09-08 02:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-14 19:14 - 2014-09-08 02:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-14 19:14 - 2014-09-08 02:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-14 19:14 - 2014-09-08 02:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-14 19:14 - 2014-09-08 02:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-14 19:14 - 2014-09-08 02:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-14 19:14 - 2014-09-08 01:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-14 19:14 - 2014-09-08 01:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-14 19:14 - 2014-09-08 01:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-14 19:14 - 2014-09-08 01:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-14 19:14 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 19:14 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-09-29 20:25 - 2014-09-29 20:35 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\FileBot

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 16:24 - 2014-07-05 23:47 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\NetSpeedMonitor
2014-10-21 16:21 - 2014-04-20 09:28 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-357331442-1347990815-2063067355-1001
2014-10-21 16:21 - 2014-04-20 09:19 - 01576904 _____ () C:\Windows\WindowsUpdate.log
2014-10-21 16:21 - 2014-03-18 12:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-21 16:21 - 2014-03-18 11:25 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2014-10-21 16:21 - 2014-03-18 11:25 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2014-10-21 16:17 - 2014-05-20 18:16 - 00005084 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MATTHIAS-Matthias Matthias
2014-10-21 16:17 - 2014-04-20 17:21 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Dropbox
2014-10-21 16:16 - 2014-04-20 09:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 16:16 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 08:32 - 2014-09-10 20:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-21 08:18 - 2014-04-20 17:40 - 00000000 ____D () C:\Program Files\JDownloader
2014-10-21 08:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-21 07:52 - 2014-04-20 09:32 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 20:21 - 2014-03-18 03:51 - 00373108 _____ () C:\Windows\PFRO.log
2014-10-20 08:00 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-20 07:54 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\L2Schemas
2014-10-20 07:54 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-20 05:33 - 2014-04-20 17:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-20 05:27 - 2014-04-20 17:26 - 00014860 _____ () C:\Users\Matthias\Documents\metadata_db_prefs_backup.json
2014-10-20 05:27 - 2014-04-20 17:25 - 00185344 _____ () C:\Users\Matthias\Documents\metadata.db
2014-10-20 04:29 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Packages
2014-10-20 04:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-20 01:24 - 2014-07-29 17:06 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-10-19 08:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-19 05:21 - 2014-06-07 19:32 - 00000000 ____D () C:\ProgramData\Steam
2014-10-17 20:47 - 2014-04-20 09:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 20:47 - 2014-04-20 09:32 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 15:16 - 2013-08-22 16:44 - 00434768 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 04:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-10-14 19:55 - 2014-06-07 19:12 - 00101329 _____ () C:\Windows\DirectX.log
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2014-10-14 19:26 - 2014-05-01 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-14 19:26 - 2014-05-01 18:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-14 19:26 - 2014-04-20 09:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 19:26 - 2013-08-22 15:25 - 00000167 _____ () C:\Windows\win.ini
2014-10-14 19:24 - 2014-04-20 09:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 17:01 - 2014-06-12 02:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-14 04:33 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias
2014-10-13 15:22 - 2014-08-13 16:06 - 00000000 ____D () C:\Users\Matthias\Downloads\LiveSetup
2014-10-01 23:48 - 2014-04-20 09:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-30 00:45 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-30 00:45 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 08:42 - 2014-04-20 09:29 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\avgnt.exe
C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpphmoxi.dll
C:\Users\Matthias\AppData\Local\Temp\proxy_vole4831581362691995291.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-20 04:36

==================== End Of Log ============================
--- --- ---

Bootsektor 21.10.2014 23:17
Hallo,

Zitat:
Hi,
sehr sehr gerne und was soll ich hier groß rumschwadronieren/lügen: dadurch hab ICH mir wohl den MIST auf den Rechner geholt
Ja, das ist höchstwahrscheinlich so. Lerne daraus. Deine Ehrlichkeit gefällt mir. :daumenhoc

Wir machen jetzt Kontrollscans:
Malwarebytes hast du ja schon laufen lassen, bitte poste mir das Log davon.

Schritt 1
  • Starte Malwarebytes
  • Gehe nun oben auf Verlauf
  • links findest du nun die Auswahl Quarantäne und Anwendungsprotokolle
  • Gehe auf Anwendungsprotokolle
  • suche hier das letzte Suchlaufsprotokoll und wähle das aus
  • nun gehe oben auf Ansicht, das Protokoll öffnet sich
  • unten links steht exportieren, wähle das aus und klicke auf Textdatei
  • speichere nun das Log unter mbam.txt ab
  • öffne das Log mit deinem Texteditor
  • poste mir den Inhalt

Schritt 2
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern :kaffee:

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 3
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

donma08 22.10.2014 04:07
Eset meldet noch Funde :heulen:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 20.10.2014
Suchlauf-Zeit: 00:15:51
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.09.19.05
Rootkit Datenbank: v2014.10.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Matthias

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 303968
Verstrichene Zeit: 6 Min, 27 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 22
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\60.exe, 3408, , [bbc630bf7efd02347559fb27b050659b]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\395.exe, 1060, , [077a2fc0780337ffce0034ee34ccd030]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\985.exe, 1616, , [ff829b540378f244a826869cb14f5ea2]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\870.exe, 5620, , [2a578768334820168c421909ae528f71]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\211.exe, 4992, , [29580ae5215a6fc77757b66c8b75b34d]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\829.exe, 820, , [8af7aa45abd0d462c00ef032f907629e]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\174.exe, 5088, , [5a27c629bfbc50e65579c95940c0817f]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\967.exe, 6388, , [047da24d7b00a492e7e7cb570cf48d73]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\320.exe, 6664, , [c3be539cf08b76c0af1f3ee4629e7a86]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\662.exe, 6948, , [1a6702ed8cefe5515975170be02042be]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\264.exe, 6184, , [1d645a951764d95dc509d44ed729768a]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\932.exe, 7104, , [6021c32c6615db5b1db1be64e7193dc3]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\739.exe, 2480, , [324ff5fa176404323f8fdc4643bd19e7]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\545.exe, 1036, , [9de48f606318ca6c0dc1d64ced13a858]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\355.exe, 6152, , [bec308e7d8a3cf674a8469b9768ad729]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\205.exe, 5196, , [b0d1915e601b06305c72ab77f70912ee]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\214.exe, 5588, , [a0e1b03f3a41290d26a8e43eaf5105fb]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\554.exe, 900, , [2160f5fa7dfef442339b26fc629e23dd]
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\175.exe, 752, , [6f1224cb176439fdc20cad7598687987]
Trojan.Dropper, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe, 360, , [c1c02fc06714ae88634cf80c13f0b14f]
Trojan.Agent, C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe, 6180, , [344d10dfee8d3bfb0b9c65cf9d6639c7]
Backdoor.Agent.DC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe, 3880, , [651cdb142e4de84e0879f20609faba46]

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 1
Malware.Trace, HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\DC3_FEXEC, , [5031559a394265d1b5c4dffc6d96ea16],

Registrierungswerte: 2
Backdoor.Agent.DCE, HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Winlogon, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe, , [2f526f801d5e989e81dca4cfdd2753ad]
Backdoor.Agent.DC, HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MicroUpdate, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe, , [651cdb142e4de84e0879f20609faba46]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 31
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\60.exe, , [bbc630bf7efd02347559fb27b050659b],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\395.exe, , [077a2fc0780337ffce0034ee34ccd030],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\985.exe, , [ff829b540378f244a826869cb14f5ea2],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\870.exe, , [2a578768334820168c421909ae528f71],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\211.exe, , [29580ae5215a6fc77757b66c8b75b34d],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\829.exe, , [8af7aa45abd0d462c00ef032f907629e],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\174.exe, , [5a27c629bfbc50e65579c95940c0817f],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\967.exe, , [047da24d7b00a492e7e7cb570cf48d73],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\320.exe, , [c3be539cf08b76c0af1f3ee4629e7a86],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\662.exe, , [1a6702ed8cefe5515975170be02042be],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\264.exe, , [1d645a951764d95dc509d44ed729768a],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\932.exe, , [6021c32c6615db5b1db1be64e7193dc3],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\739.exe, , [324ff5fa176404323f8fdc4643bd19e7],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\545.exe, , [9de48f606318ca6c0dc1d64ced13a858],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\355.exe, , [bec308e7d8a3cf674a8469b9768ad729],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\205.exe, , [b0d1915e601b06305c72ab77f70912ee],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\214.exe, , [a0e1b03f3a41290d26a8e43eaf5105fb],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\554.exe, , [2160f5fa7dfef442339b26fc629e23dd],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\175.exe, , [6f1224cb176439fdc20cad7598687987],
Backdoor.MSIL.PGen, C:\Users\Matthias\AppData\Roaming\loader_crypt.exe, , [1c65eb04403bb086ab5bd5c3bb457a86],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\886.exe, , [b9c829c67308ac8a06c8d84a916ffc04],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\71.exe, , [2f52549baecdaf87d3fb061cf30de61a],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\421.exe, , [8ef39a55adce21158549a280b44ccb35],
Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\552.exe, , [d3ae707f017a0b2bf0de0022f40cf10f],
Trojan.Dropper, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe, , [c1c02fc06714ae88634cf80c13f0b14f],
Trojan.Agent, C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe, , [344d10dfee8d3bfb0b9c65cf9d6639c7],
Trojan.Bitminer, C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.bat, , [671a6986ec8fd46256db046fa85cea16],
Trojan.Bitminer, C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.vbs, , [b2cfa34cc9b2181e230e165d4fb53dc3],
Trojan.Bitminer, C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\cpu.exe, , [9fe28a65770478be76bd076cea1af30d],
Backdoor.Agent.DCE, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe, , [2f526f801d5e989e81dca4cfdd2753ad],
Backdoor.Agent.DC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe, , [651cdb142e4de84e0879f20609faba46],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)


Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7f4c36a712870140ac0230bc3ff4a24d
# engine=20714
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2014-10-22 02:39:58
# local_time=2014-10-22 04:39:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 30535 18329119 0 0
# scanned=169687
# found=2
# cleaned=0
# scan_time=1932
sh=D0331DA3D821ACA77304F9D2F8654203CC1473BA ft=1 fh=05b393ca614acd65 vn="Win64/CoinMiner.V Trojaner" ac=I fn="C:\Users\Matthias\AppData\Roaming\upc.exe"
sh=7641C21A0E506F4ADFDF81A182296C070ED3B41F ft=0 fh=0000000000000000 vn="VBS/Runner.NCQ Trojaner" ac=I fn="C:\Users\Matthias\AppData\Roaming\upc.vbs"


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by Matthias (administrator) on MATTHIAS on 22-10-2014 05:01:58
Running from D:\
Loaded Profile: Matthias (Available profiles: Matthias)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(FinalWire Ltd.) C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Outertech) C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe
(Dropbox, Inc.) C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\Matthias\Documents\GIGABYTE\GIGABYTE Sim\Mouse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2014-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
HKLM-x32\...\Run: [GIGABYTEMOUSE] => C:\Users\Matthias\Documents\GIGABYTE\GIGABYTE Sim\Mouse.exe [1311552 2014-08-28] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day0] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day1] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day2] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day3] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day4] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day5] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day6] => [X]
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-13]

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-04-20]
CHR Extension: (Google*Übersetzer) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-04-20]
CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (Pushbullet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-04-20]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-04-20]
CHR Extension: (Session Buddy) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-04-20]
CHR Extension: (My JDownloader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2014-04-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-04-20]
CHR Extension: (AdBlock) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-20]
CHR Extension: (Cr!Box) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp [2014-04-20]
CHR Extension: (In Google Drive speichern) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-04-20]
CHR Extension: (Scroll To Top) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegiignepmecppikdlbohnnbfjdoaghj [2014-04-20]
CHR Extension: (ModHeader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2014-07-15]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-04-20]
CHR Extension: (Panel View for Keep) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2014-04-20]
CHR Extension: (LongClick New Tab) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphlcgnallcfbnpgmblmlmkehbffnoph [2014-04-20]
CHR Extension: (Reload All Tabs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2014-04-20]
CHR Extension: (Hangouts) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-04-20]
CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-20]
CHR Extension: (Close Right) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\npemobdkdcknhfaiioheeffincgpgafj [2014-04-20]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Matthias\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe [51016 2014-08-21] (Google Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-14] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2014-07-20] (Realtek Semiconductor)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 [34136 2014-10-06] ()
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-07-09] (ASRock Incorporation)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [X]
S3 GPU-Z; \??\C:\Users\Matthias\AppData\Local\Temp\GPU-Z.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-22 05:01 - 2014-10-22 05:01 - 00000000 ____D () C:\FRST
2014-10-22 04:05 - 2014-10-22 04:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-21 20:55 - 2014-10-21 20:55 - 00000000 ____D () C:\Users\Matthias\Documents\GIGABYTE
2014-10-21 17:02 - 2014-10-21 17:02 - 00000000 ____D () C:\Windows\LastGood
2014-10-20 16:50 - 2014-10-20 16:50 - 00003222 _____ () C:\Windows\System32\Tasks\AIDA64 AutoStart
2014-10-20 16:34 - 2014-10-20 16:34 - 00000000 ____D () C:\Program Files (x86)\FinalWire
2014-10-20 16:17 - 2014-10-22 03:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-20 16:17 - 2014-10-20 16:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-20 16:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-20 16:17 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-20 16:17 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-20 05:00 - 2014-10-20 05:00 - 00102844 _____ () C:\ProgramData\1413773998.bdinstall.bin
2014-10-20 04:59 - 2014-10-20 04:59 - 00037671 _____ () C:\ProgramData\1413773997.bdinstall.bin
2014-10-20 04:56 - 2014-10-20 04:56 - 00174873 _____ () C:\ProgramData\1413773762.bdinstall.bin
2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\QuickScan
2014-10-20 04:56 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-10-19 14:31 - 2014-10-21 17:04 - 00001689 _____ () C:\Windows\setupact.log
2014-10-19 14:31 - 2014-10-19 14:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-19 05:54 - 2014-10-19 05:54 - 00000000 ____D () C:\Program Files\Calibre2
2014-10-19 05:15 - 2014-10-19 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy XIII
2014-10-14 23:50 - 2014-10-14 23:50 - 02880848 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiVAD64.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 02775400 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAAC64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 02020352 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 01512296 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSecureSourceFilter64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 01365504 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00957528 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiWinNextAgent64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00734720 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00688640 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00672048 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAudioFilter64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00616240 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMux64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00472464 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUMS64.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00457616 _____ () C:\Windows\system32\igfxTray.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00403671 _____ () C:\Windows\system32\ImageStabilization.wmv
2014-10-14 23:50 - 2014-10-14 23:50 - 00372736 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00372224 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00354096 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSilenceFilter64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00304128 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00304016 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00279952 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00273408 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00266032 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUtils64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00254976 _____ () C:\Windows\system32\igfxCPL.cpl
2014-10-14 23:50 - 2014-10-14 23:50 - 00246672 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00224256 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00207496 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00197424 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiDDEAgent64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00195984 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00183296 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3977.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00175024 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00134960 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMCUMD64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00126312 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiLogServer64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00082432 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00069632 _____ () C:\Windows\system32\igfxCUIServicePS.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00069632 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00059392 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00031408 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00030720 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00010752 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00010752 _____ ( ) C:\Windows\system32\igfxDILib.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00004020 _____ () C:\Windows\system32\iglhxs64.vp
2014-10-14 23:49 - 2014-10-14 23:49 - 24185912 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 23999488 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 23391264 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 18872832 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 17285448 _____ () C:\Windows\system32\igd11dxva64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 16811648 _____ () C:\Windows\SysWOW64\igd11dxva32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 08187392 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 07668736 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 05889000 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 04850104 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2014-10-14 23:49 - 2014-10-14 23:49 - 04640104 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 01061376 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00629784 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00510304 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00397824 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00349696 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00225792 _____ () C:\Windows\system32\igdde64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00207872 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00186368 _____ () C:\Windows\SysWOW64\igdde32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00175104 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00162304 _____ (Intel Corporation) C:\Windows\system32\igdail64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00144896 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 09122816 _____ (Intel Corporation) C:\Windows\system32\ig75icd64.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 07768744 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 07205376 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 07070880 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 01131008 _____ (Intel Corporation) C:\Windows\system32\GfxResources.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 01020816 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 01017232 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 00641530 _____ () C:\Windows\system32\FilmModeDetection.wmv
2014-10-14 23:48 - 2014-10-14 23:48 - 00418704 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 00338832 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 00338832 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 00155536 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2014-10-14 23:47 - 2014-10-14 23:47 - 00375173 _____ () C:\Windows\system32\ColorImageEnhancement.wmv
2014-10-14 20:32 - 2014-10-14 20:32 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-10-14 19:16 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 19:16 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 19:16 - 2014-09-10 08:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-10-14 19:16 - 2014-09-08 05:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-14 19:16 - 2014-09-08 05:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-14 19:16 - 2014-09-08 00:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-14 19:16 - 2014-09-05 00:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-14 19:16 - 2014-09-05 00:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-14 19:16 - 2014-09-04 05:15 - 00561416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-10-14 19:16 - 2014-09-04 05:14 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-10-14 19:16 - 2014-09-04 05:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-10-14 19:16 - 2014-09-04 04:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-10-14 19:16 - 2014-09-04 03:19 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-10-14 19:16 - 2014-09-04 03:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-10-14 19:16 - 2014-09-04 02:45 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-10-14 19:16 - 2014-09-04 02:41 - 01420288 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-14 19:16 - 2014-09-04 02:36 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-14 19:16 - 2014-09-04 02:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-10-14 19:16 - 2014-09-04 02:15 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-14 19:16 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-14 19:16 - 2014-09-04 01:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-14 19:16 - 2014-09-04 01:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-14 19:16 - 2014-08-31 02:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-10-14 19:16 - 2014-08-31 02:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-14 19:16 - 2014-08-31 00:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-14 19:16 - 2014-08-31 00:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-10-14 19:16 - 2014-08-30 23:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-10-14 19:16 - 2014-08-30 23:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-10-14 19:16 - 2014-08-30 22:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-10-14 19:16 - 2014-08-30 22:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-10-14 19:16 - 2014-08-28 04:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 19:16 - 2014-08-28 02:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-10-14 19:16 - 2014-08-28 02:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-10-14 19:16 - 2014-08-23 07:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-10-14 19:16 - 2014-08-23 07:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-10-14 19:16 - 2014-08-23 06:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-10-14 19:16 - 2014-08-02 02:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-10-14 19:16 - 2014-08-02 02:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-10-14 19:15 - 2014-09-28 00:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 19:15 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 19:15 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 19:15 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 19:15 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 19:15 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 19:15 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 19:15 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 19:15 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 19:15 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 19:15 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 19:15 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 19:15 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 19:15 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 19:15 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 19:15 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 19:15 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 19:15 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 19:15 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 19:15 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 19:15 - 2014-09-19 02:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 19:15 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 19:15 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 19:15 - 2014-09-19 02:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 19:15 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 19:15 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 19:15 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 19:15 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 19:15 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 19:15 - 2014-09-08 02:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-14 19:14 - 2014-09-13 08:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 19:14 - 2014-09-13 08:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 19:14 - 2014-09-13 07:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 19:14 - 2014-09-13 07:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 19:14 - 2014-09-08 05:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-14 19:14 - 2014-09-08 03:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-14 19:14 - 2014-09-08 03:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-14 19:14 - 2014-09-08 02:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-14 19:14 - 2014-09-08 02:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-14 19:14 - 2014-09-08 02:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-14 19:14 - 2014-09-08 02:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-14 19:14 - 2014-09-08 02:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-14 19:14 - 2014-09-08 02:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-14 19:14 - 2014-09-08 01:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-14 19:14 - 2014-09-08 01:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-14 19:14 - 2014-09-08 01:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-14 19:14 - 2014-09-08 01:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-14 19:14 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 19:14 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-07 01:53 - 2014-10-07 01:41 - 00042288 _____ (Intel Corporation) C:\Windows\system32\Drivers\intelaud.sys
2014-10-07 01:53 - 2014-10-07 01:41 - 00030512 _____ (Intel Corporation) C:\Windows\system32\Drivers\iwdbus.sys
2014-09-29 20:25 - 2014-09-29 20:35 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\FileBot

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-22 05:01 - 2014-07-05 23:47 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\NetSpeedMonitor
2014-10-22 05:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-22 04:54 - 2014-04-20 09:19 - 01807058 _____ () C:\Windows\WindowsUpdate.log
2014-10-22 04:52 - 2014-04-20 09:32 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 04:32 - 2014-09-10 20:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-22 04:15 - 2014-05-20 18:16 - 00005084 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MATTHIAS-Matthias Matthias
2014-10-22 04:11 - 2014-03-18 12:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-22 04:11 - 2014-03-18 11:25 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2014-10-22 04:11 - 2014-03-18 11:25 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2014-10-22 04:05 - 2014-04-20 17:21 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Dropbox
2014-10-22 04:04 - 2014-04-20 09:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-22 04:04 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-22 02:27 - 2014-04-20 17:40 - 00000000 ____D () C:\Program Files\JDownloader
2014-10-22 02:22 - 2014-07-29 17:06 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-10-21 22:52 - 2014-04-20 09:28 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-357331442-1347990815-2063067355-1001
2014-10-21 17:25 - 2014-04-20 10:41 - 00000425 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-10-21 17:25 - 2014-04-20 09:24 - 00000000 ____D () C:\Intel
2014-10-21 16:34 - 2014-04-20 11:07 - 00025812 _____ () C:\Windows\LDPINST.LOG
2014-10-20 20:21 - 2014-03-18 03:51 - 00373108 _____ () C:\Windows\PFRO.log
2014-10-20 08:00 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-20 07:54 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\L2Schemas
2014-10-20 07:54 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-20 05:33 - 2014-04-20 17:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-20 05:27 - 2014-04-20 17:26 - 00014860 _____ () C:\Users\Matthias\Documents\metadata_db_prefs_backup.json
2014-10-20 05:27 - 2014-04-20 17:25 - 00185344 _____ () C:\Users\Matthias\Documents\metadata.db
2014-10-20 04:29 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Packages
2014-10-20 04:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-19 08:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-19 05:21 - 2014-06-07 19:32 - 00000000 ____D () C:\ProgramData\Steam
2014-10-17 20:47 - 2014-04-20 09:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 20:47 - 2014-04-20 09:32 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 15:16 - 2013-08-22 16:44 - 00434768 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 04:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-10-14 23:50 - 2014-04-20 09:24 - 00082432 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2014-10-14 23:50 - 2014-04-20 09:24 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2014-10-14 23:50 - 2014-03-17 16:33 - 00329104 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2014-10-14 19:55 - 2014-06-07 19:12 - 00101329 _____ () C:\Windows\DirectX.log
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2014-10-14 19:26 - 2014-05-01 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-14 19:26 - 2014-05-01 18:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-14 19:26 - 2014-04-20 09:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 19:26 - 2013-08-22 15:25 - 00000167 _____ () C:\Windows\win.ini
2014-10-14 19:24 - 2014-04-20 09:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 17:01 - 2014-06-12 02:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-14 04:33 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias
2014-10-13 15:22 - 2014-08-13 16:06 - 00000000 ____D () C:\Users\Matthias\Downloads\LiveSetup
2014-10-01 23:48 - 2014-04-20 09:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-30 00:45 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-30 00:45 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 08:42 - 2014-04-20 09:29 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\avgnt.exe
C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8el4tn.dll
C:\Users\Matthias\AppData\Local\Temp\proxy_vole8285772289007070674.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-20 04:36

==================== End Of Log ============================
--- --- ---

Bootsektor 22.10.2014 23:47
Hallo,

das gefällt mir auch nicht.

Laut dem Log von Malwarebytes wurden die Funde aber nicht entfernt, das war ein reiner Suchlauf.

Wir werden das von aussen machen müssen, die Dateien wurden nicht gelöscht.

Schritt 1

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

donma08 23.10.2014 03:03
Kein problem :)


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by Matthias (administrator) on MATTHIAS on 23-10-2014 03:57:50
Running from G:\
Loaded Profile: Matthias (Available profiles: Matthias)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2014-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day0] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day1] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day2] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day3] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day4] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day5] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day6] => [X]
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-13]

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-04-20]
CHR Extension: (Google*Übersetzer) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-04-20]
CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (Pushbullet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-04-20]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-04-20]
CHR Extension: (Session Buddy) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-04-20]
CHR Extension: (My JDownloader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2014-04-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-04-20]
CHR Extension: (AdBlock) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-20]
CHR Extension: (Cr!Box) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp [2014-04-20]
CHR Extension: (In Google Drive speichern) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-04-20]
CHR Extension: (Scroll To Top) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegiignepmecppikdlbohnnbfjdoaghj [2014-04-20]
CHR Extension: (ModHeader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2014-07-15]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-04-20]
CHR Extension: (Panel View for Keep) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2014-04-20]
CHR Extension: (LongClick New Tab) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphlcgnallcfbnpgmblmlmkehbffnoph [2014-04-20]
CHR Extension: (Reload All Tabs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2014-04-20]
CHR Extension: (Hangouts) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-04-20]
CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-20]
CHR Extension: (Close Right) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\npemobdkdcknhfaiioheeffincgpgafj [2014-04-20]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Matthias\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe [51016 2014-08-21] (Google Inc.)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-14] (Intel Corporation)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2014-07-20] (Realtek Semiconductor)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 [34136 2014-10-06] ()
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-07-09] (ASRock Incorporation)
S3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2014-10-16] (NVIDIA Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [X]
S3 GPU-Z; \??\C:\Users\Matthias\AppData\Local\Temp\GPU-Z.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 03:57 - 2014-10-23 03:57 - 00000000 ____D () C:\FRST
2014-10-22 21:54 - 2014-10-16 18:54 - 31890064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 24555840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 20922696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 18499648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 17260864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 14029400 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 13942368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 13190288 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-10-22 21:54 - 2014-10-16 18:54 - 11395672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 11333848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 04289856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 04009672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434448.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434448.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00962376 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00931984 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00921928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00895176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00870112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00833864 _____ () C:\Windows\system32\nvmcumd.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00392008 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00348488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00101696 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2014-10-21 17:02 - 2014-10-22 21:55 - 00000000 ____D () C:\Windows\LastGood
2014-10-20 16:50 - 2014-10-20 16:50 - 00003222 _____ () C:\Windows\System32\Tasks\AIDA64 AutoStart
2014-10-20 16:34 - 2014-10-20 16:34 - 00000000 ____D () C:\Program Files (x86)\FinalWire
2014-10-20 16:17 - 2014-10-22 03:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-20 16:17 - 2014-10-20 16:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-20 16:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-20 16:17 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-20 16:17 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-20 05:00 - 2014-10-20 05:00 - 00102844 _____ () C:\ProgramData\1413773998.bdinstall.bin
2014-10-20 04:59 - 2014-10-20 04:59 - 00037671 _____ () C:\ProgramData\1413773997.bdinstall.bin
2014-10-20 04:56 - 2014-10-20 04:56 - 00174873 _____ () C:\ProgramData\1413773762.bdinstall.bin
2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\QuickScan
2014-10-20 04:56 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-10-19 14:31 - 2014-10-22 21:55 - 00001895 _____ () C:\Windows\setupact.log
2014-10-19 14:31 - 2014-10-19 14:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-19 05:54 - 2014-10-19 05:54 - 00000000 ____D () C:\Program Files\Calibre2
2014-10-19 05:15 - 2014-10-19 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy XIII
2014-10-14 23:50 - 2014-10-14 23:50 - 02880848 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiVAD64.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 02775400 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAAC64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 02020352 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 01512296 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSecureSourceFilter64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 01365504 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00957528 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiWinNextAgent64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00734720 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00688640 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00672048 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAudioFilter64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00616240 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMux64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00472464 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUMS64.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00457616 _____ () C:\Windows\system32\igfxTray.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00403671 _____ () C:\Windows\system32\ImageStabilization.wmv
2014-10-14 23:50 - 2014-10-14 23:50 - 00372736 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00372224 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00354096 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSilenceFilter64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00304128 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00304016 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00279952 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00273408 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00266032 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUtils64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00254976 _____ () C:\Windows\system32\igfxCPL.cpl
2014-10-14 23:50 - 2014-10-14 23:50 - 00246672 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00224256 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00207496 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00197424 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiDDEAgent64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00195984 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00183296 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3977.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00175024 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00134960 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMCUMD64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00126312 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiLogServer64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00082432 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00069632 _____ () C:\Windows\system32\igfxCUIServicePS.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00069632 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00059392 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00031408 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00030720 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00010752 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00010752 _____ ( ) C:\Windows\system32\igfxDILib.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00004020 _____ () C:\Windows\system32\iglhxs64.vp
2014-10-14 23:49 - 2014-10-14 23:49 - 24185912 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 23999488 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 23391264 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 18872832 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 17285448 _____ () C:\Windows\system32\igd11dxva64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 16811648 _____ () C:\Windows\SysWOW64\igd11dxva32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 08187392 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 07668736 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 05889000 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 04850104 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2014-10-14 23:49 - 2014-10-14 23:49 - 04640104 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 01061376 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00629784 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00510304 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00397824 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00349696 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00225792 _____ () C:\Windows\system32\igdde64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00207872 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00186368 _____ () C:\Windows\SysWOW64\igdde32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00175104 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00162304 _____ (Intel Corporation) C:\Windows\system32\igdail64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00144896 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 09122816 _____ (Intel Corporation) C:\Windows\system32\ig75icd64.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 07768744 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 07205376 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 07070880 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 01131008 _____ (Intel Corporation) C:\Windows\system32\GfxResources.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 01020816 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 01017232 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 00641530 _____ () C:\Windows\system32\FilmModeDetection.wmv
2014-10-14 23:48 - 2014-10-14 23:48 - 00418704 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 00338832 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 00338832 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 00155536 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2014-10-14 23:47 - 2014-10-14 23:47 - 00375173 _____ () C:\Windows\system32\ColorImageEnhancement.wmv
2014-10-14 20:32 - 2014-10-14 20:32 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-10-14 19:16 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 19:16 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 19:16 - 2014-09-10 08:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-10-14 19:16 - 2014-09-08 05:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-14 19:16 - 2014-09-08 05:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-14 19:16 - 2014-09-08 00:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-14 19:16 - 2014-09-05 00:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-14 19:16 - 2014-09-05 00:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-14 19:16 - 2014-09-04 05:15 - 00561416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-10-14 19:16 - 2014-09-04 05:14 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-10-14 19:16 - 2014-09-04 05:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-10-14 19:16 - 2014-09-04 04:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-10-14 19:16 - 2014-09-04 03:19 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-10-14 19:16 - 2014-09-04 03:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-10-14 19:16 - 2014-09-04 02:45 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-10-14 19:16 - 2014-09-04 02:41 - 01420288 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-14 19:16 - 2014-09-04 02:36 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-14 19:16 - 2014-09-04 02:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-10-14 19:16 - 2014-09-04 02:15 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-14 19:16 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-14 19:16 - 2014-09-04 01:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-14 19:16 - 2014-09-04 01:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-14 19:16 - 2014-08-31 02:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-10-14 19:16 - 2014-08-31 02:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-14 19:16 - 2014-08-31 00:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-14 19:16 - 2014-08-31 00:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-10-14 19:16 - 2014-08-30 23:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-10-14 19:16 - 2014-08-30 23:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-10-14 19:16 - 2014-08-30 22:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-10-14 19:16 - 2014-08-30 22:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-10-14 19:16 - 2014-08-28 04:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 19:16 - 2014-08-28 02:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-10-14 19:16 - 2014-08-28 02:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-10-14 19:16 - 2014-08-23 07:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-10-14 19:16 - 2014-08-23 07:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-10-14 19:16 - 2014-08-23 06:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-10-14 19:16 - 2014-08-02 02:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-10-14 19:16 - 2014-08-02 02:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-10-14 19:15 - 2014-09-28 00:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 19:15 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 19:15 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 19:15 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 19:15 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 19:15 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 19:15 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 19:15 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 19:15 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 19:15 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 19:15 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 19:15 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 19:15 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 19:15 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 19:15 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 19:15 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 19:15 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 19:15 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 19:15 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 19:15 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 19:15 - 2014-09-19 02:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 19:15 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 19:15 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 19:15 - 2014-09-19 02:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 19:15 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 19:15 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 19:15 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 19:15 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 19:15 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 19:15 - 2014-09-08 02:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-14 19:14 - 2014-09-13 08:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 19:14 - 2014-09-13 08:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 19:14 - 2014-09-13 07:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 19:14 - 2014-09-13 07:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 19:14 - 2014-09-08 05:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-14 19:14 - 2014-09-08 03:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-14 19:14 - 2014-09-08 03:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-14 19:14 - 2014-09-08 02:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-14 19:14 - 2014-09-08 02:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-14 19:14 - 2014-09-08 02:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-14 19:14 - 2014-09-08 02:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-14 19:14 - 2014-09-08 02:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-14 19:14 - 2014-09-08 02:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-14 19:14 - 2014-09-08 01:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-14 19:14 - 2014-09-08 01:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-14 19:14 - 2014-09-08 01:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-14 19:14 - 2014-09-08 01:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-14 19:14 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 19:14 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-07 01:53 - 2014-10-07 01:41 - 00042288 _____ (Intel Corporation) C:\Windows\system32\Drivers\intelaud.sys
2014-10-07 01:53 - 2014-10-07 01:41 - 00030512 _____ (Intel Corporation) C:\Windows\system32\Drivers\iwdbus.sys
2014-09-29 20:25 - 2014-09-29 20:35 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\FileBot

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 03:55 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-23 03:54 - 2014-07-05 23:47 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\NetSpeedMonitor
2014-10-23 03:52 - 2014-05-20 18:16 - 00005084 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MATTHIAS-Matthias Matthias
2014-10-23 03:52 - 2014-04-20 09:32 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-23 03:51 - 2014-04-20 17:21 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Dropbox
2014-10-23 03:51 - 2014-04-20 09:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-23 03:32 - 2014-09-10 20:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-23 03:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-22 22:04 - 2014-03-18 12:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-22 22:04 - 2014-03-18 11:25 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2014-10-22 22:04 - 2014-03-18 11:25 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2014-10-22 21:58 - 2014-04-20 09:19 - 01913526 _____ () C:\Windows\WindowsUpdate.log
2014-10-22 21:55 - 2014-05-17 17:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-22 17:44 - 2014-04-20 17:40 - 00000000 ____D () C:\Program Files\JDownloader
2014-10-22 12:32 - 2014-04-20 11:07 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-10-22 12:32 - 2014-04-20 11:07 - 00001020 _____ () C:\Windows\LkmdfCoInst.log
2014-10-22 07:01 - 2014-03-18 03:51 - 00373934 _____ () C:\Windows\PFRO.log
2014-10-22 02:22 - 2014-07-29 17:06 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-10-21 22:52 - 2014-04-20 09:28 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-357331442-1347990815-2063067355-1001
2014-10-21 17:25 - 2014-04-20 10:41 - 00000425 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-10-21 17:25 - 2014-04-20 09:24 - 00000000 ____D () C:\Intel
2014-10-21 16:34 - 2014-04-20 11:07 - 00025812 _____ () C:\Windows\LDPINST.LOG
2014-10-20 08:00 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-20 07:54 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\L2Schemas
2014-10-20 07:54 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-20 05:33 - 2014-04-20 17:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-20 05:27 - 2014-04-20 17:26 - 00014860 _____ () C:\Users\Matthias\Documents\metadata_db_prefs_backup.json
2014-10-20 05:27 - 2014-04-20 17:25 - 00185344 _____ () C:\Users\Matthias\Documents\metadata.db
2014-10-20 04:29 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Packages
2014-10-20 04:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-19 08:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-19 05:21 - 2014-06-07 19:32 - 00000000 ____D () C:\ProgramData\Steam
2014-10-17 20:47 - 2014-04-20 09:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 20:47 - 2014-04-20 09:32 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 15:16 - 2013-08-22 16:44 - 00434768 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 18:54 - 2014-07-29 20:48 - 02849224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-10-16 18:54 - 2014-05-17 17:45 - 20968040 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-10-16 18:54 - 2014-05-17 17:45 - 19966856 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-10-16 18:54 - 2014-05-17 17:45 - 16886168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-10-16 18:54 - 2014-05-17 17:45 - 03237528 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-10-16 18:54 - 2014-05-17 17:45 - 00987008 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-10-16 18:54 - 2014-05-17 17:45 - 00027024 _____ () C:\Windows\system32\nvinfo.pb
2014-10-16 16:11 - 2014-05-17 17:46 - 06883136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-10-16 16:11 - 2014-05-17 17:46 - 03533632 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-10-16 16:11 - 2014-05-17 17:46 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-10-16 16:11 - 2014-05-17 17:46 - 00933064 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-10-16 16:11 - 2014-05-17 17:46 - 00384200 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-10-16 16:11 - 2014-05-17 17:46 - 00061640 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-10-15 04:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-10-15 02:48 - 2014-05-17 17:46 - 04047877 _____ () C:\Windows\system32\nvcoproc.bin
2014-10-14 23:50 - 2014-04-20 09:24 - 00082432 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2014-10-14 23:50 - 2014-04-20 09:24 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2014-10-14 23:50 - 2014-03-17 16:33 - 00329104 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2014-10-14 19:55 - 2014-06-07 19:12 - 00101329 _____ () C:\Windows\DirectX.log
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2014-10-14 19:26 - 2014-05-01 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-14 19:26 - 2014-05-01 18:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-14 19:26 - 2014-04-20 09:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 19:26 - 2013-08-22 15:25 - 00000167 _____ () C:\Windows\win.ini
2014-10-14 19:24 - 2014-04-20 09:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 17:01 - 2014-06-12 02:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-14 04:33 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias
2014-10-13 15:22 - 2014-08-13 16:06 - 00000000 ____D () C:\Users\Matthias\Downloads\LiveSetup
2014-10-01 23:48 - 2014-04-20 09:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-30 00:45 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-30 00:45 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\avgnt.exe
C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5i8cvp.dll
C:\Users\Matthias\AppData\Local\Temp\proxy_vole8140324567497845138.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-20 04:36

==================== End Of Log ============================
--- --- ---

Bootsektor 23.10.2014 22:35
Hallo,

das ist der abgesicherte Modus, nicht die Recovery.

Aber wir können das da auch mal versuchen, wenn das wieder nicht klappt, dann bitte Recovery.

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
C:\Users\Matthias\AppData\Roaming\SubFolder\
C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
C:\Users\Matthias\AppData\Roaming\upc.exe
C:\Users\Matthias\AppData\Roaming\upc.vbs
C:\Users\Matthias\AppData\Roaming\loader_crypt.exe
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.bat
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.vbs
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\cpu.exe
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


donma08 24.10.2014 03:27
Hallo,
sorry mein Fehler :pfeiff: Hier das -hoffentlich richtige- Log aus dem Recovery:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by SYSTEM on MININT-VM986MK on 24-10-2014 04:13:25
Running from D:\
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2014-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\Matthias\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.)
HKU\Matthias\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\Matthias\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech)
HKU\Matthias\...\Run: [ASRock A-Tuning] => [X]
HKU\Matthias\...\RunOnce: [AsrOMG_Day0] => [X]
HKU\Matthias\...\RunOnce: [AsrOMG_Day1] => [X]
HKU\Matthias\...\RunOnce: [AsrOMG_Day2] => [X]
HKU\Matthias\...\RunOnce: [AsrOMG_Day3] => [X]
HKU\Matthias\...\RunOnce: [AsrOMG_Day4] => [X]
HKU\Matthias\...\RunOnce: [AsrOMG_Day5] => [X]
HKU\Matthias\...\RunOnce: [AsrOMG_Day6] => [X]
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] ()
S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe [51016 2014-08-21] (Google Inc.)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-14] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2014-07-20] (Realtek Semiconductor)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 [34136 2014-10-06] ()
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-07-09] (ASRock Incorporation)
S3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2014-10-16] (NVIDIA Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [X]
S3 GPU-Z; \??\C:\Users\Matthias\AppData\Local\Temp\GPU-Z.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 02:57 - 2014-10-24 04:03 - 00000000 ____D () C:\FRST
2014-10-22 20:54 - 2014-10-16 17:54 - 31890064 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 24555840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 20922696 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 18499648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 17260864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 14029400 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 13942368 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 13190288 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2014-10-22 20:54 - 2014-10-16 17:54 - 11395672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 11333848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 04289856 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 04009672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 01876296 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6434448.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 01539272 _____ (NVIDIA Corporation) C:\Windows\System32\nvmcvadgenco64.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 01539272 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6434448.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 00962376 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 00931984 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 00921928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 00895176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 00870112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 00833864 _____ () C:\Windows\System32\nvmcumd.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 00500880 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 00392008 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 00352016 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 00348488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 00174856 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 00101696 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcaparm.dll
2014-10-22 20:54 - 2014-10-16 17:54 - 00039240 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvadarm.sys
2014-10-21 16:02 - 2014-10-22 20:55 - 00000000 ____D () C:\Windows\LastGood
2014-10-20 15:50 - 2014-10-20 15:50 - 00003222 _____ () C:\Windows\System32\Tasks\AIDA64 AutoStart
2014-10-20 15:34 - 2014-10-20 15:34 - 00000000 ____D () C:\Program Files (x86)\FinalWire
2014-10-20 15:17 - 2014-10-22 02:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-10-20 15:17 - 2014-10-20 15:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-20 15:17 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-10-20 15:17 - 2014-10-01 10:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-10-20 15:17 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-10-20 04:00 - 2014-10-20 04:00 - 00102844 _____ () C:\ProgramData\1413773998.bdinstall.bin
2014-10-20 03:59 - 2014-10-20 03:59 - 00037671 _____ () C:\ProgramData\1413773997.bdinstall.bin
2014-10-20 03:56 - 2014-10-20 03:56 - 00174873 _____ () C:\ProgramData\1413773762.bdinstall.bin
2014-10-20 03:56 - 2014-10-20 03:56 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-10-20 03:56 - 2014-10-20 03:56 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\QuickScan
2014-10-20 03:56 - 2012-11-02 13:17 - 00261056 _____ (BitDefender) C:\Windows\System32\Drivers\avchv.sys
2014-10-19 13:31 - 2014-10-22 20:55 - 00001895 _____ () C:\Windows\setupact.log
2014-10-19 13:31 - 2014-10-19 13:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-19 04:54 - 2014-10-19 04:54 - 00000000 ____D () C:\Program Files\Calibre2
2014-10-14 22:50 - 2014-10-14 22:50 - 02880848 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiVAD64.exe
2014-10-14 22:50 - 2014-10-14 22:50 - 02775400 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiAAC64.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 02020352 _____ (Intel Corporation) C:\Windows\System32\igfxLHM.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 01512296 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiSecureSourceFilter64.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 01365504 _____ (Intel Corporation) C:\Windows\System32\igfxcmjit64.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00957528 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiWinNextAgent64.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00734720 _____ (Intel Corporation) C:\Windows\System32\MetroIntelGenericUIFramework.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00688640 _____ (Intel Corporation) C:\Windows\System32\igfxDH.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00672048 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiAudioFilter64.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00616240 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiMux64.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00472464 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiUMS64.exe
2014-10-14 22:50 - 2014-10-14 22:50 - 00457616 _____ () C:\Windows\System32\igfxTray.exe
2014-10-14 22:50 - 2014-10-14 22:50 - 00403671 _____ () C:\Windows\System32\ImageStabilization.wmv
2014-10-14 22:50 - 2014-10-14 22:50 - 00372736 _____ (Intel Corporation) C:\Windows\System32\igfxOSP.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00372224 _____ (Intel Corporation) C:\Windows\System32\IntelOpenCL64.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00354096 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiSilenceFilter64.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00304128 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00304016 _____ (Intel Corporation) C:\Windows\System32\igfxEM.exe
2014-10-14 22:50 - 2014-10-14 22:50 - 00279952 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2014-10-14 22:50 - 2014-10-14 22:50 - 00273408 _____ (Intel Corporation) C:\Windows\System32\igfxDI.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00266032 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiUtils64.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00254976 _____ () C:\Windows\System32\igfxCPL.cpl
2014-10-14 22:50 - 2014-10-14 22:50 - 00246672 _____ (Intel Corporation) C:\Windows\System32\igfxHK.exe
2014-10-14 22:50 - 2014-10-14 22:50 - 00224256 _____ (Intel Corporation) C:\Windows\System32\igfxDTCM.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00207496 _____ (Intel Corporation) C:\Windows\System32\igfxcmrt64.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00197424 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiDDEAgent64.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00195984 _____ (Intel Corporation) C:\Windows\System32\igfxext.exe
2014-10-14 22:50 - 2014-10-14 22:50 - 00183296 _____ (Intel Corporation) C:\Windows\System32\igfxCoIn_v3977.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00175024 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00134960 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiMCUMD64.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00126312 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiLogServer64.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00082432 _____ (Khronos Group) C:\Windows\System32\Intel_OpenCL_ICD64.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00069632 _____ () C:\Windows\System32\igfxCUIServicePS.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00069632 _____ ( ) C:\Windows\System32\igfxDHLibv2_0.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00059392 _____ ( ) C:\Windows\System32\igfxDHLib.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00031408 _____ (Intel Corporation) C:\Windows\System32\igfxexps.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00030720 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00010752 _____ ( ) C:\Windows\System32\igfxDILibv2_0.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00010752 _____ ( ) C:\Windows\System32\igfxDILib.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00010240 _____ ( ) C:\Windows\System32\igfxEMLibv2_0.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00010240 _____ ( ) C:\Windows\System32\igfxEMLib.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00005120 _____ ( ) C:\Windows\System32\igfxLHMLibv2_0.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00005120 _____ ( ) C:\Windows\System32\igfxLHMLib.dll
2014-10-14 22:50 - 2014-10-14 22:50 - 00004020 _____ () C:\Windows\System32\iglhxs64.vp
2014-10-14 22:49 - 2014-10-14 22:49 - 24185912 _____ (Intel Corporation) C:\Windows\System32\igdumdim64.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 23999488 _____ (Intel Corporation) C:\Windows\System32\igdfcl64.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 23391264 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 18872832 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 17285448 _____ () C:\Windows\System32\igd11dxva64.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 16811648 _____ () C:\Windows\SysWOW64\igd11dxva32.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 08187392 _____ (Intel Corporation) C:\Windows\System32\igdrcl64.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 07668736 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 05889000 _____ (Intel Corporation) C:\Windows\System32\igdusc64.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 04850104 _____ (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys
2014-10-14 22:49 - 2014-10-14 22:49 - 04640104 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 01061376 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 00629784 _____ (Intel Corporation) C:\Windows\System32\igdmd64.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 00510304 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 00397824 _____ (Intel Corporation) C:\Windows\System32\igdbcl64.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 00349696 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 00225792 _____ () C:\Windows\System32\igdde64.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 00207872 _____ (Intel Corporation) C:\Windows\System32\igfx11cmrt64.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 00186368 _____ () C:\Windows\SysWOW64\igdde32.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 00175104 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 00162304 _____ (Intel Corporation) C:\Windows\System32\igdail64.dll
2014-10-14 22:49 - 2014-10-14 22:49 - 00144896 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll
2014-10-14 22:48 - 2014-10-14 22:48 - 09122816 _____ (Intel Corporation) C:\Windows\System32\ig75icd64.dll
2014-10-14 22:48 - 2014-10-14 22:48 - 07768744 _____ (Intel Corporation) C:\Windows\System32\igd10iumd64.dll
2014-10-14 22:48 - 2014-10-14 22:48 - 07205376 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll
2014-10-14 22:48 - 2014-10-14 22:48 - 07070880 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2014-10-14 22:48 - 2014-10-14 22:48 - 01131008 _____ (Intel Corporation) C:\Windows\System32\GfxResources.dll
2014-10-14 22:48 - 2014-10-14 22:48 - 01020816 _____ (Intel Corporation) C:\Windows\System32\Gfxv4_0.exe
2014-10-14 22:48 - 2014-10-14 22:48 - 01017232 _____ (Intel Corporation) C:\Windows\System32\Gfxv2_0.exe
2014-10-14 22:48 - 2014-10-14 22:48 - 00641530 _____ () C:\Windows\System32\FilmModeDetection.wmv
2014-10-14 22:48 - 2014-10-14 22:48 - 00418704 _____ (Intel Corporation) C:\Windows\System32\GfxUIEx.exe
2014-10-14 22:48 - 2014-10-14 22:48 - 00338832 _____ (Intel Corporation) C:\Windows\System32\DPTopologyAppv2_0.exe
2014-10-14 22:48 - 2014-10-14 22:48 - 00338832 _____ (Intel Corporation) C:\Windows\System32\DPTopologyApp.exe
2014-10-14 22:48 - 2014-10-14 22:48 - 00155536 _____ (Intel Corporation) C:\Windows\System32\difx64.exe
2014-10-14 22:47 - 2014-10-14 22:47 - 00375173 _____ () C:\Windows\System32\ColorImageEnhancement.wmv
2014-10-14 19:32 - 2014-10-14 19:32 - 02526056 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2014-10-14 18:16 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-10-14 18:16 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 18:16 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2014-10-14 18:16 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-10-14 18:16 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2014-10-14 18:16 - 2014-09-07 23:08 - 00389176 _____ () C:\Windows\System32\ApnDatabase.xml
2014-10-14 18:16 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2014-10-14 18:16 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\System32\localspl.dll
2014-10-14 18:16 - 2014-09-04 04:15 - 00561416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2014-10-14 18:16 - 2014-09-04 04:14 - 00177472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-10-14 18:16 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll
2014-10-14 18:16 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-10-14 18:16 - 2014-09-04 02:19 - 00436224 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll
2014-10-14 18:16 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\System32\puiobj.dll
2014-10-14 18:16 - 2014-09-04 01:45 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-10-14 18:16 - 2014-09-04 01:41 - 01420288 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-10-14 18:16 - 2014-09-04 01:36 - 00418304 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-10-14 18:16 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-10-14 18:16 - 2014-09-04 01:15 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-14 18:16 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\System32\winbici.dll
2014-10-14 18:16 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\System32\MrmCoreR.dll
2014-10-14 18:16 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-14 18:16 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2014-10-14 18:16 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-10-14 18:16 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-14 18:16 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\System32\FXSCOMEX.dll
2014-10-14 18:16 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\System32\FXSAPI.dll
2014-10-14 18:16 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2014-10-14 18:16 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-10-14 18:16 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-10-14 18:16 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2014-10-14 18:16 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll
2014-10-14 18:16 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-10-14 18:16 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2014-10-14 18:16 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-10-14 18:16 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers.dll
2014-10-14 18:16 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\System32\untfs.dll
2014-10-14 18:16 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-10-14 18:15 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-10-14 18:15 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-10-14 18:15 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 18:15 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 18:15 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 18:15 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 18:15 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-10-14 18:15 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-10-14 18:15 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-10-14 18:15 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-10-14 18:15 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-10-14 18:15 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 18:15 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-10-14 18:15 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 18:15 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-10-14 18:15 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 18:15 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-10-14 18:15 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 18:15 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-10-14 18:15 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-10-14 18:15 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-10-14 18:15 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-10-14 18:15 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 18:15 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 18:15 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-10-14 18:15 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 18:15 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-10-14 18:15 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 18:15 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 18:15 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-10-14 18:14 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-10-14 18:14 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-10-14 18:14 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 18:14 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 18:14 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-10-14 18:14 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2014-10-14 18:14 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2014-10-14 18:14 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-10-14 18:14 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-10-14 18:14 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2014-10-14 18:14 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-10-14 18:14 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-10-14 18:14 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-10-14 18:14 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-14 18:14 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-14 18:14 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-14 18:14 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-14 18:14 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\System32\rastls.dll
2014-10-14 18:14 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-07 00:53 - 2014-10-07 00:41 - 00042288 _____ (Intel Corporation) C:\Windows\System32\Drivers\intelaud.sys
2014-10-07 00:53 - 2014-10-07 00:41 - 00030512 _____ (Intel Corporation) C:\Windows\System32\Drivers\iwdbus.sys
2014-09-29 19:25 - 2014-09-29 19:35 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\FileBot

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 03:11 - 2014-07-05 22:47 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\NetSpeedMonitor
2014-10-24 03:11 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 03:10 - 2014-04-20 16:21 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Dropbox
2014-10-24 03:10 - 2014-04-20 08:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 02:52 - 2014-04-20 08:32 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-24 02:32 - 2014-09-10 19:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-24 02:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\sru
2014-10-23 23:49 - 2014-04-20 08:19 - 02055070 _____ () C:\Windows\WindowsUpdate.log
2014-10-23 22:18 - 2014-04-20 16:26 - 00014860 _____ () C:\Users\Matthias\Documents\metadata_db_prefs_backup.json
2014-10-23 22:18 - 2014-04-20 16:25 - 00185344 _____ () C:\Users\Matthias\Documents\metadata.db
2014-10-23 22:16 - 2014-04-20 16:40 - 00000000 ____D () C:\Program Files\JDownloader
2014-10-23 19:31 - 2014-05-20 17:16 - 00005084 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MATTHIAS-Matthias Matthias
2014-10-23 19:26 - 2014-03-18 11:04 - 01776918 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-10-23 19:26 - 2014-03-18 10:25 - 00764340 _____ () C:\Windows\System32\perfh007.dat
2014-10-23 19:26 - 2014-03-18 10:25 - 00159160 _____ () C:\Windows\System32\perfc007.dat
2014-10-22 20:55 - 2014-05-17 16:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-22 11:32 - 2014-04-20 10:07 - 00018960 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2014-10-22 11:32 - 2014-04-20 10:07 - 00001020 _____ () C:\Windows\LkmdfCoInst.log
2014-10-22 06:01 - 2014-03-18 02:51 - 00373934 _____ () C:\Windows\PFRO.log
2014-10-22 01:22 - 2014-07-29 16:06 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-10-21 21:52 - 2014-04-20 08:28 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-357331442-1347990815-2063067355-1001
2014-10-21 16:25 - 2014-04-20 09:41 - 00000425 _____ () C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-10-21 16:25 - 2014-04-20 08:24 - 00000000 ____D () C:\Intel
2014-10-21 15:34 - 2014-04-20 10:07 - 00025812 _____ () C:\Windows\LDPINST.LOG
2014-10-20 07:00 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM
2014-10-20 06:54 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\L2Schemas
2014-10-20 06:54 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-20 04:33 - 2014-04-20 16:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-20 03:29 - 2014-04-20 08:22 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Packages
2014-10-20 03:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-19 07:36 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\System32\config\BBI
2014-10-19 04:21 - 2014-06-07 18:32 - 00000000 ____D () C:\ProgramData\Steam
2014-10-17 19:47 - 2014-04-20 08:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 19:47 - 2014-04-20 08:32 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 14:16 - 2013-08-22 15:44 - 00434768 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-10-16 17:54 - 2014-07-29 19:48 - 02849224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-10-16 17:54 - 2014-05-17 16:45 - 20968040 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2014-10-16 17:54 - 2014-05-17 16:45 - 19966856 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2014-10-16 17:54 - 2014-05-17 16:45 - 16886168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-10-16 17:54 - 2014-05-17 16:45 - 03237528 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2014-10-16 17:54 - 2014-05-17 16:45 - 00987008 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2014-10-16 17:54 - 2014-05-17 16:45 - 00027024 _____ () C:\Windows\System32\nvinfo.pb
2014-10-16 15:11 - 2014-05-17 16:46 - 06883136 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2014-10-16 15:11 - 2014-05-17 16:46 - 03533632 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2014-10-16 15:11 - 2014-05-17 16:46 - 02559808 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2014-10-16 15:11 - 2014-05-17 16:46 - 00933064 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2014-10-16 15:11 - 2014-05-17 16:46 - 00384200 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2014-10-16 15:11 - 2014-05-17 16:46 - 00061640 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2014-10-15 03:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-10-15 01:48 - 2014-05-17 16:46 - 04047877 _____ () C:\Windows\System32\nvcoproc.bin
2014-10-14 22:50 - 2014-04-20 08:24 - 00082432 _____ (Khronos Group) C:\Windows\System32\OpenCL.DLL
2014-10-14 22:50 - 2014-04-20 08:24 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2014-10-14 22:50 - 2014-03-17 15:33 - 00329104 _____ (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
2014-10-14 18:55 - 2014-06-07 18:12 - 00101329 _____ () C:\Windows\DirectX.log
2014-10-14 18:43 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-14 18:43 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-14 18:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-14 18:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-14 18:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera
2014-10-14 18:26 - 2014-05-01 17:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-14 18:26 - 2014-04-20 08:29 - 00000000 ____D () C:\Windows\System32\MRT
2014-10-14 18:26 - 2013-08-22 14:25 - 00000167 _____ () C:\Windows\win.ini
2014-10-14 18:24 - 2014-04-20 08:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-10-14 16:01 - 2014-06-12 01:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-14 03:33 - 2014-04-20 08:22 - 00000000 ____D () C:\users\Matthias
2014-10-13 14:22 - 2014-08-13 15:06 - 00000000 ____D () C:\Users\Matthias\Downloads\LiveSetup
2014-10-01 22:48 - 2014-04-20 08:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-29 23:45 - 2013-08-22 16:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-29 23:45 - 2013-08-22 16:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\avgnt.exe
C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphl_f3u.dll
C:\Users\Matthias\AppData\Local\Temp\proxy_vole6277922626763108122.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2014-09-09 18:25] - [2014-08-23 08:48] - 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA

C:\Windows\SysWOW64\explorer.exe
[2014-09-09 18:25] - [2014-08-23 08:13] - 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2014-09-02 20:15] - [2014-07-24 16:23] - 1519488 ____A (Microsoft Corporation) A055D7D686F1CB5CBEDCFBB4C6DC9E2E

C:\Windows\SysWOW64\User32.dll
[2014-09-02 20:15] - [2014-07-24 09:49] - 1361408 ____A (Microsoft Corporation) A39251FAE3189E1AE1F0DF0884D37E2A

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-09-02 20:15] - [2014-06-19 03:13] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB


==================== Restore Points  =========================

Restore point made on: 2014-10-14 07:07:46
Restore point made on: 2014-10-17 22:16:25
Restore point made on: 2014-10-17 22:16:27
Restore point made on: 2014-10-17 22:17:11
Restore point made on: 2014-10-19 04:54:07
Restore point made on: 2014-10-19 22:26:45
Restore point made on: 2014-10-19 22:26:47
Restore point made on: 2014-10-19 22:28:18
Restore point made on: 2014-10-19 23:24:48
Restore point made on: 2014-10-19 23:24:49
Restore point made on: 2014-10-19 23:39:11
Restore point made on: 2014-10-19 23:39:12
Restore point made on: 2014-10-20 00:06:45
Restore point made on: 2014-10-20 00:17:21
Restore point made on: 2014-10-20 00:17:29
Restore point made on: 2014-10-20 00:17:31
Restore point made on: 2014-10-20 00:17:43
Restore point made on: 2014-10-20 00:17:45
Restore point made on: 2014-10-20 00:17:47
Restore point made on: 2014-10-20 00:17:48
Restore point made on: 2014-10-20 00:17:50
Restore point made on: 2014-10-20 00:17:52
Restore point made on: 2014-10-20 00:17:53
Restore point made on: 2014-10-20 00:17:55
Restore point made on: 2014-10-20 00:17:57
Restore point made on: 2014-10-20 00:17:58
Restore point made on: 2014-10-20 00:18:00
Restore point made on: 2014-10-20 00:18:02
Restore point made on: 2014-10-20 00:18:04
Restore point made on: 2014-10-20 00:18:05
Restore point made on: 2014-10-20 00:18:07
Restore point made on: 2014-10-20 00:18:09
Restore point made on: 2014-10-20 00:18:10
Restore point made on: 2014-10-20 00:18:12
Restore point made on: 2014-10-20 00:18:14
Restore point made on: 2014-10-20 00:18:15
Restore point made on: 2014-10-20 00:18:17
Restore point made on: 2014-10-20 00:18:19
Restore point made on: 2014-10-20 00:18:49
Restore point made on: 2014-10-20 00:18:52
Restore point made on: 2014-10-20 00:18:54
Restore point made on: 2014-10-20 00:18:56
Restore point made on: 2014-10-20 00:18:58
Restore point made on: 2014-10-20 00:18:59
Restore point made on: 2014-10-20 00:19:02
Restore point made on: 2014-10-20 00:19:04
Restore point made on: 2014-10-20 00:19:06
Restore point made on: 2014-10-20 00:19:07
Restore point made on: 2014-10-20 00:19:11
Restore point made on: 2014-10-20 00:19:13
Restore point made on: 2014-10-20 00:19:15
Restore point made on: 2014-10-20 00:19:17
Restore point made on: 2014-10-20 00:19:18
Restore point made on: 2014-10-20 00:19:20
Restore point made on: 2014-10-20 00:19:22
Restore point made on: 2014-10-20 00:19:24
Restore point made on: 2014-10-20 00:19:30
Restore point made on: 2014-10-20 00:19:32
Restore point made on: 2014-10-20 00:19:34
Restore point made on: 2014-10-20 00:19:36
Restore point made on: 2014-10-20 00:19:37
Restore point made on: 2014-10-20 00:19:39
Restore point made on: 2014-10-20 00:19:41
Restore point made on: 2014-10-20 00:19:43
Restore point made on: 2014-10-20 00:19:45
Restore point made on: 2014-10-20 00:20:13
Restore point made on: 2014-10-20 00:20:15
Restore point made on: 2014-10-20 00:20:17
Restore point made on: 2014-10-20 00:21:39
Restore point made on: 2014-10-20 00:21:41
Restore point made on: 2014-10-20 00:21:43
Restore point made on: 2014-10-20 00:21:45
Restore point made on: 2014-10-20 00:21:47
Restore point made on: 2014-10-20 00:21:49
Restore point made on: 2014-10-20 00:24:34
Restore point made on: 2014-10-20 00:24:37
Restore point made on: 2014-10-20 00:24:39
Restore point made on: 2014-10-20 00:24:41
Restore point made on: 2014-10-20 00:24:43
Restore point made on: 2014-10-20 00:24:45
Restore point made on: 2014-10-20 00:24:47
Restore point made on: 2014-10-20 00:25:08
Restore point made on: 2014-10-20 00:25:11
Restore point made on: 2014-10-20 00:25:13
Restore point made on: 2014-10-20 00:25:15
Restore point made on: 2014-10-20 00:25:18
Restore point made on: 2014-10-21 15:08:10

==================== Memory info ===========================

Percentage of memory in use: 4%
Total physical RAM: 16229.04 MB
Available physical RAM: 15441.41 MB
Total Pagefile: 16229.04 MB
Available Pagefile: 15461.1 MB
Total Virtual: 131072 MB
Available Virtual: 131071.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.27 GB) (Free:70.67 GB) NTFS
Drive d: (Daten) (Fixed) (Total:195.67 GB) (Free:158.54 GB) NTFS
Drive e: (SAFE) (Fixed) (Total:90.94 GB) (Free:33.15 GB) NTFS
Drive f: () (Removable) (Total:29.76 GB) (Free:29.5 GB) FAT32
Drive g: (Multimedia II) (Fixed) (Total:735.84 GB) (Free:192.66 GB) NTFS
Drive h: (Extern) (Fixed) (Total:840.57 GB) (Free:612.56 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: A98184E0)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 97F0BB35)
Partition 1: (Active) - (Size=195.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=735.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1B537923)
Partition 1: (Not Active) - (Size=90.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=840.6 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: B0445822)
Partition 1: (Active) - (Size=29.8 GB) - (Type=0C)


LastRegBack: 2014-10-20 03:36

==================== End Of Log ============================
--- --- ---

--- --- ---


...und Fixlog:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-10-2014
Ran by Matthias at 2014-10-24 04:20:14 Run:1
Running from D:\
Loaded Profile: Matthias (Available profiles: Matthias)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
C:\Users\Matthias\AppData\Roaming\SubFolder\
C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
C:\Users\Matthias\AppData\Roaming\upc.exe
C:\Users\Matthias\AppData\Roaming\upc.vbs
C:\Users\Matthias\AppData\Roaming\loader_crypt.exe
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.bat
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.vbs
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\cpu.exe
emptytemp:
*****************

HKU\S-1-5-21-357331442-1347990815-2063067355-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => Value not found.
"C:\Users\Matthias\AppData\Roaming\SubFolder" => File/Directory not found.
"C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe" => File/Directory not found.
C:\Users\Matthias\AppData\Roaming\upc.exe => Moved successfully.
C:\Users\Matthias\AppData\Roaming\upc.vbs => Moved successfully.
"C:\Users\Matthias\AppData\Roaming\loader_crypt.exe" => File/Directory not found.
"C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.bat" => File/Directory not found.
"C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.vbs" => File/Directory not found.
"C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\cpu.exe" => File/Directory not found.
EmptyTemp: => Removed 1 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Bootsektor 24.10.2014 23:07
Hallo,

du hast den Fix im normalen Modus ausgeführt, ich hatte dich aber gebeten den im abgesicherten Modus auszuführen.

Ich verstehe grad nicht so ganz, warum FRST diese Einträge nicht sieht, obwohl ESET und Malwarebytes die gefunden haben, hast du dort etwas von gelöscht? Wir werden diesen Fix jetzt noch einmal in der Recovery versuchen.

Schritt 1
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f

C:\Users\Matthias\AppData\Roaming\SubFolder\
C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
C:\Users\Matthias\AppData\Roaming\loader_crypt.exe
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.bat
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.vbs
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\cpu.exe
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

donma08 25.10.2014 03:22
Hi,
nein ich hab weder was von Hand gelöscht, noch hab ich ein anderes Viren-Programm laufen lassen. Arbeite an der Beseitigung wirklich nur, sobald du hier was postest :dankeschoen:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-10-2014
Ran by SYSTEM at 2014-10-25 04:16:18 Run:1
Running from D:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f

C:\Users\Matthias\AppData\Roaming\SubFolder\
C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
C:\Users\Matthias\AppData\Roaming\loader_crypt.exe
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.bat
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.vbs
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\cpu.exe
*****************


========= reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon =========

Registrierungswert Winlogon l”schen (Ja/Nein)? FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========

"C:\Users\Matthias\AppData\Roaming\SubFolder" => File/Directory not found.
"C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe" => File/Directory not found.
"C:\Users\Matthias\AppData\Roaming\loader_crypt.exe" => File/Directory not found.
"C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.bat" => File/Directory not found.
"C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.vbs" => File/Directory not found.
"C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\cpu.exe" => File/Directory not found.

==== End of Fixlog ====

Bootsektor 26.10.2014 01:15
Hallo,

hast du die Funde von Malwarebytes aus dem Log was du mir gepostet hast gelöscht?

donma08 26.10.2014 01:24
Nein, ich hab wirklich nichts von selbst gelöscht!

Bootsektor 26.10.2014 01:26
Hallo,

du schriebst und ich finde die Funde von Mbam nicht mehr, deswegen frag ich.

Zitat:
2. hab ich Malwarebytes Free installiert, drüberlaufen lassen und die Funde entfernen lassen.

donma08 26.10.2014 01:54
Ja, da hab ich den aktuellen Stand gepostet. Aber Eset hat DANACH ja noch Funde gemeldet!

Bootsektor 27.10.2014 00:04
Hallo,

ja, die haben wir ja dann auch gelöscht, ich war nur sehr verwirrt, weil Malwarebytes noch Funde zeigte und ich dich so verstanden hatte, dass du sie nicht gelöscht hattest, aber jetzt ist dann alles in Ordnung.

Du hast den Defender und Avira on board, entscheide dich bitte für eines :)

OK
So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber.
Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir.

Schritt 1

Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren.
Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen.

Schritt 2
Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
  • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
Falls nach Delfix noch Programme aus unserer Bereinigung vorhanden sein sollten, kannst du diese nun bedenkenlos löschen.

Updates / Programme aktualisieren
  • ShockwavePlayer
Dein Adobe Shockwave Player ist veraltet, deinstalliere alle veralteten Versionen und lade dir von hier die neueste Version herunter.

Deinstalliere bitte noch Java 7 Update 67


Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems.

Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
  • verwende für jede Anwendung und jeden Account ein anderes Passwort
  • ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist dieses sehr wichtig
  • speichere keine Passwörter auf deinem PC, gib diese nicht an dritte weiter
  • ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen, und Sonderzeichen
  • benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster
  • verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name)



Aktualität des Systems
Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
  • Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Java
Java ist eine große Sicherheitslücke auf deinem System, es werden immer wieder neue Schwachstellen entdeckt, die ausgenutzt werden um Rechner zu infizieren.
Sofern du Java nicht zwingend benötigst, solltest du es komplett deinstallieren.

Windows XP
Gehe auf:
Start --> Systemsteuerung --> Software --> Javaversionen auswählen --> entfernen
Windows Vista
Gehe auf:
Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> Javaversionen suchen --> entfernen
Windows 7
Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen
Windows 8
Dazu drücke auf:
Windowstaste und X
dann:
Programme und Funktionen -->Javaversionen auswählen --> entfernen

Falls du Java doch unbedingt benötigst, dann
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 8 Update 25 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
und sorge dafür, dass Java automatisch updated.
Dazu:
  • öffne Java
  • klicke auf den Reiter Update
  • klicke auf: Benachrichtung ausgeben: Vor dem Download setze den Haken bei Automatisch nach Updates suchen
  • klicke auf Erweitert
  • ändere das Intervall mindestens auf wöchentlich
und schalte das Browser-Plugin aus.
Hier findest du eine Anleitung dazu.

Antivirensoftware
  • Gehe sicher immer eine Antiviren Software installiert zu haben und halte diese unbedingt aktuell.

Zusätzlicher Schutz
  • MalwareBytes Anti-Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On-Demand Scantool welches viele aktuelle Malware erkennt und auch entfernt.
    Aktualisiere das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf einen Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Systemleistung
Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu die Datenträgerbereinigung von Windows.
Windows Vista
  • Klicke unten links auf das Vistasymbol
  • Gehe auf Programme -> Zubehör -> Systemprogramme -> Datenträgerbereinigung
  • Wähle nun Dateien von allen Benutzern des Computers aus und bestätige mit OK
  • Setze den Haken bei den zu löschenden Dateien zusätzlich bei Temporäre Dateien
  • Bestätige mit OK
  • Bestätige dass du die Dateien unwiderruflich löschen möchtest

Windows 7
  • Gehe auf das Windowsstartsymbol
  • Gebe im Suchfeld Datenträgerrereinigung ein
  • Setze den Haken zusätzlich bei Temporäre Dateien
  • Bestätige mit OK

Windows 8
  • Rechtsklicke in die untere linke Ecke deines Bildschirms
  • Klicke auf Suchen
  • Klicke auf Einstellungen
  • Gebe im Suchfeld Datenträgerbereinigung ein
  • Klicke in den Einstellungen auf der linken Seite nun auf Speicherplatz durch Löschen nicht erforderlicher Dateien freigeben
  • Setze den Haken zusätzlich bei Temporäre Dateien
  • Bestätige mit OK
  • Bestätige dass du die Dateien unwiderruflich löschen möchtest

Halte dich fern von jeglichen Registry Cleanern.
Diese schaden deinem System mehr als dass sie es schneller machen.

Verhaltensregeln zum sichereren Surfen
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
  • Achte besonders bei der Installation von Programmen darauf, ob sich weitere Software mitinstallieren möchte, wähle wo immer es geht die benutzerdefinierte Installation und wähle alles ab, was nichts mit dem Programm zu tun hat, welches du dir installieren möchtest.

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind.

Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun.

Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun.

donma08 27.10.2014 00:16
Zitat:
Zitat von Bootsektor (Beitrag 1376797)
Du hast den Defender und Avira on board, entscheide dich bitte für eines :)
Eigentlich hab ich nur noch den Defender drauf, Avira muss dann noch irgendwo Reste 'geparkt' haben?! Arbeite später alles ab, damit bedanke ich mich bei dir und spendiere dir auch einen Thread im Lob-&Kritik-Forum :dankeschoen::daumenhoc

Bootsektor 27.10.2014 23:45
Hallo,

das kann sein. Benutze bitte nach der Deinstallation von Avira auch den Avira Registry Cleaner und vielen Dank für dein Lob.

Alles Gute


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131