Windows 8.1: GVU-Trojaner mit Systemwiederherstellung beseitigt?

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014
Ran by Björn (administrator) on BJÖRNS-LAPTOP on 04-02-2014 15:39:27
Running from C:\Users\Björn\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(F-Secure Corporation) C:\Program Files (x86)\Kabel Deutschland\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Kabel Deutschland\apps\CCF_Reputation\fsorsp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(F-Secure Corporation) C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(F-Secure Corporation) C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\Common\FSHDLL64.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(F-Secure Corporation) C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\Common\FSM32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Kabel Deutschland\fshoster32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_fa1dc1539b4180d8\TiWorker.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Ocs_SM] - C:\Users\Björn\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-05-14] (OCS)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [F-Secure Manager] - C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\Common\FSM32.EXE [311432 2013-01-03] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (44553)] - C:\Program Files (x86)\Kabel Deutschland\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2268705684-3369493718-70437878-1002\...\Run: [Spotify Web Helper] - C:\Users\Björn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-14] (Spotify Ltd)
HKU\S-1-5-21-2268705684-3369493718-70437878-1002\...\Run: [Facebook Update] - C:\Users\Björn\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-04] (Facebook Inc.)
HKU\S-1-5-21-2268705684-3369493718-70437878-1002\...\Run: [Java Updater] - C:\Users\Björn\AppData\lsass.exe [0 2013-07-07] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=FCB26A9423517E69
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - DefaultScope {21AF0F3B-257E-46AB-AF89-97EBF582147D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {21AF0F3B-257E-46AB-AF89-97EBF582147D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {21AF0F3B-257E-46AB-AF89-97EBF582147D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {21AF0F3B-257E-46AB-AF89-97EBF582147D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {21AF0F3B-257E-46AB-AF89-97EBF582147D} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119357&tt=gc_&babsrc=SP_ss&mntrId=FCB26A9423517E69
SearchScopes: HKCU - {21AF0F3B-257E-46AB-AF89-97EBF582147D} URL = 
SearchScopes: HKCU - {277E973A-7F75-4506-8A1C-CC124520D647} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=498964fd-e9e3-4c2e-9c63-2a5da7eff274&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {3DF46539-9B48-4105-BC63-9477816BD4AD} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=498964fd-e9e3-4c2e-9c63-2a5da7eff274&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {45EE8D7D-3563-42ED-97A2-2B4F517FF55F} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=498964fd-e9e3-4c2e-9c63-2a5da7eff274&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {7EFDB757-2B59-4D06-968A-CEFCE975E107} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=1337138F-CF12-4B9A-B591-B8C148C34104&apn_sauid=1D734857-BE82-4A47-9DCB-55AEED6C83A9
SearchScopes: HKCU - {8AB6BABA-0B8D-4E67-A74C-B876FF9E6C8F} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=498964fd-e9e3-4c2e-9c63-2a5da7eff274&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {D4C4F1A6-54E7-40ED-8E26-45CD8E94499E} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=498964fd-e9e3-4c2e-9c63-2a5da7eff274&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {DF18B157-E712-431A-950B-77289688838E} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=498964fd-e9e3-4c2e-9c63-2a5da7eff274&pid=ccleanerde&mode=bounce&k=0
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome: 
=======
CHR HomePage: hxxp://www1.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=FCB26A9423517E69
CHR RestoreOnStartup: "hxxp://www1.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=FCB26A9423517E69"
CHR DefaultSearchKeyword: delta-search.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: hxxp://www1.delta-search.com/?q={searchTerms}&affID=119357&tt=gc_&babsrc=SP_ss&mntrId=FCB26A9423517E69
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Bj\u00F6rn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Ask Toolbar) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [2013-01-19]
CHR Extension: (Google Docs) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-19]
CHR Extension: (Google Drive) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-19]
CHR Extension: (YouTube) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-19]
CHR Extension: (Google-Suche) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-19]
CHR Extension: (Google Wallet) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Google Mail) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-19]
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Björn\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2012-12-10]

==================== Services (Whitelisted) =================

R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 fshoster; C:\Program Files (x86)\Kabel Deutschland\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\Common\FSMA32.EXE [209032 2013-01-03] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\Kabel Deutschland\apps\CCF_Reputation\fsorsp.exe [60352 2013-06-25] (F-Secure Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-10] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [203304 2013-12-11] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69296 2013-10-16] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-04-11] ()
R0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [42248 2013-04-11] ()
R3 fsni; C:\Program Files (x86)\Kabel Deutschland\apps\CCF_Scanning\fsni64.sys [80832 2013-04-25] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [14472 2013-01-03] ()
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-10] (Dritek System Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-04 15:39 - 2014-02-04 15:39 - 00016897 _____ () C:\Users\Björn\Downloads\FRST.txt
2014-02-04 15:39 - 2014-02-04 15:39 - 00000000 ____D () C:\FRST
2014-02-04 15:36 - 2014-02-04 15:36 - 02080256 _____ (Farbar) C:\Users\Björn\Downloads\FRST64.exe

==================== One Month Modified Files and Folders =======

2014-02-04 15:39 - 2014-02-04 15:39 - 00016897 _____ () C:\Users\Björn\Downloads\FRST.txt
2014-02-04 15:39 - 2014-02-04 15:39 - 00000000 ____D () C:\FRST
2014-02-04 15:37 - 2013-11-18 01:09 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D60094E3-77E5-48EC-AA70-CB6C017F466A}
2014-02-04 15:37 - 2013-10-29 08:45 - 01526099 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-04 15:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-04 15:36 - 2014-02-04 15:36 - 02080256 _____ (Farbar) C:\Users\Björn\Downloads\FRST64.exe
2014-02-04 15:36 - 2013-01-16 18:28 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2268705684-3369493718-70437878-1002
2014-02-04 15:32 - 2013-01-19 08:08 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 15:31 - 2013-10-29 08:51 - 00000000 ____D () C:\Users\Björn
2014-02-04 15:31 - 2013-05-14 08:33 - 00000440 _____ () C:\WINDOWS\Tasks\Lyrics Finder Update.job
2014-02-04 15:31 - 2013-01-19 08:08 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 15:30 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-04 15:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-04 15:21 - 2013-08-15 17:58 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\vlc
2014-02-04 15:21 - 2013-04-01 16:26 - 00000000 ____D () C:\Program Files (x86)\Kabel Deutschland
2014-02-04 15:21 - 2013-02-22 09:06 - 00000000 ____D () C:\Users\Björn\AppData\Local\Bandizip
2014-02-04 15:13 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2014-02-04 15:13 - 2013-07-05 07:05 - 00000000 ____D () C:\Users\Björn\Documents\UseNeXT

Files to move or delete:
====================
C:\Users\Björn\MAESTIA_SETUP.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-27 21:10

==================== End Of Log ============================
         

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014
Ran by Björn (administrator) on BJÖRNS-LAPTOP on 04-02-2014 15:39:27
Running from C:\Users\Björn\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(F-Secure Corporation) C:\Program Files (x86)\Kabel Deutschland\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Kabel Deutschland\apps\CCF_Reputation\fsorsp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(F-Secure Corporation) C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(F-Secure Corporation) C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\Common\FSHDLL64.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(F-Secure Corporation) C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\Common\FSM32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Kabel Deutschland\fshoster32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_fa1dc1539b4180d8\TiWorker.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Ocs_SM] - C:\Users\Björn\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-05-14] (OCS)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [F-Secure Manager] - C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\Common\FSM32.EXE [311432 2013-01-03] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (44553)] - C:\Program Files (x86)\Kabel Deutschland\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2268705684-3369493718-70437878-1002\...\Run: [Spotify Web Helper] - C:\Users\Björn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-14] (Spotify Ltd)
HKU\S-1-5-21-2268705684-3369493718-70437878-1002\...\Run: [Facebook Update] - C:\Users\Björn\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-04] (Facebook Inc.)
HKU\S-1-5-21-2268705684-3369493718-70437878-1002\...\Run: [Java Updater] - C:\Users\Björn\AppData\lsass.exe [0 2013-07-07] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=FCB26A9423517E69
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - DefaultScope {21AF0F3B-257E-46AB-AF89-97EBF582147D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {21AF0F3B-257E-46AB-AF89-97EBF582147D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {21AF0F3B-257E-46AB-AF89-97EBF582147D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {21AF0F3B-257E-46AB-AF89-97EBF582147D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {21AF0F3B-257E-46AB-AF89-97EBF582147D} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119357&tt=gc_&babsrc=SP_ss&mntrId=FCB26A9423517E69
SearchScopes: HKCU - {21AF0F3B-257E-46AB-AF89-97EBF582147D} URL = 
SearchScopes: HKCU - {277E973A-7F75-4506-8A1C-CC124520D647} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=498964fd-e9e3-4c2e-9c63-2a5da7eff274&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {3DF46539-9B48-4105-BC63-9477816BD4AD} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=498964fd-e9e3-4c2e-9c63-2a5da7eff274&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {45EE8D7D-3563-42ED-97A2-2B4F517FF55F} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=498964fd-e9e3-4c2e-9c63-2a5da7eff274&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {7EFDB757-2B59-4D06-968A-CEFCE975E107} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=1337138F-CF12-4B9A-B591-B8C148C34104&apn_sauid=1D734857-BE82-4A47-9DCB-55AEED6C83A9
SearchScopes: HKCU - {8AB6BABA-0B8D-4E67-A74C-B876FF9E6C8F} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=498964fd-e9e3-4c2e-9c63-2a5da7eff274&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {D4C4F1A6-54E7-40ED-8E26-45CD8E94499E} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=498964fd-e9e3-4c2e-9c63-2a5da7eff274&pid=ccleanerde&mode=bounce&k=0
SearchScopes: HKCU - {DF18B157-E712-431A-950B-77289688838E} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=498964fd-e9e3-4c2e-9c63-2a5da7eff274&pid=ccleanerde&mode=bounce&k=0
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome: 
=======
CHR HomePage: hxxp://www1.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=FCB26A9423517E69
CHR RestoreOnStartup: "hxxp://www1.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=FCB26A9423517E69"
CHR DefaultSearchKeyword: delta-search.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: hxxp://www1.delta-search.com/?q={searchTerms}&affID=119357&tt=gc_&babsrc=SP_ss&mntrId=FCB26A9423517E69
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Bj\u00F6rn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Ask Toolbar) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [2013-01-19]
CHR Extension: (Google Docs) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-19]
CHR Extension: (Google Drive) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-19]
CHR Extension: (YouTube) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-19]
CHR Extension: (Google-Suche) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-19]
CHR Extension: (Google Wallet) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Google Mail) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-19]
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Björn\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2012-12-10]

==================== Services (Whitelisted) =================

R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 fshoster; C:\Program Files (x86)\Kabel Deutschland\fshoster32.exe [188400 2013-01-18] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\Common\FSMA32.EXE [209032 2013-01-03] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\Kabel Deutschland\apps\CCF_Reputation\fsorsp.exe [60352 2013-06-25] (F-Secure Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-10] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [203304 2013-12-11] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69296 2013-10-16] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-04-11] ()
R0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [42248 2013-04-11] ()
R3 fsni; C:\Program Files (x86)\Kabel Deutschland\apps\CCF_Scanning\fsni64.sys [80832 2013-04-25] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\Kabel Deutschland\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [14472 2013-01-03] ()
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-10] (Dritek System Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-04 15:39 - 2014-02-04 15:39 - 00016897 _____ () C:\Users\Björn\Downloads\FRST.txt
2014-02-04 15:39 - 2014-02-04 15:39 - 00000000 ____D () C:\FRST
2014-02-04 15:36 - 2014-02-04 15:36 - 02080256 _____ (Farbar) C:\Users\Björn\Downloads\FRST64.exe

==================== One Month Modified Files and Folders =======

2014-02-04 15:39 - 2014-02-04 15:39 - 00016897 _____ () C:\Users\Björn\Downloads\FRST.txt
2014-02-04 15:39 - 2014-02-04 15:39 - 00000000 ____D () C:\FRST
2014-02-04 15:37 - 2013-11-18 01:09 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D60094E3-77E5-48EC-AA70-CB6C017F466A}
2014-02-04 15:37 - 2013-10-29 08:45 - 01526099 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-04 15:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-04 15:36 - 2014-02-04 15:36 - 02080256 _____ (Farbar) C:\Users\Björn\Downloads\FRST64.exe
2014-02-04 15:36 - 2013-01-16 18:28 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2268705684-3369493718-70437878-1002
2014-02-04 15:32 - 2013-01-19 08:08 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 15:31 - 2013-10-29 08:51 - 00000000 ____D () C:\Users\Björn
2014-02-04 15:31 - 2013-05-14 08:33 - 00000440 _____ () C:\WINDOWS\Tasks\Lyrics Finder Update.job
2014-02-04 15:31 - 2013-01-19 08:08 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 15:30 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-04 15:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-04 15:21 - 2013-08-15 17:58 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\vlc
2014-02-04 15:21 - 2013-04-01 16:26 - 00000000 ____D () C:\Program Files (x86)\Kabel Deutschland
2014-02-04 15:21 - 2013-02-22 09:06 - 00000000 ____D () C:\Users\Björn\AppData\Local\Bandizip
2014-02-04 15:13 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2014-02-04 15:13 - 2013-07-05 07:05 - 00000000 ____D () C:\Users\Björn\Documents\UseNeXT

Files to move or delete:
====================
C:\Users\Björn\MAESTIA_SETUP.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-27 21:10

==================== End Of Log ============================