Hohe CPU Auslastung und veränderter autostart durch ccleaner-resident.exe

sunjojo · 24.01.2014, 09:26

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

() C:\{$6544-7333-3407-6452$}\winfirewall.exe
C:\{$6544-7333-3407-6452$}
() C:\Program Files\CCleaner\CCleaner-resident.exe
C:\Program Files\CCleaner
HKLM-x32\...\Run: [Windows firewall service] - C:\{$6544-7333-3407-6452$}\winfirewall.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows"
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKLM\...\Policies\Explorer: [NoStrCmpLogical] 1
HKCU\...\Run: [CCleaner Resident Cleaner Service] - C:\Program Files\CCleaner\CCleaner-resident.exe [517632 2014-01-21] ()
HKCU\...\Winlogon: [Shell] explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKCU\...\Policies\system: [NoDispAppearancePage] 0
HKCU\...\Policies\system: [NoColorChoice] 0
HKCU\...\Policies\system: [NoDispBackgroundPage] 0
HKCU\...\Policies\system: [NoDispCPL] 0
HKCU\...\Policies\system: [NoDispSettingsPage] 0
HKCU\...\Policies\system: [NoDispScrSavPage] 0
HKCU\...\Policies\system: [NoVisualStyleChoice] 0
HKCU\...\Policies\system: [NoSizeChoice] 0
HKCU\...\Policies\Explorer: [NoSMBalloonTip] 1
HKCU\...\Policies\Explorer: [NoSaveSettings] 0
HKCU\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKCU\...\Policies\Explorer: [CDRAutoRun] 0
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKCU\...\Policies\Explorer: [MemCheckBoxInRunDlg] 0
HKCU\...\Policies\Explorer: [NoAutoTrayNotify] 0
HKCU\...\Policies\Explorer: [NoResolveSearch] 1
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKCU\...\Policies\Explorer: [NoStartBanner] 0x01000000
HKCU\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKCU\...\Policies\Explorer: [NoSharedDocuments] 1
HKCU\...\Policies\Explorer: [NoThemesTab] 0
HKCU\...\CurrentVersion\Windows: [Load] C:\{$6544-7333-3407-6452$}\winfirewall.exe <===== ATTENTION
2014-01-21 12:03 - 2014-01-22 13:02 - 01624064 _____ C:\Users\Quentin\AppData\Roaming\msconfig.ini
2014-01-21 12:03 - 2014-01-21 12:02 - 00275968 __RSH C:\ProgramData\441132316.exe
Folder: C:\Users\Quentin\AppData\Roaming\skyz
Folder: C:\Users\Quentin\AppData\Local\Oxy

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Kannst du nach dem Fix wieder ins Internet gehen, bzw. lässt sich der Windows Explorer öffnen?

Poste folgende Logfiles in deiner nächsten Antwort:

FRST-Fix
FRST-Scan

mantin36 · 24.01.2014, 14:26

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2014
Ran by Quentin at 2014-01-24 14:23:17 Run:1
Running from C:\Users\Quentin\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
() C:\{$6544-7333-3407-6452$}\winfirewall.exe
C:\{$6544-7333-3407-6452$}
() C:\Program Files\CCleaner\CCleaner-resident.exe
C:\Program Files\CCleaner
HKLM-x32\...\Run: [Windows firewall service] - C:\{$6544-7333-3407-6452$}\winfirewall.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows"
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKLM\...\Policies\Explorer: [NoStrCmpLogical] 1
HKCU\...\Run: [CCleaner Resident Cleaner Service] - C:\Program Files\CCleaner\CCleaner-resident.exe [517632 2014-01-21] ()
HKCU\...\Winlogon: [Shell] explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKCU\...\Policies\system: [NoDispAppearancePage] 0
HKCU\...\Policies\system: [NoColorChoice] 0
HKCU\...\Policies\system: [NoDispBackgroundPage] 0
HKCU\...\Policies\system: [NoDispCPL] 0
HKCU\...\Policies\system: [NoDispSettingsPage] 0
HKCU\...\Policies\system: [NoDispScrSavPage] 0
HKCU\...\Policies\system: [NoVisualStyleChoice] 0
HKCU\...\Policies\system: [NoSizeChoice] 0
HKCU\...\Policies\Explorer: [NoSMBalloonTip] 1
HKCU\...\Policies\Explorer: [NoSaveSettings] 0
HKCU\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKCU\...\Policies\Explorer: [CDRAutoRun] 0
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKCU\...\Policies\Explorer: [MemCheckBoxInRunDlg] 0
HKCU\...\Policies\Explorer: [NoAutoTrayNotify] 0
HKCU\...\Policies\Explorer: [NoResolveSearch] 1
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKCU\...\Policies\Explorer: [NoStartBanner] 0x01000000
HKCU\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKCU\...\Policies\Explorer: [NoSharedDocuments] 1
HKCU\...\Policies\Explorer: [NoThemesTab] 0
HKCU\...\CurrentVersion\Windows: [Load] C:\{$6544-7333-3407-6452$}\winfirewall.exe <===== ATTENTION
2014-01-21 12:03 - 2014-01-22 13:02 - 01624064 _____ C:\Users\Quentin\AppData\Roaming\msconfig.ini
2014-01-21 12:03 - 2014-01-21 12:02 - 00275968 __RSH C:\ProgramData\441132316.exe
Folder: C:\Users\Quentin\AppData\Roaming\skyz
Folder: C:\Users\Quentin\AppData\Local\Oxy
         
*****************

[2480] C:\{$6544-7333-3407-6452$}\winfirewall.exe => Process closed successfully.
C:\{$6544-7333-3407-6452$} => Moved successfully.
C:\Program Files\CCleaner\CCleaner-resident.exe => No running process found
C:\Program Files\CCleaner => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Windows firewall service => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRemoteRecursiveEvents => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStrCmpLogical => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Resident Cleaner Service => Value not found.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoColorChoice => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispCPL => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispScrSavPage => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoVisualStyleChoice => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoSizeChoice => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMBalloonTip => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRecentDocsHistory => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\CDRAutoRun => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\MemCheckBoxInRunDlg => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoAutoTrayNotify => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartBanner => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWelcomeScreen => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRecentDocsNetHood => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktopCleanupWizard => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSharedDocuments => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoThemesTab => Value deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
C:\Users\Quentin\AppData\Roaming\msconfig.ini => Moved successfully.
C:\ProgramData\441132316.exe => Moved successfully.

========================= Folder: C:\Users\Quentin\AppData\Roaming\skyz ========================

2014-01-04 12:31 - 2014-01-04 12:31 - 0000000 ____D () C:\Users\Quentin\AppData\Roaming\skyz\mod_prerequisites
2014-01-04 12:32 - 2014-01-04 12:37 - 0000000 ____D () C:\Users\Quentin\AppData\Roaming\skyz\mod_temp
2014-01-04 12:32 - 2014-01-04 12:32 - 3025484 _____ () C:\Users\Quentin\AppData\Roaming\skyz\mod_temp\Dalek_Mod1.6.4.zip
2014-01-04 12:37 - 2014-01-04 12:37 - 0000014 _____ () C:\Users\Quentin\AppData\Roaming\skyz\mod_temp\Dalek_Mod1.6.4.zip.txt
2014-01-04 12:31 - 2014-01-04 12:32 - 20919340 _____ () C:\Users\Quentin\AppData\Roaming\skyz\mod_prerequisites\Forge9.11.1.938.zip

====== End of Folder: ======


========================= Folder: C:\Users\Quentin\AppData\Local\Oxy ========================

2014-01-02 12:23 - 2014-01-02 13:03 - 0000000 ____D () C:\Users\Quentin\AppData\Local\Oxy\Application
2014-01-02 12:23 - 2014-01-02 13:03 - 0000000 ____D () C:\Users\Quentin\AppData\Local\Oxy\Application\bin
2014-01-02 12:23 - 2012-10-19 04:40 - 2858355 _____ (Red Hat) C:\Users\Quentin\AppData\Local\Oxy\Application\bin\cygwin1.dll
2014-01-02 12:23 - 2013-04-14 22:50 - 3589646 _____ () C:\Users\Quentin\AppData\Local\Oxy\Application\bin\oxy-downloader.exe

====== End of Folder: ======


==== End of Fixlog ====

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014
Ran by Quentin (administrator) on QUENTIN-PC on 24-01-2014 14:24:25
Running from C:\Users\Quentin\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
() C:\Program Files (x86)\ROCCAT\Power-Grid\ROCCATPowerGrid.exe
(Perixx) C:\Program Files (x86)\MX-3200 Mouse\DriverAP4.exe
() C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe [1444304 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [G Data ASM] - C:\Program Files (x86)\G Data\AntiVirus\DelayLoader\AutorunDelayLoader.exe [472016 2013-02-25] (G Data Software AG)
HKLM-x32\...\Run: [Mouse] - C:\Program Files (x86)\MX-3200 Mouse\DriverST.exe [184393 2012-08-21] ()
HKLM-x32\...\Run: [Ai Nap] - C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe [1435136 2009-07-01] ()
HKLM-x32\...\Run: [QFan Help] - C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe [601088 2009-07-01] ()
HKLM-x32\...\Run: [Cpu Level Up help] - C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [881152 2007-11-30] ()
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKCU\...\Run: [NVIDIA nTune] - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe [145408 2008-08-18] (NVIDIA)
HKCU\...\Run: [RoccatPowerGrid] - C:\Program Files (x86)\ROCCAT\Power-Grid\ROCCATPowerGrid.exe [4957184 2013-10-21] ()
MountPoints2: {052bf0ad-75f2-11e3-a8ff-806e6f6e6963} - E:\RunGame.exe
IFEO\AutorunDelayLoader.exe: [Debugger] nsjw.exe
IFEO\avcenter.exe: [Debugger] nsjw.exe
IFEO\avguard.exe: [Debugger] nsjw.exe
IFEO\AVKService.exe: [Debugger] nsjw.exe
IFEO\AVKTray.exe: [Debugger] nsjw.exe
IFEO\AVKWCtlX64.exe: [Debugger] nsjw.exe
IFEO\avp.exe: [Debugger] nsjw.exe
IFEO\bdagent.exe: [Debugger] nsjw.exe
IFEO\ccuac.exe: [Debugger] nsjw.exe
IFEO\ComboFix.exe: [Debugger] nsjw.exe
IFEO\egui.exe: [Debugger] nsjw.exe
IFEO\GDSC.exe: [Debugger] nsjw.exe
IFEO\hijackthis.exe: [Debugger] nsjw.exe
IFEO\keyscrambler.exe: [Debugger] nsjw.exe
IFEO\mbam.exe: [Debugger] nsjw.exe
IFEO\MpCmdRun.exe: [Debugger] nsjw.exe
IFEO\MSASCui.exe: [Debugger] nsjw.exe
IFEO\MsMpEng.exe: [Debugger] nsjw.exe
IFEO\msseces.exe: [Debugger] nsjw.exe
IFEO\spybotsd.exe: [Debugger] nsjw.exe
IFEO\wireshark.exe: [Debugger] nsjw.exe
IFEO\zlclient.exe: [Debugger] nsjw.exe
Startup: C:\Users\Quentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\Quentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files\Logitech Gaming Software\EReg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Quentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Firewall.url ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x66BF934231B2CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: No Name - {278DFA8A-A302-AC8D-ACF9-617A7FEE6E61} -  No File
BHO: No Name - {38E67B61-AC26-54F4-CC77-D7F39F3D9244} -  No File
BHO: No Name - {63D86354-5F99-71D3-393A-AF2F8EB3FC9A} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {FA75D39B-21CD-D2D8-1B72-D3EC43CAEC55} -  No File
BHO-x32: No Name - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} -  No File
Toolbar: HKLM - QT Management toolbar - {d2bf470e-ed1c-487f-a300-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QT Button Bar - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QT Versatile Bar - {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - QT Management toolbar - {d2bf470e-ed1c-487f-a300-2bd8835eb6ce} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - QT Button Bar - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - QT Versatile Bar - {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
ShellExecuteHooks: QTTabBarLib.ExplorerProcessCaptor - {D2BF470E-ED1C-487F-AAAA-2BD8835EB6CE} - C:\Windows\System32\mscoree.dll [444752 2010-11-05] (Microsoft Corporation)
ShellExecuteHooks-x32: QTTabBarLib.ExplorerProcessCaptor - {D2BF470E-ED1C-487F-AAAA-2BD8835EB6CE} - C:\Windows\SysWOW64\mscoree.dll [297808 2010-11-05] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 19 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9-x64 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 19 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{34F270A1-1448-489D-A0D7-D63CC79D9A6C}: [NameServer]192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Quentin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ln7rgd.default
FF user.js: detected! => C:\Users\Quentin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ln7rgd.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Play4Free - C:\Users\Quentin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ln7rgd.default\Extensions\battlefieldplay4free@ea.com [2013-10-19]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Quentin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ln7rgd.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2013-12-07]
FF Extension: YouTube Center - C:\Users\Quentin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ln7rgd.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2013-09-21]

==================== Services (Whitelisted) =================

S4 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137096 2013-02-06] ()
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1956304 2013-03-04] (G Data Software AG)
S2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [635344 2013-02-25] (G Data Software AG)
S2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2249944 2013-02-25] (G Data Software AG)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-09-19] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-09-19] (BlueStack Systems, Inc.)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-05-29] ()
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [696808 2013-02-25] (G Data Software AG)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-05-29] ()
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [222208 2008-08-18] (NVIDIA)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-19] ()
R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [158208 2008-08-01] (NVIDIA)

==================== Drivers (Whitelisted) ====================

S3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC64.SYS [3491616 2009-06-18] (Realtek Semiconductor Corp.)
R2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [57952 2013-02-06] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-09-19] (BlueStack Systems)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2013-09-22] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [133976 2013-09-22] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [62808 2013-09-22] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2013-09-22] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [107128 2013-12-01] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [64856 2013-09-22] (G Data Software AG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 NVR0Dev; C:\Windows\nvoclk64.sys [40480 2008-08-18] (NVidia Corp.)
R2 NVR0FLASHDev; C:\Windows\nvflsh64.sys [40480 2008-08-01] (NVidia Corp.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
R0 SI3114r; C:\Windows\System32\DRIVERS\SI3114R.sys [133672 2007-10-04] (Silicon Image, Inc)
R0 Si3114r5; C:\Windows\System32\DRIVERS\Si3114r5.sys [327720 2008-04-29] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-04] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [16936 2008-04-29] (Silicon Image, Inc.)
U3 Alerter; 
U4 cisvc; 
U4 ClipSrv; 
U4 ERSvc; 
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [x]
U3 FastUserSwitchingCompatibility; 
U3 helpsvc; 
U3 ImapiService; 
U4 MDM; 
U4 Messenger; 
U4 mnmsrvc; 
U4 NetDDE; 
U4 NetDDEdsdm; 
U3 NtLmSsp; 
U3 NtmsSvc; 
U4 RDSessMgr; 
U4 RSVP; 
U3 SCardDrv; 
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
U4 SysmonLog; 
U4 TlntSvr; 
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
U4 uploadmgr; 
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U4 WmdmPmSp; 
U3 Wmi; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-24 14:22 - 2014-01-24 14:22 - 00000000 ____D C:\Users\Quentin\Desktop\FRST-OlderVersion
2014-01-22 18:01 - 2014-01-22 18:01 - 00550371 _____ C:\Users\Quentin\Desktop\Autoruns_11.70.zip
2014-01-22 13:03 - 2014-01-22 16:43 - 00033277 _____ C:\Users\Quentin\Desktop\Addition.txt
2014-01-22 13:00 - 2014-01-24 14:24 - 00016948 _____ C:\Users\Quentin\Desktop\FRST.txt
2014-01-22 13:00 - 2014-01-24 14:22 - 00000000 ____D C:\FRST
2014-01-22 12:59 - 2014-01-24 14:22 - 02077696 _____ (Farbar) C:\Users\Quentin\Desktop\FRST64.exe
2014-01-21 14:33 - 2014-01-21 14:33 - 00000000 ____D C:\Users\Quentin\AppData\Local\G DATA
2014-01-21 11:15 - 2014-01-21 11:15 - 00001358 _____ C:\Users\Quentin\Desktop\Steam.lnk
2014-01-21 10:54 - 2014-01-21 11:03 - 00001245 _____ C:\Users\Public\Desktop\Cracked Steam.lnk
2014-01-21 10:54 - 2014-01-21 11:03 - 00001119 _____ C:\Users\Public\Desktop\Original Steam client.lnk
2014-01-21 10:54 - 2014-01-21 11:03 - 00001055 _____ C:\Users\Public\Desktop\DarkSteam.lnk
2014-01-20 17:34 - 2014-01-20 17:34 - 00017870 _____ C:\Users\Quentin\Documents\cc_20140120_173439.reg
2014-01-20 16:59 - 2014-01-20 17:22 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-01-19 10:47 - 2009-05-19 09:19 - 00339360 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvmf6264.sys
2014-01-19 10:47 - 2009-05-19 08:52 - 00899584 _____ (NVIDIA Corporation) C:\Windows\system32\fdco1.dll
2014-01-19 10:47 - 2009-05-19 02:56 - 00160768 _____ (NVIDIA Corporation) C:\Windows\system32\nvconrm.dll
2014-01-19 10:24 - 2009-07-09 11:38 - 00000000 ____D C:\Windows\AsusInstAll
2014-01-19 10:19 - 2014-01-19 10:21 - 00000086 _____ C:\Windows\nvidia.log
2014-01-19 10:18 - 2014-01-19 10:44 - 00024346 _____ C:\Windows\Ascd_tmp.ini
2014-01-19 10:18 - 2014-01-19 10:25 - 00029141 _____ C:\Windows\Ascd_log.ini
2014-01-18 16:59 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-18 16:59 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-18 16:59 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-18 16:59 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-18 16:59 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-18 16:59 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-18 16:59 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-18 16:59 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-18 16:59 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-17 16:43 - 2014-01-17 16:43 - 00000222 _____ C:\Users\Quentin\Desktop\Saints Row IV.url
2014-01-16 21:01 - 2014-01-16 21:01 - 00000000 ____D C:\Users\Quentin\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2014-01-16 20:58 - 2014-01-16 20:58 - 00000971 _____ C:\Users\UpdatusUser\Desktop\OCCT.lnk
2014-01-16 20:58 - 2014-01-16 20:58 - 00000971 _____ C:\Users\Quentin\Desktop\OCCT.lnk
2014-01-16 20:58 - 2014-01-16 20:58 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OCCT
2014-01-16 20:58 - 2014-01-16 20:58 - 00000000 ____D C:\Program Files (x86)\OCCTPT
2014-01-12 19:29 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-01-12 19:29 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-01-12 19:29 - 2013-12-19 21:33 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-01-12 19:29 - 2013-11-28 14:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-01-12 19:29 - 2013-11-28 14:38 - 00074016 _____ (NVIDIA Corporation) C:\Windows\system32\nvapo64v.dll
2014-01-12 19:29 - 2013-11-28 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-01-11 19:17 - 2014-01-11 19:18 - 00000883 _____ C:\Users\Quentin\Desktop\ApG.2.6.0.2.exe.lnk
2014-01-11 19:01 - 2014-01-11 19:17 - 00000630 _____ C:\Windows\SysWOW64\ApG.ini
2014-01-11 19:01 - 2014-01-11 19:01 - 00000000 ____D C:\Windows\SysWOW64\ApGPackages
2014-01-11 13:03 - 2014-01-11 13:03 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\Wargaming.net
2014-01-10 18:45 - 2014-01-20 17:38 - 00000945 _____ C:\Users\Public\Desktop\CPUID ROG CPU-Z.lnk
2014-01-10 14:23 - 2014-01-10 14:23 - 00000777 _____ C:\Users\Public\Desktop\World of Tanks.lnk
2014-01-10 14:23 - 2014-01-10 14:23 - 00000000 ____D C:\Games
2014-01-07 16:07 - 2014-01-07 16:07 - 00000220 _____ C:\Users\Quentin\Desktop\Garry's Mod.url
2014-01-05 16:01 - 2014-01-05 16:01 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\openvr
2014-01-05 13:02 - 2008-01-04 13:34 - 00011832 _____ C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys
2014-01-05 13:02 - 2008-01-04 13:34 - 00010216 _____ C:\Windows\SysWOW64\Drivers\AsInsHelp32.sys
2014-01-05 12:59 - 2014-01-19 10:46 - 00169884 _____ C:\Windows\ydi.log
2014-01-05 12:59 - 2014-01-19 10:46 - 00000413 ____R C:\Windows\YukonInstall.log
2014-01-05 12:59 - 2014-01-19 10:44 - 00000000 ____D C:\Program Files (x86)\Marvell
2014-01-05 12:49 - 2014-01-05 12:49 - 00000000 ____D C:\Program Files (x86)\Creative
2014-01-05 12:49 - 2008-09-17 15:11 - 01828352 ____N (Creative) C:\Windows\system32\adi_oal.dll
2014-01-05 12:49 - 2008-09-17 15:07 - 01503232 ____N (Creative) C:\Windows\SysWOW64\adi_oal.dll
2014-01-05 12:48 - 2014-01-19 10:46 - 00000000 ____D C:\ProgramData\SonicFocus
2014-01-05 12:48 - 2009-04-22 09:53 - 00062464 _____ (Sonic Focus, Inc.) C:\Windows\SysWOW64\SFFXComm.dll
2014-01-05 12:47 - 2014-01-19 10:46 - 00015877 _____ C:\Windows\SMinstall.log
2014-01-05 12:47 - 2014-01-19 10:46 - 00000000 ____D C:\Program Files (x86)\Analog Devices
2014-01-05 12:47 - 2014-01-05 12:47 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\InstallShield
2014-01-05 12:45 - 2014-01-05 12:45 - 00000000 ____D C:\Windows\Downloaded Installations
2014-01-05 12:45 - 2009-05-19 08:52 - 00702976 ____R C:\Windows\system32\cohelper.dll
2014-01-05 12:45 - 2009-05-17 18:13 - 00005940 ____R C:\Windows\system32\Drivers\nvphy.bin
2014-01-05 12:38 - 2014-01-05 12:38 - 00001769 _____ C:\Windows\Language_trs.ini
2014-01-05 12:37 - 2009-06-05 17:42 - 00174592 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFProc64.dll
2014-01-05 12:37 - 2009-06-05 17:42 - 00078848 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFSAPO64.dll
2014-01-05 12:37 - 2009-06-05 17:42 - 00041472 _____ (Analog Devices, Inc.) C:\Windows\system32\SmaxCo.dll
2014-01-05 12:36 - 2009-06-05 17:42 - 00475136 _____ (Analog Devices, Inc.) C:\Windows\system32\Drivers\ADIHdAud.sys
2014-01-05 12:36 - 2009-06-05 17:42 - 00428544 _____ (Andrea Electronics Corporation) C:\Windows\system32\AEADIExt.dll
2014-01-05 12:36 - 2009-06-05 17:42 - 00163840 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFCTPL64.dll
2014-01-05 12:36 - 2009-06-05 17:42 - 00161280 _____ (Andrea Electronics Corporation) C:\Windows\system32\AEADIAPO.dll
2014-01-05 12:36 - 2009-06-05 17:42 - 00122880 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFFXCPStr.dll
2014-01-05 12:36 - 2009-06-05 17:42 - 00111616 _____ (Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
2014-01-05 12:36 - 2009-06-05 17:42 - 00078336 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFHAPO64.dll
2014-01-05 12:36 - 2009-06-05 17:42 - 00078336 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFDAPO64.dll
2014-01-05 12:36 - 2009-06-05 17:42 - 00069120 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFComm64.dll
2014-01-05 12:36 - 2009-06-05 17:42 - 00059392 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFMAPO64.dll
2014-01-05 12:36 - 2009-06-05 17:42 - 00056320 _____ (Andrea Electronics Corporation) C:\Windows\system32\AEADIAPR.dll
2014-01-05 12:36 - 2009-06-02 16:04 - 00028704 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvsmu.sys
2014-01-05 12:36 - 2009-06-01 14:54 - 00162304 _____ (NVIDIA Corporation) C:\Windows\system32\NVCOSMU.DLL
2014-01-05 12:36 - 2009-05-19 09:56 - 00507424 _____ (NVIDIA Corporation) C:\Windows\system32\nvunrm.exe
2014-01-05 12:34 - 2009-04-26 09:32 - 00506400 _____ (NVIDIA Corporation) C:\Windows\system32\nvuhda6.exe
2014-01-05 12:34 - 2009-04-26 09:32 - 00159232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcohda6.dll
2014-01-05 12:34 - 2009-04-26 09:29 - 00001407 _____ C:\Windows\system32\nvhda.nvu
2014-01-05 12:32 - 2009-05-14 09:26 - 00015416 _____ () C:\Windows\system32\Drivers\ASACPI.sys
2014-01-05 11:25 - 2014-01-05 11:25 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2014-01-04 12:31 - 2014-01-04 12:32 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\skyz
2014-01-04 12:27 - 2014-01-04 12:27 - 00000000 ____D C:\Minecraft_Backup
2014-01-04 11:21 - 2014-01-04 11:33 - 04954020 _____ C:\Users\Quentin\Desktop\forge.zip
2014-01-03 19:27 - 2014-01-03 19:27 - 00000608 _____ C:\Users\Quentin\Desktop\QTTabBarException.log
2014-01-03 19:25 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-01-03 19:25 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-01-03 19:25 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-01-03 19:25 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-01-03 19:22 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-03 19:22 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-03 19:22 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-03 19:22 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-03 19:22 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-03 19:22 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-03 19:22 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-03 19:22 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-03 19:22 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-03 19:22 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-03 19:22 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-03 19:22 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-03 19:21 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-03 19:21 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-03 19:21 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-03 19:21 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-03 19:21 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-03 19:21 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-03 19:21 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-03 19:21 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-03 19:21 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-03 19:21 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-03 19:21 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-03 19:21 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-03 19:21 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-03 19:21 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-03 19:21 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-03 19:21 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-03 19:21 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-03 19:21 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-03 19:21 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-03 19:09 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-01-03 19:09 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-01-03 15:08 - 2014-01-03 15:08 - 00000000 ____D C:\Users\Quentin\Documents\My Cheat Tables
2014-01-03 15:07 - 2014-01-03 15:08 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3
2014-01-03 13:08 - 2014-01-03 13:08 - 00001925 _____ C:\Users\UpdatusUser\Desktop\HeadStrong WebClicker.lnk
2014-01-03 13:08 - 2014-01-03 13:08 - 00000000 ____D C:\Program Files (x86)\WebClicker
2014-01-03 07:42 - 2014-01-03 07:42 - 00001642 _____ C:\Windows\PWCMDLST.BAK
2014-01-03 07:36 - 2014-01-03 07:36 - 00001287 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2014-01-03 07:36 - 2014-01-03 07:36 - 00000000 ____D C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1
2014-01-03 07:36 - 2013-09-30 16:26 - 03050808 _____ C:\Windows\system32\pwNative.exe
2014-01-03 07:36 - 2013-09-30 16:26 - 00019152 ____N C:\Windows\system32\pwdrvio.sys
2014-01-03 07:36 - 2013-09-30 16:26 - 00012504 ____N C:\Windows\system32\pwdspio.sys
2014-01-02 13:11 - 2014-01-21 11:32 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\uTorrent
2014-01-02 13:11 - 2014-01-02 13:11 - 00000855 _____ C:\Users\Quentin\Desktop\µTorrent.lnk
2014-01-02 13:11 - 2014-01-02 13:11 - 00000835 _____ C:\Users\Quentin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-02 12:24 - 2014-01-02 12:24 - 00000412 _____ C:\Windows\Tasks\RunAsStdUser Task.job
2014-01-02 12:23 - 2014-01-02 13:03 - 00000000 ____D C:\Users\Quentin\AppData\Local\Oxy
2014-01-02 12:23 - 2014-01-02 12:23 - 00000000 ____D C:\Users\Quentin\AppData\Local\Chromium
2014-01-02 12:21 - 2014-01-02 14:47 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\Oxy
2014-01-02 10:10 - 2014-01-21 10:38 - 00000000 ____D C:\Program Files (x86)\Media Player Classic - Home Cinema
2014-01-01 16:33 - 2014-01-17 14:14 - 00000000 ____D C:\Users\Quentin\AppData\Local\Adobe
2014-01-01 15:11 - 2014-01-01 15:12 - 00022448 _____ C:\Users\Quentin\Documents\cc_20140101_151147.reg
2013-12-31 16:30 - 2013-12-31 16:30 - 00000286 ____H C:\Windows\Tasks\User_Feed_Synchronization-{330838EC-A762-4E50-8E29-A9759B9273CA}.job
2013-12-31 15:55 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-31 15:55 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-31 15:55 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-31 15:55 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-31 15:55 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-31 15:55 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-31 15:55 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-31 15:55 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-31 15:55 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-31 15:55 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-31 15:55 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-31 15:55 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-31 15:55 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-31 15:55 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-31 15:55 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-31 15:55 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-31 14:04 - 2013-12-31 14:09 - 00000000 ____D C:\Samsung
2013-12-31 13:51 - 2013-12-31 15:50 - 00000000 ____D C:\Program Files (x86)\MX-3200 Mouse
2013-12-31 13:51 - 2013-12-31 13:51 - 00000000 ____D C:\Windows\SysWOW64\GER
2013-12-31 13:38 - 2013-12-31 13:38 - 00000000 ____D C:\Users\Quentin\AppData\Local\Logitech
2013-12-31 13:38 - 2013-12-31 13:38 - 00000000 ____D C:\ProgramData\LogiShrd
2013-12-31 13:37 - 2013-12-31 13:38 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-12-31 13:36 - 2013-12-31 13:36 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\Logitech
2013-12-31 13:36 - 2013-12-31 13:36 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\Logishrd
2013-12-29 19:38 - 2013-12-29 19:38 - 00000000 ____D C:\Users\Quentin\Desktop\Walkman
2013-12-28 22:26 - 2014-01-03 15:28 - 00000000 ____D C:\Users\Quentin\Desktop\hcl
2013-12-28 22:18 - 2013-12-31 08:27 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\ObviousIdea
2013-12-28 22:18 - 2013-12-28 22:18 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\EurekaLog
2013-12-28 22:17 - 2013-12-28 22:17 - 00001208 _____ C:\Users\Quentin\Desktop\Light Image Resizer 4.lnk
2013-12-28 22:17 - 2013-12-28 22:17 - 00000000 ____D C:\Program Files (x86)\ObviousIdea
2013-12-28 08:05 - 2013-12-28 08:09 - 00000000 ____D C:\Users\Quentin\Desktop\Neuer Ordner
2013-12-27 19:09 - 2013-02-10 02:18 - 00000000 ____D C:\Users\Quentin\Desktop\omegavesko-SimpleADBBackup-0790701
2013-12-27 08:57 - 2013-12-27 09:41 - 00000000 ____D C:\Users\Quentin\Desktop\Honeycomb

==================== One Month Modified Files and Folders =======

2014-01-24 14:24 - 2014-01-22 13:00 - 00016948 _____ C:\Users\Quentin\Desktop\FRST.txt
2014-01-24 14:22 - 2014-01-24 14:22 - 00000000 ____D C:\Users\Quentin\Desktop\FRST-OlderVersion
2014-01-24 14:22 - 2014-01-22 13:00 - 00000000 ____D C:\FRST
2014-01-24 14:22 - 2014-01-22 12:59 - 02077696 _____ (Farbar) C:\Users\Quentin\Desktop\FRST64.exe
2014-01-24 14:21 - 2013-09-07 21:08 - 00000000 ___RD C:\Users\Quentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-24 14:20 - 2009-07-14 05:51 - 00088870 _____ C:\Windows\setupact.log
2014-01-24 14:19 - 2013-09-08 14:34 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-22 18:24 - 2009-07-14 05:45 - 00019216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-22 18:24 - 2009-07-14 05:45 - 00019216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-22 18:16 - 2013-09-08 14:49 - 00305222 _____ C:\Windows\PFRO.log
2014-01-22 18:15 - 2013-09-07 21:03 - 01721000 _____ C:\Windows\WindowsUpdate.log
2014-01-22 18:01 - 2014-01-22 18:01 - 00550371 _____ C:\Users\Quentin\Desktop\Autoruns_11.70.zip
2014-01-22 16:43 - 2014-01-22 13:03 - 00033277 _____ C:\Users\Quentin\Desktop\Addition.txt
2014-01-22 14:36 - 2013-11-17 08:35 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\Notepad++
2014-01-21 14:33 - 2014-01-21 14:33 - 00000000 ____D C:\Users\Quentin\AppData\Local\G DATA
2014-01-21 12:32 - 2013-09-08 16:11 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-21 11:32 - 2014-01-02 13:11 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\uTorrent
2014-01-21 11:15 - 2014-01-21 11:15 - 00001358 _____ C:\Users\Quentin\Desktop\Steam.lnk
2014-01-21 11:03 - 2014-01-21 10:54 - 00001245 _____ C:\Users\Public\Desktop\Cracked Steam.lnk
2014-01-21 11:03 - 2014-01-21 10:54 - 00001119 _____ C:\Users\Public\Desktop\Original Steam client.lnk
2014-01-21 11:03 - 2014-01-21 10:54 - 00001055 _____ C:\Users\Public\Desktop\DarkSteam.lnk
2014-01-21 10:38 - 2014-01-02 10:10 - 00000000 ____D C:\Program Files (x86)\Media Player Classic - Home Cinema
2014-01-20 17:38 - 2014-01-10 18:45 - 00000945 _____ C:\Users\Public\Desktop\CPUID ROG CPU-Z.lnk
2014-01-20 17:38 - 2013-12-05 19:07 - 00000896 _____ C:\Users\Public\Desktop\FileViewPro.lnk
2014-01-20 17:37 - 2013-09-08 18:59 - 00000000 ____D C:\Users\Quentin\Documents\SimCity 4
2014-01-20 17:34 - 2014-01-20 17:34 - 00017870 _____ C:\Users\Quentin\Documents\cc_20140120_173439.reg
2014-01-20 17:22 - 2014-01-20 16:59 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-01-19 11:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-19 10:49 - 2013-09-09 20:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-19 10:49 - 2013-09-08 14:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2014-01-19 10:46 - 2014-01-05 12:59 - 00169884 _____ C:\Windows\ydi.log
2014-01-19 10:46 - 2014-01-05 12:59 - 00000413 ____R C:\Windows\YukonInstall.log
2014-01-19 10:46 - 2014-01-05 12:48 - 00000000 ____D C:\ProgramData\SonicFocus
2014-01-19 10:46 - 2014-01-05 12:47 - 00015877 _____ C:\Windows\SMinstall.log
2014-01-19 10:46 - 2014-01-05 12:47 - 00000000 ____D C:\Program Files (x86)\Analog Devices
2014-01-19 10:44 - 2014-01-19 10:18 - 00024346 _____ C:\Windows\Ascd_tmp.ini
2014-01-19 10:44 - 2014-01-05 12:59 - 00000000 ____D C:\Program Files (x86)\Marvell
2014-01-19 10:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Registration
2014-01-19 10:25 - 2014-01-19 10:18 - 00029141 _____ C:\Windows\Ascd_log.ini
2014-01-19 10:21 - 2014-01-19 10:19 - 00000086 _____ C:\Windows\nvidia.log
2014-01-19 10:12 - 2009-07-14 05:45 - 00277280 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-19 08:35 - 2013-09-09 17:22 - 00000000 ____D C:\Windows\system32\MRT
2014-01-19 08:33 - 2013-09-09 17:22 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-17 16:43 - 2014-01-17 16:43 - 00000222 _____ C:\Users\Quentin\Desktop\Saints Row IV.url
2014-01-17 16:43 - 2013-09-08 16:19 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-17 14:14 - 2014-01-01 16:33 - 00000000 ____D C:\Users\Quentin\AppData\Local\Adobe
2014-01-17 14:14 - 2013-09-08 15:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-17 14:14 - 2013-09-08 15:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-17 14:14 - 2013-09-08 15:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-16 21:01 - 2014-01-16 21:01 - 00000000 ____D C:\Users\Quentin\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2014-01-16 20:58 - 2014-01-16 20:58 - 00000971 _____ C:\Users\UpdatusUser\Desktop\OCCT.lnk
2014-01-16 20:58 - 2014-01-16 20:58 - 00000971 _____ C:\Users\Quentin\Desktop\OCCT.lnk
2014-01-16 20:58 - 2014-01-16 20:58 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OCCT
2014-01-16 20:58 - 2014-01-16 20:58 - 00000000 ____D C:\Program Files (x86)\OCCTPT
2014-01-16 20:58 - 2013-09-14 08:48 - 00000000 ___HD C:\Windows\msdownld.tmp
2014-01-16 20:58 - 2013-09-14 08:48 - 00000000 ____D C:\Windows\SysWOW64\directx
2014-01-12 20:53 - 2013-10-26 12:40 - 00000000 ____D C:\Users\Quentin\AppData\Local\NVIDIA Corporation
2014-01-12 19:39 - 2013-09-08 14:31 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2014-01-12 19:39 - 2013-09-08 14:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2014-01-12 12:54 - 2013-09-13 17:02 - 00183112 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-12 12:52 - 2013-10-18 15:13 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\.minecraft
2014-01-11 19:18 - 2014-01-11 19:17 - 00000883 _____ C:\Users\Quentin\Desktop\ApG.2.6.0.2.exe.lnk
2014-01-11 19:17 - 2014-01-11 19:01 - 00000630 _____ C:\Windows\SysWOW64\ApG.ini
2014-01-11 19:01 - 2014-01-11 19:01 - 00000000 ____D C:\Windows\SysWOW64\ApGPackages
2014-01-11 13:03 - 2014-01-11 13:03 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\Wargaming.net
2014-01-10 18:45 - 2013-09-15 14:44 - 00000000 ____D C:\Program Files\CPUID
2014-01-10 14:23 - 2014-01-10 14:23 - 00000777 _____ C:\Users\Public\Desktop\World of Tanks.lnk
2014-01-10 14:23 - 2014-01-10 14:23 - 00000000 ____D C:\Games
2014-01-07 16:07 - 2014-01-07 16:07 - 00000220 _____ C:\Users\Quentin\Desktop\Garry's Mod.url
2014-01-06 10:12 - 2013-09-13 17:02 - 00183112 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-05 16:01 - 2014-01-05 16:01 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\openvr
2014-01-05 13:02 - 2013-10-18 14:43 - 00021048 _____ (AsusTek Computer Inc.) C:\Windows\BS_DEF.sys
2014-01-05 13:02 - 2013-10-13 08:41 - 00000000 ____D C:\Program Files (x86)\ASUS
2014-01-05 13:01 - 2013-09-08 06:58 - 00696620 _____ C:\Windows\system32\perfh007.dat
2014-01-05 13:01 - 2013-09-08 06:58 - 00147916 _____ C:\Windows\system32\perfc007.dat
2014-01-05 13:01 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-05 12:49 - 2014-01-05 12:49 - 00000000 ____D C:\Program Files (x86)\Creative
2014-01-05 12:47 - 2014-01-05 12:47 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\InstallShield
2014-01-05 12:45 - 2014-01-05 12:45 - 00000000 ____D C:\Windows\Downloaded Installations
2014-01-05 12:38 - 2014-01-05 12:38 - 00001769 _____ C:\Windows\Language_trs.ini
2014-01-05 11:25 - 2014-01-05 11:25 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2014-01-04 22:28 - 2013-09-18 19:21 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-04 20:25 - 2013-10-05 18:35 - 00002006 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-01-04 12:32 - 2014-01-04 12:31 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\skyz
2014-01-04 12:27 - 2014-01-04 12:27 - 00000000 ____D C:\Minecraft_Backup
2014-01-04 11:33 - 2014-01-04 11:21 - 04954020 _____ C:\Users\Quentin\Desktop\forge.zip
2014-01-04 08:42 - 2013-10-20 07:30 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\MyPhoneExplorer
2014-01-03 19:27 - 2014-01-03 19:27 - 00000608 _____ C:\Users\Quentin\Desktop\QTTabBarException.log
2014-01-03 19:27 - 2013-09-13 15:31 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\vlc
2014-01-03 15:28 - 2013-12-28 22:26 - 00000000 ____D C:\Users\Quentin\Desktop\hcl
2014-01-03 15:08 - 2014-01-03 15:08 - 00000000 ____D C:\Users\Quentin\Documents\My Cheat Tables
2014-01-03 15:08 - 2014-01-03 15:07 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3
2014-01-03 13:08 - 2014-01-03 13:08 - 00001925 _____ C:\Users\UpdatusUser\Desktop\HeadStrong WebClicker.lnk
2014-01-03 13:08 - 2014-01-03 13:08 - 00000000 ____D C:\Program Files (x86)\WebClicker
2014-01-03 07:42 - 2014-01-03 07:42 - 00001642 _____ C:\Windows\PWCMDLST.BAK
2014-01-03 07:36 - 2014-01-03 07:36 - 00001287 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2014-01-03 07:36 - 2014-01-03 07:36 - 00000000 ____D C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1
2014-01-02 14:47 - 2014-01-02 12:21 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\Oxy
2014-01-02 14:37 - 2013-09-09 19:45 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-02 13:11 - 2014-01-02 13:11 - 00000855 _____ C:\Users\Quentin\Desktop\µTorrent.lnk
2014-01-02 13:11 - 2014-01-02 13:11 - 00000835 _____ C:\Users\Quentin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-02 13:03 - 2014-01-02 12:23 - 00000000 ____D C:\Users\Quentin\AppData\Local\Oxy
2014-01-02 13:03 - 2013-09-07 21:07 - 00000000 ____D C:\Users\Quentin
2014-01-02 12:24 - 2014-01-02 12:24 - 00000412 _____ C:\Windows\Tasks\RunAsStdUser Task.job
2014-01-02 12:23 - 2014-01-02 12:23 - 00000000 ____D C:\Users\Quentin\AppData\Local\Chromium
2014-01-01 15:12 - 2014-01-01 15:11 - 00022448 _____ C:\Users\Quentin\Documents\cc_20140101_151147.reg
2014-01-01 15:10 - 2013-09-22 12:09 - 00000000 ____D C:\Program Files (x86)\Wise
2014-01-01 08:08 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-31 16:30 - 2013-12-31 16:30 - 00000286 ____H C:\Windows\Tasks\User_Feed_Synchronization-{330838EC-A762-4E50-8E29-A9759B9273CA}.job
2013-12-31 15:50 - 2013-12-31 13:51 - 00000000 ____D C:\Program Files (x86)\MX-3200 Mouse
2013-12-31 14:09 - 2013-12-31 14:04 - 00000000 ____D C:\Samsung
2013-12-31 13:51 - 2013-12-31 13:51 - 00000000 ____D C:\Windows\SysWOW64\GER
2013-12-31 13:38 - 2013-12-31 13:38 - 00000000 ____D C:\Users\Quentin\AppData\Local\Logitech
2013-12-31 13:38 - 2013-12-31 13:38 - 00000000 ____D C:\ProgramData\LogiShrd
2013-12-31 13:38 - 2013-12-31 13:37 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-12-31 13:36 - 2013-12-31 13:36 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\Logitech
2013-12-31 13:36 - 2013-12-31 13:36 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\Logishrd
2013-12-31 08:27 - 2013-12-28 22:18 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\ObviousIdea
2013-12-29 19:38 - 2013-12-29 19:38 - 00000000 ____D C:\Users\Quentin\Desktop\Walkman
2013-12-28 22:18 - 2013-12-28 22:18 - 00000000 ____D C:\Users\Quentin\AppData\Roaming\EurekaLog
2013-12-28 22:17 - 2013-12-28 22:17 - 00001208 _____ C:\Users\Quentin\Desktop\Light Image Resizer 4.lnk
2013-12-28 22:17 - 2013-12-28 22:17 - 00000000 ____D C:\Program Files (x86)\ObviousIdea
2013-12-28 08:09 - 2013-12-28 08:05 - 00000000 ____D C:\Users\Quentin\Desktop\Neuer Ordner
2013-12-27 12:34 - 2013-11-25 21:03 - 00000000 ____D C:\ProgramData\SearchNewTab
2013-12-27 12:34 - 2013-11-25 21:02 - 00000000 ____D C:\ProgramData\YoutubeAdblocker
2013-12-27 09:41 - 2013-12-27 08:57 - 00000000 ____D C:\Users\Quentin\Desktop\Honeycomb

Some content of TEMP:
====================
C:\Users\Quentin\AppData\Local\Temp\6_Offer_16.exe
C:\Users\Quentin\AppData\Local\Temp\AutoRun.exe
C:\Users\Quentin\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Quentin\AppData\Local\Temp\avguidx.dll
C:\Users\Quentin\AppData\Local\Temp\bh2ef1x5.dll
C:\Users\Quentin\AppData\Local\Temp\DownloadManager.exe
C:\Users\Quentin\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\Quentin\AppData\Local\Temp\FastDownload.exe
C:\Users\Quentin\AppData\Local\Temp\htmlayout.dll
C:\Users\Quentin\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Quentin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Quentin\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Quentin\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Quentin\AppData\Local\Temp\nvStInst.exe
C:\Users\Quentin\AppData\Local\Temp\nvstlink.exe
C:\Users\Quentin\AppData\Local\Temp\oi_{FE9E8FD9-43EF-4CCB-896A-89C65407D497}.exe
C:\Users\Quentin\AppData\Local\Temp\OperaBrowser-17.0.exe
C:\Users\Quentin\AppData\Local\Temp\pylEC04.tmp.exe
C:\Users\Quentin\AppData\Local\Temp\Re-markit_2040-4031.exe
C:\Users\Quentin\AppData\Local\Temp\RTBK.EXE
C:\Users\Quentin\AppData\Local\Temp\setup.exe
C:\Users\Quentin\AppData\Local\Temp\setup__1546.exe
C:\Users\Quentin\AppData\Local\Temp\setup__3635.exe
C:\Users\Quentin\AppData\Local\Temp\t5mleomz.dll
C:\Users\Quentin\AppData\Local\Temp\tmp1C53.exe
C:\Users\Quentin\AppData\Local\Temp\tmp55D5.exe
C:\Users\Quentin\AppData\Local\Temp\tmp6B2F.exe
C:\Users\Quentin\AppData\Local\Temp\tmp747B.exe
C:\Users\Quentin\AppData\Local\Temp\tmp7EF7.exe
C:\Users\Quentin\AppData\Local\Temp\tmp8834.exe
C:\Users\Quentin\AppData\Local\Temp\tmp8B79.exe
C:\Users\Quentin\AppData\Local\Temp\tmpD881.exe
C:\Users\Quentin\AppData\Local\Temp\Tsu092C721A.dll
C:\Users\Quentin\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Quentin\AppData\Local\Temp\vcredist_x86_80.exe
C:\Users\Quentin\AppData\Local\Temp\vcredist_x86_90.exe
C:\Users\Quentin\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Quentin\AppData\Local\Temp\_is14D7.exe
C:\Users\Quentin\AppData\Local\Temp\_is75AC.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 16:43

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Internet und Windows Explorer gehen wieder nur mein Antivirenprogram geht immernoch nicht. Siehe Bild:

mantin36 · 24.01.2014, 15:44

Danke sehr der Virus ist Komplett weg.

sunjojo · 26.01.2014, 14:35

Zitat:

Danke sehr der Virus ist Komplett weg.

Wir sind noch nicht fertig! Arbeite bitte solange mit, bis ich dir ein Clean gebe

.

mantin36 · 26.01.2014, 14:37

Ich habe den PC Komplett neu aufgesetzt da GDATA nicht mehr funktionierte und sich auch nicht nru installieren ließ.

sunjojo · 26.01.2014, 14:40

Zitat:

Ich habe den PC Komplett neu aufgesetzt da GDATA nicht mehr funktionierte und sich auch nicht nru installieren ließ.

Achso. Wenn ich nochmal drüberschauen soll, mache nochmal einen Scan mit FRST

.

mantin36 · 26.01.2014, 14:41

Kann eigentlich nicht sein da ich die Festplatte komplett formatiert habe.

sunjojo · 26.01.2014, 22:54

Alles klar, dann sind wir durch. Hier sind noch Tipps zur Absicherung deines Systems für die Zukunft:

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen

.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

mantin36 · 27.01.2014, 00:11

Ok danke für deine Tipps und deine schnelle Hilfe.
Du kannst deb Thread aus deinen Abos löschen.

sunjojo · 27.01.2014, 16:21

Hallo mantin36,

schön, dass wir dir helfen konnten

.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht, damit erhalte ich keine Benachrichtungen über neue Antworten in diesem Thread. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder Andere bitte hier klicken und einen eigenen Thread erstellen.

Hohe CPU Auslastung und veränderter autostart durch ccleaner-resident.exe

Plagegeister aller Art und deren Bekämpfung: Hohe CPU Auslastung und veränderter autostart durch ccleaner-resident.exe