| |
| |||||||
Log-Analyse und Auswertung: winlogon.exe - ATRAPS.GenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.10.2014, 23:29
| #1 | |
 |  winlogon.exe - ATRAPS.Gen Bekomme seit gerade von Avira die unten abgebildete Meldung + das Fenster (und 1 WIN-CMD Fenster). Klicke ich auf OK kommt es wieder und wieder und weider. Hab auch schon Malwarebytes drüberlaufen lassen. Nach dem entfernen ploppt das Fenster ca. 20x auf und bleibt dann wieder dauerhaft da. Was für ein Zeug ist das (hab in letzter Zeit KEINE Downloads getätigt). Nutze aktuellstes Win 8.1  Malware-Log Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 20.10.2014 Suchlauf-Zeit: 00:15:51 Logdatei: mal.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.09.19.05 Rootkit Datenbank: v2014.10.17.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Matthias Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 303968 Verstrichene Zeit: 6 Min, 27 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 22 Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\60.exe, 3408, , [bbc630bf7efd02347559fb27b050659b] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\395.exe, 1060, , [077a2fc0780337ffce0034ee34ccd030] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\985.exe, 1616, , [ff829b540378f244a826869cb14f5ea2] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\870.exe, 5620, , [2a578768334820168c421909ae528f71] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\211.exe, 4992, , [29580ae5215a6fc77757b66c8b75b34d] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\829.exe, 820, , [8af7aa45abd0d462c00ef032f907629e] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\174.exe, 5088, , [5a27c629bfbc50e65579c95940c0817f] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\967.exe, 6388, , [047da24d7b00a492e7e7cb570cf48d73] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\320.exe, 6664, , [c3be539cf08b76c0af1f3ee4629e7a86] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\662.exe, 6948, , [1a6702ed8cefe5515975170be02042be] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\264.exe, 6184, , [1d645a951764d95dc509d44ed729768a] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\932.exe, 7104, , [6021c32c6615db5b1db1be64e7193dc3] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\739.exe, 2480, , [324ff5fa176404323f8fdc4643bd19e7] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\545.exe, 1036, , [9de48f606318ca6c0dc1d64ced13a858] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\355.exe, 6152, , [bec308e7d8a3cf674a8469b9768ad729] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\205.exe, 5196, , [b0d1915e601b06305c72ab77f70912ee] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\214.exe, 5588, , [a0e1b03f3a41290d26a8e43eaf5105fb] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\554.exe, 900, , [2160f5fa7dfef442339b26fc629e23dd] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\175.exe, 752, , [6f1224cb176439fdc20cad7598687987] Trojan.Dropper, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe, 360, , [c1c02fc06714ae88634cf80c13f0b14f] Trojan.Agent, C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe, 6180, , [344d10dfee8d3bfb0b9c65cf9d6639c7] Backdoor.Agent.DC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe, 3880, , [651cdb142e4de84e0879f20609faba46] Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 1 Malware.Trace, HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\DC3_FEXEC, , [5031559a394265d1b5c4dffc6d96ea16], Registrierungswerte: 2 Backdoor.Agent.DCE, HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Winlogon, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe, , [2f526f801d5e989e81dca4cfdd2753ad] Backdoor.Agent.DC, HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MicroUpdate, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe, , [651cdb142e4de84e0879f20609faba46] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 31 Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\60.exe, , [bbc630bf7efd02347559fb27b050659b], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\395.exe, , [077a2fc0780337ffce0034ee34ccd030], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\985.exe, , [ff829b540378f244a826869cb14f5ea2], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\870.exe, , [2a578768334820168c421909ae528f71], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\211.exe, , [29580ae5215a6fc77757b66c8b75b34d], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\829.exe, , [8af7aa45abd0d462c00ef032f907629e], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\174.exe, , [5a27c629bfbc50e65579c95940c0817f], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\967.exe, , [047da24d7b00a492e7e7cb570cf48d73], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\320.exe, , [c3be539cf08b76c0af1f3ee4629e7a86], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\662.exe, , [1a6702ed8cefe5515975170be02042be], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\264.exe, , [1d645a951764d95dc509d44ed729768a], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\932.exe, , [6021c32c6615db5b1db1be64e7193dc3], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\739.exe, , [324ff5fa176404323f8fdc4643bd19e7], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\545.exe, , [9de48f606318ca6c0dc1d64ced13a858], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\355.exe, , [bec308e7d8a3cf674a8469b9768ad729], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\205.exe, , [b0d1915e601b06305c72ab77f70912ee], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\214.exe, , [a0e1b03f3a41290d26a8e43eaf5105fb], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\554.exe, , [2160f5fa7dfef442339b26fc629e23dd], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\175.exe, , [6f1224cb176439fdc20cad7598687987], Backdoor.MSIL.PGen, C:\Users\Matthias\AppData\Roaming\loader_crypt.exe, , [1c65eb04403bb086ab5bd5c3bb457a86], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\886.exe, , [b9c829c67308ac8a06c8d84a916ffc04], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\71.exe, , [2f52549baecdaf87d3fb061cf30de61a], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\421.exe, , [8ef39a55adce21158549a280b44ccb35], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\552.exe, , [d3ae707f017a0b2bf0de0022f40cf10f], Trojan.Dropper, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe, , [c1c02fc06714ae88634cf80c13f0b14f], Trojan.Agent, C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe, , [344d10dfee8d3bfb0b9c65cf9d6639c7], Trojan.Bitminer, C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.bat, , [671a6986ec8fd46256db046fa85cea16], Trojan.Bitminer, C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.vbs, , [b2cfa34cc9b2181e230e165d4fb53dc3], Trojan.Bitminer, C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\cpu.exe, , [9fe28a65770478be76bd076cea1af30d], Backdoor.Agent.DCE, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe, , [2f526f801d5e989e81dca4cfdd2753ad], Backdoor.Agent.DC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe, , [651cdb142e4de84e0879f20609faba46], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Zitat:
|
|
20.10.2014, 01:09
| #2 |
| Ruhe in Frieden † 2019     | winlogon.exe - ATRAPS.Gen Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Posten in Code Tags Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke. Dazu:
Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
20.10.2014, 01:54
| #3 |
| | winlogon.exe - ATRAPS.Gen Hallo Sandra,
__________________freue mich über hilfe ...und das um diese Uhrzeit - kann aber eh nicht schlafen FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2014 Ran by Matthias (administrator) on MATTHIAS on 20-10-2014 02:51:08 Running from D:\ Loaded Profiles: Matthias & (Available profiles: Matthias) Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (FinalWire Ltd.) C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Outertech) C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe (Dropbox, Inc.) C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NirSoft) C:\Windows\nircmd.exe (NirSoft) C:\Windows\nircmd.exe (NirSoft) C:\Windows\nircmd.exe (NirSoft) C:\Windows\nircmd.exe (NirSoft) C:\Windows\nircmd.exe (NirSoft) C:\Windows\nircmd.exe (NirSoft) C:\Windows\nircmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe (Microsoft Corporation) C:\Windows\System32\control.exe (Microsoft Corporation) C:\Windows\System32\consent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (AppWork GmbH) C:\Program Files\JDownloader\JDownloader2.exe (VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2014-07-20] (Realtek Semiconductor) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.) HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google) HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech) HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ASRock A-Tuning] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day0] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day1] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day2] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day3] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day4] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day5] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day6] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.) HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google) HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech) HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ASRock A-Tuning] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [AsrOMG_Day0] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [AsrOMG_Day1] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [AsrOMG_Day2] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [AsrOMG_Day3] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [AsrOMG_Day4] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [AsrOMG_Day5] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [AsrOMG_Day6] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.) HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google) HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech) HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ASRock A-Tuning] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [AsrOMG_Day0] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [AsrOMG_Day1] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [AsrOMG_Day2] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [AsrOMG_Day3] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [AsrOMG_Day4] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [AsrOMG_Day5] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [AsrOMG_Day6] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.) HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google) HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech) HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [ASRock A-Tuning] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [AsrOMG_Day0] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [AsrOMG_Day1] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [AsrOMG_Day2] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [AsrOMG_Day3] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [AsrOMG_Day4] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [AsrOMG_Day5] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [AsrOMG_Day6] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.) HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google) HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech) HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [ASRock A-Tuning] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\RunOnce: [AsrOMG_Day0] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\RunOnce: [AsrOMG_Day1] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\RunOnce: [AsrOMG_Day2] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\RunOnce: [AsrOMG_Day3] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\RunOnce: [AsrOMG_Day4] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\RunOnce: [AsrOMG_Day5] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\RunOnce: [AsrOMG_Day6] => [X] Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-13] Chrome: ======= CHR HomePage: Default -> CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Easy Auto Refresh) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-04-20] CHR Extension: (Google*Übersetzer) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-04-20] CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-20] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10] CHR Extension: (Pushbullet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-04-20] CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-04-20] CHR Extension: (Session Buddy) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-04-20] CHR Extension: (My JDownloader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2014-04-20] CHR Extension: (Avira Browser Safety) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-04-20] CHR Extension: (Chrome Remote Desktop) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-04-20] CHR Extension: (AdBlock) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-20] CHR Extension: (Cr!Box) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp [2014-04-20] CHR Extension: (In Google Drive speichern) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-04-20] CHR Extension: (Scroll To Top) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegiignepmecppikdlbohnnbfjdoaghj [2014-04-20] CHR Extension: (ModHeader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2014-07-15] CHR Extension: (WEB.DE MailCheck) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-04-20] CHR Extension: (Panel View for Keep) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2014-04-20] CHR Extension: (LongClick New Tab) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphlcgnallcfbnpgmblmlmkehbffnoph [2014-04-20] CHR Extension: (Reload All Tabs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2014-04-20] CHR Extension: (Hangouts) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-04-20] CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-20] CHR Extension: (Close Right) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\npemobdkdcknhfaiioheeffincgpgafj [2014-04-20] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Matthias\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG) R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed] R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG) R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe [51016 2014-08-21] (Google Inc.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [326760 2014-09-03] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation) S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2014-07-20] (Realtek Semiconductor) S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation) R3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 [34136 2014-07-29] () S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-07-09] (ASRock Incorporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation) U0 obpgw; C:\Windows\System32\drivers\ltqaudkh.sys [79064 2014-10-20] (Malwarebytes Corporation) U0 renwmrm; C:\Windows\System32\drivers\ncrgv.sys [79064 2014-10-20] (Malwarebytes Corporation) S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] () S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] () S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] () S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) R3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation) S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [X] S3 GPU-Z; \??\C:\Users\Matthias\AppData\Local\Temp\GPU-Z.sys [X] S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-20 02:29 - 2014-10-20 02:51 - 00000000 ____D () C:\FRST 2014-10-20 02:16 - 2014-10-20 02:16 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-10-20 01:04 - 2014-10-20 01:04 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\ltqaudkh.sys 2014-10-20 00:54 - 2014-10-20 00:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-20 00:54 - 2014-10-20 00:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-10-20 00:54 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-20 00:54 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-20 00:54 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-20 00:23 - 2014-10-20 00:23 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\ncrgv.sys 2014-10-19 23:27 - 2014-10-19 23:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-19 22:46 - 2014-10-19 22:46 - 00000000 __SHD () C:\Users\Matthias\AppData\Roaming\SubFolder 2014-10-19 14:31 - 2014-10-19 14:31 - 00000882 _____ () C:\Windows\setupact.log 2014-10-19 14:31 - 2014-10-19 14:31 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-19 05:54 - 2014-10-19 05:54 - 00000000 ____D () C:\Program Files\Calibre2 2014-10-19 05:15 - 2014-10-19 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy XIII 2014-10-14 20:32 - 2014-10-14 20:32 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2014-10-14 19:16 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-14 19:16 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-14 19:16 - 2014-09-10 08:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-10-14 19:16 - 2014-09-08 05:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-10-14 19:16 - 2014-09-08 05:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-10-14 19:16 - 2014-09-08 00:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml 2014-10-14 19:16 - 2014-09-05 00:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-10-14 19:16 - 2014-09-05 00:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-10-14 19:16 - 2014-09-04 05:15 - 00561416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-10-14 19:16 - 2014-09-04 05:14 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-10-14 19:16 - 2014-09-04 05:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2014-10-14 19:16 - 2014-09-04 04:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2014-10-14 19:16 - 2014-09-04 03:19 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2014-10-14 19:16 - 2014-09-04 03:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2014-10-14 19:16 - 2014-09-04 02:45 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-10-14 19:16 - 2014-09-04 02:41 - 01420288 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-10-14 19:16 - 2014-09-04 02:36 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-10-14 19:16 - 2014-09-04 02:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2014-10-14 19:16 - 2014-09-04 02:15 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-10-14 19:16 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll 2014-10-14 19:16 - 2014-09-04 01:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2014-10-14 19:16 - 2014-09-04 01:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2014-10-14 19:16 - 2014-08-31 02:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2014-10-14 19:16 - 2014-08-31 02:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-10-14 19:16 - 2014-08-31 00:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-10-14 19:16 - 2014-08-31 00:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll 2014-10-14 19:16 - 2014-08-30 23:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll 2014-10-14 19:16 - 2014-08-30 23:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2014-10-14 19:16 - 2014-08-30 22:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll 2014-10-14 19:16 - 2014-08-30 22:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-10-14 19:16 - 2014-08-28 04:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-14 19:16 - 2014-08-28 02:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-10-14 19:16 - 2014-08-28 02:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-10-14 19:16 - 2014-08-23 07:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-10-14 19:16 - 2014-08-23 07:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-10-14 19:16 - 2014-08-23 06:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2014-10-14 19:16 - 2014-08-02 02:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2014-10-14 19:16 - 2014-08-02 02:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2014-10-14 19:15 - 2014-09-28 00:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-14 19:15 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-14 19:15 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-14 19:15 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-14 19:15 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-14 19:15 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-14 19:15 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-14 19:15 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-14 19:15 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-14 19:15 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-14 19:15 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-14 19:15 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-14 19:15 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-14 19:15 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-14 19:15 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-14 19:15 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-14 19:15 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-14 19:15 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-14 19:15 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-14 19:15 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-14 19:15 - 2014-09-19 02:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-14 19:15 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-14 19:15 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-14 19:15 - 2014-09-19 02:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-14 19:15 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-14 19:15 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-14 19:15 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-14 19:15 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-14 19:15 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-14 19:15 - 2014-09-08 02:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-10-14 19:14 - 2014-09-13 08:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-14 19:14 - 2014-09-13 08:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-14 19:14 - 2014-09-13 07:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-14 19:14 - 2014-09-13 07:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-14 19:14 - 2014-09-08 05:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-10-14 19:14 - 2014-09-08 03:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-10-14 19:14 - 2014-09-08 03:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-10-14 19:14 - 2014-09-08 02:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-10-14 19:14 - 2014-09-08 02:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-10-14 19:14 - 2014-09-08 02:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-10-14 19:14 - 2014-09-08 02:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-10-14 19:14 - 2014-09-08 02:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-10-14 19:14 - 2014-09-08 02:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-10-14 19:14 - 2014-09-08 01:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-10-14 19:14 - 2014-09-08 01:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-10-14 19:14 - 2014-09-08 01:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-10-14 19:14 - 2014-09-08 01:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-10-14 19:14 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-14 19:14 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-09-29 20:25 - 2014-09-29 20:35 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\FileBot 2014-09-20 07:50 - 2014-09-17 06:51 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2014-09-20 07:50 - 2014-09-17 06:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2014-09-20 07:50 - 2014-09-17 06:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-09-20 07:50 - 2014-09-14 01:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 00834880 _____ () C:\Windows\system32\nvmcumd.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-09-20 07:50 - 2014-09-14 01:48 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-20 02:51 - 2014-07-05 23:47 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\NetSpeedMonitor 2014-10-20 02:32 - 2014-09-10 20:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-20 02:08 - 2014-04-20 17:40 - 00000000 ____D () C:\Program Files\JDownloader 2014-10-20 02:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2014-10-20 01:52 - 2014-04-20 09:32 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-20 01:24 - 2014-07-29 17:06 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc 2014-10-20 01:24 - 2014-04-20 09:19 - 01162765 _____ () C:\Windows\WindowsUpdate.log 2014-10-20 01:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\L2Schemas 2014-10-20 00:37 - 2014-04-20 17:26 - 00014860 _____ () C:\Users\Matthias\Documents\metadata_db_prefs_backup.json 2014-10-20 00:37 - 2014-04-20 17:25 - 00185344 _____ () C:\Users\Matthias\Documents\metadata.db 2014-10-20 00:23 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-10-19 20:52 - 2014-04-20 09:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-19 20:21 - 2014-05-20 18:16 - 00005084 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MATTHIAS-Matthias Matthias 2014-10-19 08:44 - 2014-03-18 12:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-19 08:44 - 2014-03-18 11:25 - 00764340 _____ () C:\Windows\system32\perfh007.dat 2014-10-19 08:44 - 2014-03-18 11:25 - 00159160 _____ () C:\Windows\system32\perfc007.dat 2014-10-19 08:38 - 2014-04-20 17:21 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Dropbox 2014-10-19 08:38 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-19 08:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-10-19 08:26 - 2014-04-20 09:28 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-357331442-1347990815-2063067355-1001 2014-10-19 05:21 - 2014-06-07 19:32 - 00000000 ____D () C:\ProgramData\Steam 2014-10-17 20:47 - 2014-04-20 09:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-17 20:47 - 2014-04-20 09:32 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-17 20:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-10-17 15:16 - 2013-08-22 16:44 - 00434768 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-15 04:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache 2014-10-14 19:57 - 2014-03-18 03:51 - 00103448 _____ () C:\Windows\PFRO.log 2014-10-14 19:55 - 2014-06-07 19:12 - 00101329 _____ () C:\Windows\DirectX.log 2014-10-14 19:49 - 2014-04-21 02:26 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-10-14 19:49 - 2014-04-20 17:49 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-10-14 19:49 - 2014-04-20 17:49 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData 2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer 2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager 2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera 2014-10-14 19:26 - 2014-05-01 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-10-14 19:26 - 2014-05-01 18:21 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-14 19:26 - 2014-04-20 09:29 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-14 19:26 - 2013-08-22 15:25 - 00000167 _____ () C:\Windows\win.ini 2014-10-14 19:24 - 2014-04-20 09:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-14 17:01 - 2014-06-12 02:38 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-10-14 04:33 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias 2014-10-13 15:22 - 2014-08-13 16:06 - 00000000 ____D () C:\Users\Matthias\Downloads\LiveSetup 2014-10-13 15:15 - 2014-04-20 17:47 - 00000000 ____D () C:\ProgramData\Package Cache 2014-10-13 15:15 - 2014-04-20 17:47 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-10-03 22:35 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Packages 2014-10-01 23:48 - 2014-04-20 09:32 - 00000000 ____D () C:\Program Files (x86)\Google 2014-09-30 00:45 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-30 00:45 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-20 19:12 - 2014-07-29 17:06 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-09-20 07:51 - 2014-05-17 17:46 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-09-20 07:51 - 2014-05-17 17:46 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation Some content of TEMP: ==================== C:\Users\Matthias\AppData\Local\Temp\avgnt.exe C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp365go7.dll C:\Users\Matthias\AppData\Local\Temp\proxy_vole2341580373285448016.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-19 08:26 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-10-2014
Ran by Matthias at 2014-10-20 02:51:27
Running from D:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{755DDD59-9690-4F1A-BE9C-D39BDCFA77C9}) (Version: 12.1.3.153 - Adobe Systems, Inc)
AIDA64 Extreme v4.60 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.60 - FinalWire Ltd.)
ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
A-Tuning v2.0.51.1 (HKLM-x32\...\A-Tuning_is1) (Version: 2.0.51.1 - )
Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
calibre 64bit (HKLM\...\{FA9B4DB2-986E-4CFB-BB54-1D7EFB747E5D}) (Version: 2.6.0 - Kovid Goyal)
Chrome Remote Desktop Host (HKLM-x32\...\{61F565EB-B101-4EBE-89BB-EF0AA3F2FFB8}) (Version: 38.0.2125.9 - Google Inc.)
Clipboard History (HKLM-x32\...\ClipboardHistory) (Version: 2.0 - Outertech)
Dropbox (HKCU\...\Dropbox) (Version: 2.11.28 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Final Fantasy XIII (HKLM-x32\...\RmluYWxGYW50YXN5WElJSQ==_is1) (Version: 1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel(R) Network Connections 19.1.51.0 (Version: 19.1.51.0 - Intel) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60830 (HKLM-x32\...\{9dba0447-b749-41ea-90bc-2aa19a9eb580}) (Version: 11.0.60830.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Systemsteuerung 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
ZOTAC FireStorm (HKLM-x32\...\ZOTAC FireStorm) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357331442-1347990815-2063067355-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
14-10-2014 06:07:42 Geplanter Prüfpunkt
19-10-2014 03:54:04 Removed calibre 64bit
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {029F2A3B-41C9-4133-A412-9232DB15C921} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0BC32B2D-93F4-45F4-B338-9BC59A6EB744} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {1F2D7BAE-62D4-4467-A97F-CD9E86C0B564} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2A6136D7-4328-45F8-8103-89D3671F96C5} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4DBCF4FA-4C43-478B-8694-C6C613DDBB11} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {5143121E-9F73-4FEF-B0C8-B93C31515BB2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-14] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {7353CD31-57DB-4A2F-BA6A-E92C87310380} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7B7B54AC-2096-4501-A7B6-A3F27C625BB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-20] (Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9EDC9185-48C1-41E0-9907-D3946760D44F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-20] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A6CD4944-7B2E-46DB-B3D4-12498FFA36F4} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {A9B946C6-71F6-4504-A414-449D3B0347DF} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {AB7590CF-E753-4E98-BDF1-43B416A4C545} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MATTHIAS-Matthias Matthias => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {B7ABDADF-8CF0-4DE0-8C7E-4FA3EB397C73} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {CB7AB92B-CE34-41D3-A177-4DA7352D66A0} - System32\Tasks\AIDA64 AutoStart => C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe [2014-07-29] (FinalWire Ltd.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D29726FE-5A61-421C-92C3-E4C42C833391} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCE3D606-9E17-4E65-B72D-0EF3F4603DE5} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {ECED11F4-FB82-4015-9EE2-74E3E0DC5D64} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-05-17 17:46 - 2014-09-13 23:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-09 21:46 - 2013-05-28 17:58 - 00454656 _____ () C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
2014-10-15 05:11 - 2014-10-10 03:31 - 01366856 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-15 05:11 - 2014-10-10 03:31 - 00204616 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-15 05:11 - 2014-10-10 03:31 - 10578760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-15 05:11 - 2014-10-10 03:31 - 01859400 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
2014-10-19 22:46 - 2014-10-19 22:46 - 01552384 ____N () C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe
2014-10-20 02:08 - 2014-10-20 02:08 - 00040448 ____N () C:\Users\Matthias\AppData\Local\Temp\proxy_vole2341580373285448016.dll
2014-10-20 02:08 - 2014-10-20 02:08 - 00566439 _____ () C:\Program Files\JDownloader\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2014-10-20 02:08 - 2014-10-20 02:08 - 04078962 _____ () C:\Program Files\JDownloader\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2014-10-19 08:38 - 2014-10-19 08:38 - 00098816 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32api.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00110080 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\pywintypes27.dll
2014-10-19 08:38 - 2014-10-19 08:38 - 00364544 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\pythoncom27.dll
2014-10-19 08:38 - 2014-10-19 08:38 - 00045568 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\_socket.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 01160704 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\_ssl.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00320512 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32com.shell.shell.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00713216 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\_hashlib.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 01175040 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\wx._core_.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00805888 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\wx._gdi_.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00811008 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\wx._windows_.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 01062400 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\wx._controls_.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00735232 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\wx._misc_.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00128512 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\_elementtree.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00127488 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\pyexpat.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00557056 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\pysqlite2._sqlite.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00007168 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\hashobjs_ext.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00087552 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\_ctypes.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00119808 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32file.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00108544 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32security.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00018432 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32event.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00038912 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32inet.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00070656 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\wx._html2.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00167936 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32gui.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00011264 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32crypt.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00027136 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\_multiprocessing.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00686080 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\unicodedata.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00122368 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\wx._wizard.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00010240 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\select.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00024064 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32pipe.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00025600 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32pdh.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00525640 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\windows._lib_cacheinvalidation.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00035840 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32process.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00017408 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32profile.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00022528 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\win32ts.pyd
2014-10-19 08:38 - 2014-10-19 08:38 - 00078336 _____ () C:\Users\Matthias\AppData\Local\Temp\_MEI49642\wx._animate.pyd
2010-11-22 15:26 - 2010-11-22 15:26 - 00047880 _____ () C:\Program Files (x86)\ClipboardHistory\ClipboardHotkey.dll
2014-09-19 01:32 - 2014-09-19 01:32 - 00750080 _____ () C:\Users\Matthias\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-10-19 08:38 - 2014-10-19 08:38 - 00043008 _____ () c:\users\matthias\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp365go7.dll
2014-09-19 01:32 - 2014-09-19 01:32 - 00047616 _____ () C:\Users\Matthias\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-09-19 01:32 - 2014-09-19 01:32 - 00863744 _____ () C:\Users\Matthias\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-09-19 01:32 - 2014-09-19 01:32 - 00200704 _____ () C:\Users\Matthias\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-04-20 11:05 - 2013-09-03 16:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00113171 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 02396691 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00268307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00031251 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00066579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00296979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2013-10-04 16:40 - 2014-07-29 15:55 - 00012814 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libsrpos2186_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 02043411 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00100371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00244243 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00076307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00045587 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00060947 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00531475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00708627 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00114195 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00040467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00133139 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01512467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01248787 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00054291 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00038419 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00189971 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00091667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00067603 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00077331 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00074259 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00016403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libtta_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00023059 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00021523 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libwav_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00929299 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsid_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00118803 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00144403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libogg_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01194003 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 11148307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00036371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00292371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00017939 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01280019 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00018451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00336403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00344595 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00198675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00027155 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015891 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01393171 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00146451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00022035 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00733203 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00026131 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00171027 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 10447379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00746515 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00026643 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00587283 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00113683 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00053779 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00016915 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00032275 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00020499 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00017427 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00068115 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00130579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00168979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00058899 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 01496083 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00013331 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00383507 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00021011 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00017427 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
2014-07-23 01:29 - 2014-07-23 01:29 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKCU\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"
========================= Accounts: ==========================
Administrator (S-1-5-21-357331442-1347990815-2063067355-500 - Administrator - Disabled)
Gast (S-1-5-21-357331442-1347990815-2063067355-501 - Limited - Disabled)
Matthias (S-1-5-21-357331442-1347990815-2063067355 - Administrator - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/20/2014 02:16:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (10/20/2014 02:16:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (10/20/2014 02:16:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (10/20/2014 02:15:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (10/20/2014 01:25:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17284 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 8a8
Startzeit: 01cfeb674c54bdc7
Endzeit: 0
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: 1a739a20-57e7-11e4-8413-bc5ff4d074a5
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/20/2014 00:45:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avscan.exe, Version 14.0.7.266 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 610
Startzeit: 01cfebed7d9fe965
Endzeit: 60000
Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
Berichts-ID: 66bf3bd0-57e1-11e4-8413-bc5ff4d074a5
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/19/2014 05:54:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (10/18/2014 05:48:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm PlayTV.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 17bc
Startzeit: 01cfea653f668785
Endzeit: 0
Anwendungspfad: D:\PlayTV v2.2\PlayTV.exe
Berichts-ID: a475f58b-5679-11e4-8412-bc5ff4d074a5
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/17/2014 09:21:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: notepad.exe, Version: 6.3.9600.16384, Zeitstempel: 0x52158714
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x5f1a90df
ID des fehlerhaften Prozesses: 0xfa0
Startzeit der fehlerhaften Anwendung: 0xnotepad.exe0
Pfad der fehlerhaften Anwendung: notepad.exe1
Pfad des fehlerhaften Moduls: notepad.exe2
Berichtskennung: notepad.exe3
Vollständiger Name des fehlerhaften Pakets: notepad.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: notepad.exe5
Error: (10/17/2014 05:51:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DisplaySwitch.exe, Version: 6.3.9600.16384, Zeitstempel: 0x5215e98b
Name des fehlerhaften Moduls: nvwgf2umx.dll, Version: 9.18.13.4411, Zeitstempel: 0x5414a27b
Ausnahmecode: 0xc000041d
Fehleroffset: 0x00000000008490fa
ID des fehlerhaften Prozesses: 0xc44
Startzeit der fehlerhaften Anwendung: 0xDisplaySwitch.exe0
Pfad der fehlerhaften Anwendung: DisplaySwitch.exe1
Pfad des fehlerhaften Moduls: DisplaySwitch.exe2
Berichtskennung: DisplaySwitch.exe3
Vollständiger Name des fehlerhaften Pakets: DisplaySwitch.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DisplaySwitch.exe5
System errors:
=============
Error: (10/19/2014 08:38:39 AM) (Source: DCOM) (EventID: 10016) (User: MATTHIAS)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MatthiasMatthiasS-1-5-21-357331442-1347990815-2063067355-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/19/2014 08:38:39 AM) (Source: DCOM) (EventID: 10016) (User: MATTHIAS)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MatthiasMatthiasS-1-5-21-357331442-1347990815-2063067355-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/19/2014 08:38:23 AM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT-AUTORITÄT)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1
Error: (10/17/2014 03:16:17 PM) (Source: DCOM) (EventID: 10016) (User: MATTHIAS)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MatthiasMatthiasS-1-5-21-357331442-1347990815-2063067355-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/17/2014 03:16:17 PM) (Source: DCOM) (EventID: 10016) (User: MATTHIAS)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MatthiasMatthiasS-1-5-21-357331442-1347990815-2063067355-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/17/2014 03:16:00 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT-AUTORITÄT)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1
Error: (10/15/2014 03:53:55 PM) (Source: DCOM) (EventID: 10016) (User: MATTHIAS)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MatthiasMatthiasS-1-5-21-357331442-1347990815-2063067355-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/15/2014 03:53:55 PM) (Source: DCOM) (EventID: 10016) (User: MATTHIAS)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MatthiasMatthiasS-1-5-21-357331442-1347990815-2063067355-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/15/2014 03:53:34 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT-AUTORITÄT)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1
Error: (10/14/2014 08:02:19 PM) (Source: DCOM) (EventID: 10016) (User: MATTHIAS)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MatthiasMatthiasS-1-5-21-357331442-1347990815-2063067355-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Microsoft Office Sessions:
=========================
Error: (10/20/2014 02:16:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestD:\esetsmartinstaller_deu.exe
Error: (10/20/2014 02:16:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestD:\esetsmartinstaller_deu.exe
Error: (10/20/2014 02:16:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestD:\esetsmartinstaller_deu.exe
Error: (10/20/2014 02:15:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestD:\esetsmartinstaller_deu.exe
Error: (10/20/2014 01:25:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.172848a801cfeb674c54bdc70C:\Windows\Explorer.EXE1a739a20-57e7-11e4-8413-bc5ff4d074a5
Error: (10/20/2014 00:45:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avscan.exe14.0.7.26661001cfebed7d9fe96560000C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe66bf3bd0-57e1-11e4-8413-bc5ff4d074a5
Error: (10/19/2014 05:54:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
Error: (10/18/2014 05:48:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: PlayTV.exe1.0.0.017bc01cfea653f6687850D:\PlayTV v2.2\PlayTV.exea475f58b-5679-11e4-8412-bc5ff4d074a5
Error: (10/17/2014 09:21:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: notepad.exe6.3.9600.1638452158714unknown0.0.0.000000000c00000055f1a90dffa001cfea3f92bf21b9C:\Windows\SysWOW64\notepad.exeunknownd07898a0-5632-11e4-8412-bc5ff4d074a5
Error: (10/17/2014 05:51:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DisplaySwitch.exe6.3.9600.163845215e98bnvwgf2umx.dll9.18.13.44115414a27bc000041d00000000008490fac4401cfea22323f2537C:\Windows\System32\DisplaySwitch.exeC:\Windows\System32\nvwgf2umx.dll7196a0bf-5615-11e4-8412-bc5ff4d074a5
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 27%
Total physical RAM: 16229.05 MB
Available physical RAM: 11687.43 MB
Total Pagefile: 18661.05 MB
Available Pagefile: 12144.23 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive a: (Multimedia) (Fixed) (Total:2794.39 GB) (Free:1595.24 GB) NTFS
Drive b: (Multimedia II) (Fixed) (Total:735.84 GB) (Free:202.37 GB) NTFS
Drive c: () (Fixed) (Total:111.27 GB) (Free:73.59 GB) NTFS
Drive d: (Daten) (Fixed) (Total:195.67 GB) (Free:154.21 GB) NTFS
Drive f: (Extern) (Fixed) (Total:840.57 GB) (Free:613.59 GB) NTFS
Drive g: () (Removable) (Total:29.76 GB) (Free:29.5 GB) FAT32
Drive i: (SAFE) (Fixed) (Total:90.94 GB) (Free:33.26 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: A98184E0)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 97F0BB35)
Partition 1: (Active) - (Size=195.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=735.8 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: B0445822)
Partition 1: (Active) - (Size=29.8 GB) - (Type=0C)
========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1B537923)
Partition 1: (Not Active) - (Size=90.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=840.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
20.10.2014, 11:36
| #4 |
| Ruhe in Frieden † 2019 | winlogon.exe - ATRAPS.Gen Hallo, ja das sieht unnett aus. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter () C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
C:\Users\Matthias\AppData\Roaming\SubFolder
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
reboot:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Starte noch einmal FRST.
|
|
20.10.2014, 15:17
| #5 |
| | winlogon.exe - ATRAPS.Gen Guten Tag Sandra, aufgewacht und ausgeruht gehts jetzt weiter  Muss noch erwähnen das ich heute Nacht noch zwei Aktionen 'eigenmächtig' ausgeführt habe: 1. habe ich Avira Anti-Vir Free vom Rechner geschmissen ...inkl. Reg-Einträge ( ) und 2. hab ich Malwarebytes Free installiert, drüberlaufen lassen und die Funde entfernen lassen. Danach war zumindest das Fenster mit der Meldung weg und es werden von Malware keine Funde mehr genannt. Das ist der aktuelle Stand und ab jetzt werde ich mich punktgenau nach deinen Anweisungen richten  Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-10-2014
Ran by Matthias at 2014-10-20 16:05:39 Run:1
Running from D:\
Loaded Profile: Matthias (Available profiles: Matthias)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
() C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
C:\Users\Matthias\AppData\Roaming\SubFolder
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
reboot:
*****************
C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe => No running process found
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => Value not found.
C:\Users\Matthias\AppData\Roaming\SubFolder => Moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe" => File/Directory not found.
The system needed a reboot.
==== End of Fixlog ====
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014
Ran by Matthias (administrator) on MATTHIAS on 20-10-2014 16:12:54
Running from D:\
Loaded Profile: Matthias (Available profiles: Matthias)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Outertech) C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe
(Dropbox, Inc.) C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2014-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day0] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day1] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day2] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day3] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day4] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day5] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day6] => [X]
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-13]
Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-04-20]
CHR Extension: (Google*Übersetzer) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-04-20]
CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (Pushbullet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-04-20]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-04-20]
CHR Extension: (Session Buddy) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-04-20]
CHR Extension: (My JDownloader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2014-04-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-04-20]
CHR Extension: (AdBlock) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-20]
CHR Extension: (Cr!Box) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp [2014-04-20]
CHR Extension: (In Google Drive speichern) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-04-20]
CHR Extension: (Scroll To Top) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegiignepmecppikdlbohnnbfjdoaghj [2014-04-20]
CHR Extension: (ModHeader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2014-07-15]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-04-20]
CHR Extension: (Panel View for Keep) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2014-04-20]
CHR Extension: (LongClick New Tab) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphlcgnallcfbnpgmblmlmkehbffnoph [2014-04-20]
CHR Extension: (Reload All Tabs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2014-04-20]
CHR Extension: (Hangouts) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-04-20]
CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-20]
CHR Extension: (Close Right) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\npemobdkdcknhfaiioheeffincgpgafj [2014-04-20]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Matthias\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe [51016 2014-08-21] (Google Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [326760 2014-09-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2014-07-20] (Realtek Semiconductor)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-07-09] (ASRock Incorporation)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [X]
S3 GPU-Z; \??\C:\Users\Matthias\AppData\Local\Temp\GPU-Z.sys [X]
S3 mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-20 16:05 - 2014-10-20 16:12 - 00000000 ____D () C:\FRST
2014-10-20 05:00 - 2014-10-20 05:00 - 00102844 _____ () C:\ProgramData\1413773998.bdinstall.bin
2014-10-20 04:59 - 2014-10-20 04:59 - 00037671 _____ () C:\ProgramData\1413773997.bdinstall.bin
2014-10-20 04:56 - 2014-10-20 04:56 - 00174873 _____ () C:\ProgramData\1413773762.bdinstall.bin
2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\QuickScan
2014-10-20 04:56 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-10-19 14:31 - 2014-10-20 04:56 - 00001483 _____ () C:\Windows\setupact.log
2014-10-19 14:31 - 2014-10-19 14:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-19 05:54 - 2014-10-19 05:54 - 00000000 ____D () C:\Program Files\Calibre2
2014-10-19 05:15 - 2014-10-19 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy XIII
2014-10-14 20:32 - 2014-10-14 20:32 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-10-14 19:16 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 19:16 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 19:16 - 2014-09-10 08:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-10-14 19:16 - 2014-09-08 05:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-14 19:16 - 2014-09-08 05:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-14 19:16 - 2014-09-08 00:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-14 19:16 - 2014-09-05 00:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-14 19:16 - 2014-09-05 00:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-14 19:16 - 2014-09-04 05:15 - 00561416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-10-14 19:16 - 2014-09-04 05:14 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-10-14 19:16 - 2014-09-04 05:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-10-14 19:16 - 2014-09-04 04:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-10-14 19:16 - 2014-09-04 03:19 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-10-14 19:16 - 2014-09-04 03:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-10-14 19:16 - 2014-09-04 02:45 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-10-14 19:16 - 2014-09-04 02:41 - 01420288 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-14 19:16 - 2014-09-04 02:36 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-14 19:16 - 2014-09-04 02:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-10-14 19:16 - 2014-09-04 02:15 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-14 19:16 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-14 19:16 - 2014-09-04 01:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-14 19:16 - 2014-09-04 01:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-14 19:16 - 2014-08-31 02:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-10-14 19:16 - 2014-08-31 02:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-14 19:16 - 2014-08-31 00:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-14 19:16 - 2014-08-31 00:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-10-14 19:16 - 2014-08-30 23:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-10-14 19:16 - 2014-08-30 23:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-10-14 19:16 - 2014-08-30 22:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-10-14 19:16 - 2014-08-30 22:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-10-14 19:16 - 2014-08-28 04:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 19:16 - 2014-08-28 02:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-10-14 19:16 - 2014-08-28 02:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-10-14 19:16 - 2014-08-23 07:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-10-14 19:16 - 2014-08-23 07:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-10-14 19:16 - 2014-08-23 06:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-10-14 19:16 - 2014-08-02 02:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-10-14 19:16 - 2014-08-02 02:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-10-14 19:15 - 2014-09-28 00:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 19:15 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 19:15 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 19:15 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 19:15 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 19:15 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 19:15 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 19:15 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 19:15 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 19:15 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 19:15 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 19:15 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 19:15 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 19:15 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 19:15 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 19:15 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 19:15 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 19:15 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 19:15 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 19:15 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 19:15 - 2014-09-19 02:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 19:15 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 19:15 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 19:15 - 2014-09-19 02:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 19:15 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 19:15 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 19:15 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 19:15 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 19:15 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 19:15 - 2014-09-08 02:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-14 19:14 - 2014-09-13 08:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 19:14 - 2014-09-13 08:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 19:14 - 2014-09-13 07:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 19:14 - 2014-09-13 07:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 19:14 - 2014-09-08 05:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-14 19:14 - 2014-09-08 03:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-14 19:14 - 2014-09-08 03:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-14 19:14 - 2014-09-08 02:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-14 19:14 - 2014-09-08 02:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-14 19:14 - 2014-09-08 02:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-14 19:14 - 2014-09-08 02:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-14 19:14 - 2014-09-08 02:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-14 19:14 - 2014-09-08 02:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-14 19:14 - 2014-09-08 01:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-14 19:14 - 2014-09-08 01:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-14 19:14 - 2014-09-08 01:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-14 19:14 - 2014-09-08 01:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-14 19:14 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 19:14 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-09-29 20:25 - 2014-09-29 20:35 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\FileBot
2014-09-20 07:50 - 2014-09-17 06:51 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-09-20 07:50 - 2014-09-17 06:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-09-20 07:50 - 2014-09-17 06:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-09-20 07:50 - 2014-09-14 01:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00834880 _____ () C:\Windows\system32\nvmcumd.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-09-20 07:50 - 2014-09-14 01:48 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-20 16:12 - 2014-07-05 23:47 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\NetSpeedMonitor
2014-10-20 16:12 - 2014-03-18 12:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 16:12 - 2014-03-18 11:25 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2014-10-20 16:12 - 2014-03-18 11:25 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2014-10-20 16:07 - 2014-05-20 18:16 - 00005084 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MATTHIAS-Matthias Matthias
2014-10-20 16:06 - 2014-04-20 17:21 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Dropbox
2014-10-20 16:06 - 2014-04-20 09:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-20 16:06 - 2014-03-18 03:51 - 00372728 _____ () C:\Windows\PFRO.log
2014-10-20 16:06 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 16:05 - 2014-04-20 17:40 - 00000000 ____D () C:\Program Files\JDownloader
2014-10-20 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-20 15:52 - 2014-04-20 09:32 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 10:32 - 2014-09-10 20:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-20 09:31 - 2014-04-20 09:28 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-357331442-1347990815-2063067355-1001
2014-10-20 08:18 - 2014-04-20 09:19 - 01292382 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 08:00 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-20 07:54 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\L2Schemas
2014-10-20 07:54 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-20 05:33 - 2014-04-20 17:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-20 05:27 - 2014-04-20 17:26 - 00014860 _____ () C:\Users\Matthias\Documents\metadata_db_prefs_backup.json
2014-10-20 05:27 - 2014-04-20 17:25 - 00185344 _____ () C:\Users\Matthias\Documents\metadata.db
2014-10-20 04:29 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Packages
2014-10-20 04:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-20 01:24 - 2014-07-29 17:06 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-10-19 08:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-19 05:21 - 2014-06-07 19:32 - 00000000 ____D () C:\ProgramData\Steam
2014-10-17 20:47 - 2014-04-20 09:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 20:47 - 2014-04-20 09:32 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 15:16 - 2013-08-22 16:44 - 00434768 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 04:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-10-14 19:55 - 2014-06-07 19:12 - 00101329 _____ () C:\Windows\DirectX.log
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2014-10-14 19:26 - 2014-05-01 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-14 19:26 - 2014-05-01 18:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-14 19:26 - 2014-04-20 09:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 19:26 - 2013-08-22 15:25 - 00000167 _____ () C:\Windows\win.ini
2014-10-14 19:24 - 2014-04-20 09:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 17:01 - 2014-06-12 02:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-14 04:33 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias
2014-10-13 15:22 - 2014-08-13 16:06 - 00000000 ____D () C:\Users\Matthias\Downloads\LiveSetup
2014-10-01 23:48 - 2014-04-20 09:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-30 00:45 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-30 00:45 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 08:42 - 2014-04-20 09:29 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-20 19:12 - 2014-07-29 17:06 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-20 07:51 - 2014-05-17 17:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-20 07:51 - 2014-05-17 17:46 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\avgnt.exe
C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa1btw4.dll
C:\Users\Matthias\AppData\Local\Temp\proxy_vole1715959011113459827.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-20 04:36
==================== End Of Log ============================
--- --- --- |
|
20.10.2014, 22:20
| #6 | |
| Ruhe in Frieden † 2019 | winlogon.exe - ATRAPS.Gen Hallo, viel besser Mir ist aufgefallen, dass du einen Crack von Final Fantasy auf dem Rechner hast, der muss bitte runter sonst können wir nicht weitermachen: Zitat:
Supportunterbrechung  Lesestoff:Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert. Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle solange nicht weiter bereinigen, bis die Software entfernt wurde. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen. Bitte entscheide Dich also, wie Du weiter vorgehen möchtest und teile mir dieses hier in Deinem Thread mit. Unsere Hilfe beschränkt sich, wenn Du diese Software nicht entfernst, nur auf das Neuaufsetzen und Absichern deines Systems. Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum.
__________________ --> winlogon.exe - ATRAPS.Gen |
|
21.10.2014, 15:27
| #7 | |
| | winlogon.exe - ATRAPS.GenZitat:
sehr sehr gerne und was soll ich hier groß rumschwadronieren/lügen: dadurch hab ICH mir wohl den MIST auf den Rechner geholt  FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014 Ran by Matthias (administrator) on MATTHIAS on 21-10-2014 16:24:59 Running from D:\ Loaded Profile: Matthias (Available profiles: Matthias) Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (FinalWire Ltd.) C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Outertech) C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe (Dropbox, Inc.) C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2014-07-20] (Realtek Semiconductor) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.) HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google) HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech) HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ASRock A-Tuning] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day0] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day1] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day2] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day3] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day4] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day5] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day6] => [X] Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-13] Chrome: ======= CHR HomePage: Default -> CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Easy Auto Refresh) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-04-20] CHR Extension: (Google*Übersetzer) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-04-20] CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-20] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10] CHR Extension: (Pushbullet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-04-20] CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-04-20] CHR Extension: (Session Buddy) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-04-20] CHR Extension: (My JDownloader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2014-04-20] CHR Extension: (Chrome Remote Desktop) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-04-20] CHR Extension: (AdBlock) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-20] CHR Extension: (Cr!Box) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp [2014-04-20] CHR Extension: (In Google Drive speichern) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-04-20] CHR Extension: (Scroll To Top) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegiignepmecppikdlbohnnbfjdoaghj [2014-04-20] CHR Extension: (ModHeader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2014-07-15] CHR Extension: (WEB.DE MailCheck) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-04-20] CHR Extension: (Panel View for Keep) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2014-04-20] CHR Extension: (LongClick New Tab) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphlcgnallcfbnpgmblmlmkehbffnoph [2014-04-20] CHR Extension: (Reload All Tabs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2014-04-20] CHR Extension: (Hangouts) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-04-20] CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-20] CHR Extension: (Close Right) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\npemobdkdcknhfaiioheeffincgpgafj [2014-04-20] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Matthias\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed] R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe [51016 2014-08-21] (Google Inc.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [326760 2014-09-03] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation) S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2014-07-20] (Realtek Semiconductor) S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation) R3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 [34136 2014-10-06] () S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-07-09] (ASRock Incorporation) R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation) S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] () S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] () S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] () R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) R3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation) S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [X] S3 GPU-Z; \??\C:\Users\Matthias\AppData\Local\Temp\GPU-Z.sys [X] S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-21 16:24 - 2014-10-21 16:25 - 00000000 ____D () C:\FRST 2014-10-20 16:50 - 2014-10-20 16:50 - 00003222 _____ () C:\Windows\System32\Tasks\AIDA64 AutoStart 2014-10-20 16:34 - 2014-10-20 16:34 - 00000000 ____D () C:\Program Files (x86)\FinalWire 2014-10-20 16:17 - 2014-10-21 02:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-20 16:17 - 2014-10-20 16:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-20 16:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-20 16:17 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-20 16:17 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-20 05:00 - 2014-10-20 05:00 - 00102844 _____ () C:\ProgramData\1413773998.bdinstall.bin 2014-10-20 04:59 - 2014-10-20 04:59 - 00037671 _____ () C:\ProgramData\1413773997.bdinstall.bin 2014-10-20 04:56 - 2014-10-20 04:56 - 00174873 _____ () C:\ProgramData\1413773762.bdinstall.bin 2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Windows\LastGood.Tmp 2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\QuickScan 2014-10-20 04:56 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys 2014-10-19 14:31 - 2014-10-20 04:56 - 00001483 _____ () C:\Windows\setupact.log 2014-10-19 14:31 - 2014-10-19 14:31 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-19 05:54 - 2014-10-19 05:54 - 00000000 ____D () C:\Program Files\Calibre2 2014-10-19 05:15 - 2014-10-19 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy XIII 2014-10-14 20:32 - 2014-10-14 20:32 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2014-10-14 19:16 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-14 19:16 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-14 19:16 - 2014-09-10 08:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-10-14 19:16 - 2014-09-08 05:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-10-14 19:16 - 2014-09-08 05:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-10-14 19:16 - 2014-09-08 00:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml 2014-10-14 19:16 - 2014-09-05 00:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-10-14 19:16 - 2014-09-05 00:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-10-14 19:16 - 2014-09-04 05:15 - 00561416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-10-14 19:16 - 2014-09-04 05:14 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-10-14 19:16 - 2014-09-04 05:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2014-10-14 19:16 - 2014-09-04 04:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2014-10-14 19:16 - 2014-09-04 03:19 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2014-10-14 19:16 - 2014-09-04 03:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2014-10-14 19:16 - 2014-09-04 02:45 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-10-14 19:16 - 2014-09-04 02:41 - 01420288 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-10-14 19:16 - 2014-09-04 02:36 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-10-14 19:16 - 2014-09-04 02:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2014-10-14 19:16 - 2014-09-04 02:15 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-10-14 19:16 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll 2014-10-14 19:16 - 2014-09-04 01:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2014-10-14 19:16 - 2014-09-04 01:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2014-10-14 19:16 - 2014-08-31 02:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2014-10-14 19:16 - 2014-08-31 02:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-10-14 19:16 - 2014-08-31 00:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-10-14 19:16 - 2014-08-31 00:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll 2014-10-14 19:16 - 2014-08-30 23:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll 2014-10-14 19:16 - 2014-08-30 23:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2014-10-14 19:16 - 2014-08-30 22:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll 2014-10-14 19:16 - 2014-08-30 22:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-10-14 19:16 - 2014-08-28 04:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-14 19:16 - 2014-08-28 02:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-10-14 19:16 - 2014-08-28 02:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-10-14 19:16 - 2014-08-23 07:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-10-14 19:16 - 2014-08-23 07:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-10-14 19:16 - 2014-08-23 06:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2014-10-14 19:16 - 2014-08-02 02:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2014-10-14 19:16 - 2014-08-02 02:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2014-10-14 19:15 - 2014-09-28 00:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-14 19:15 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-14 19:15 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-14 19:15 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-14 19:15 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-14 19:15 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-14 19:15 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-14 19:15 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-14 19:15 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-14 19:15 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-14 19:15 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-14 19:15 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-14 19:15 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-14 19:15 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-14 19:15 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-14 19:15 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-14 19:15 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-14 19:15 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-14 19:15 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-14 19:15 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-14 19:15 - 2014-09-19 02:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-14 19:15 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-14 19:15 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-14 19:15 - 2014-09-19 02:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-14 19:15 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-14 19:15 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-14 19:15 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-14 19:15 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-14 19:15 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-14 19:15 - 2014-09-08 02:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-10-14 19:14 - 2014-09-13 08:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-14 19:14 - 2014-09-13 08:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-14 19:14 - 2014-09-13 07:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-14 19:14 - 2014-09-13 07:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-14 19:14 - 2014-09-08 05:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-10-14 19:14 - 2014-09-08 03:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-10-14 19:14 - 2014-09-08 03:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-10-14 19:14 - 2014-09-08 02:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-10-14 19:14 - 2014-09-08 02:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-10-14 19:14 - 2014-09-08 02:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-10-14 19:14 - 2014-09-08 02:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-10-14 19:14 - 2014-09-08 02:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-10-14 19:14 - 2014-09-08 02:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-10-14 19:14 - 2014-09-08 01:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-10-14 19:14 - 2014-09-08 01:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-10-14 19:14 - 2014-09-08 01:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-10-14 19:14 - 2014-09-08 01:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-10-14 19:14 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-14 19:14 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-09-29 20:25 - 2014-09-29 20:35 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\FileBot ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-21 16:24 - 2014-07-05 23:47 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\NetSpeedMonitor 2014-10-21 16:21 - 2014-04-20 09:28 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-357331442-1347990815-2063067355-1001 2014-10-21 16:21 - 2014-04-20 09:19 - 01576904 _____ () C:\Windows\WindowsUpdate.log 2014-10-21 16:21 - 2014-03-18 12:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-21 16:21 - 2014-03-18 11:25 - 00764340 _____ () C:\Windows\system32\perfh007.dat 2014-10-21 16:21 - 2014-03-18 11:25 - 00159160 _____ () C:\Windows\system32\perfc007.dat 2014-10-21 16:17 - 2014-05-20 18:16 - 00005084 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MATTHIAS-Matthias Matthias 2014-10-21 16:17 - 2014-04-20 17:21 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Dropbox 2014-10-21 16:16 - 2014-04-20 09:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-21 16:16 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-21 08:32 - 2014-09-10 20:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-21 08:18 - 2014-04-20 17:40 - 00000000 ____D () C:\Program Files\JDownloader 2014-10-21 08:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2014-10-21 07:52 - 2014-04-20 09:32 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-20 20:21 - 2014-03-18 03:51 - 00373108 _____ () C:\Windows\PFRO.log 2014-10-20 08:00 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-10-20 07:54 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\L2Schemas 2014-10-20 07:54 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-10-20 05:33 - 2014-04-20 17:47 - 00000000 ____D () C:\ProgramData\Package Cache 2014-10-20 05:27 - 2014-04-20 17:26 - 00014860 _____ () C:\Users\Matthias\Documents\metadata_db_prefs_backup.json 2014-10-20 05:27 - 2014-04-20 17:25 - 00185344 _____ () C:\Users\Matthias\Documents\metadata.db 2014-10-20 04:29 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Packages 2014-10-20 04:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-10-20 01:24 - 2014-07-29 17:06 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc 2014-10-19 08:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-10-19 05:21 - 2014-06-07 19:32 - 00000000 ____D () C:\ProgramData\Steam 2014-10-17 20:47 - 2014-04-20 09:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-17 20:47 - 2014-04-20 09:32 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-17 15:16 - 2013-08-22 16:44 - 00434768 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-15 04:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache 2014-10-14 19:55 - 2014-06-07 19:12 - 00101329 _____ () C:\Windows\DirectX.log 2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData 2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer 2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager 2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera 2014-10-14 19:26 - 2014-05-01 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-10-14 19:26 - 2014-05-01 18:21 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-14 19:26 - 2014-04-20 09:29 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-14 19:26 - 2013-08-22 15:25 - 00000167 _____ () C:\Windows\win.ini 2014-10-14 19:24 - 2014-04-20 09:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-14 17:01 - 2014-06-12 02:38 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-10-14 04:33 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias 2014-10-13 15:22 - 2014-08-13 16:06 - 00000000 ____D () C:\Users\Matthias\Downloads\LiveSetup 2014-10-01 23:48 - 2014-04-20 09:32 - 00000000 ____D () C:\Program Files (x86)\Google 2014-09-30 00:45 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-30 00:45 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-22 08:42 - 2014-04-20 09:29 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\Matthias\AppData\Local\Temp\avgnt.exe C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpphmoxi.dll C:\Users\Matthias\AppData\Local\Temp\proxy_vole4831581362691995291.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-20 04:36 ==================== End Of Log ============================ |
|
21.10.2014, 23:17
| #8 | |
| Ruhe in Frieden † 2019 | winlogon.exe - ATRAPS.Gen Hallo, Zitat:
 Wir machen jetzt Kontrollscans: Malwarebytes hast du ja schon laufen lassen, bitte poste mir das Log davon. Schritt 1
Schritt 2 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern ESET Online Scanner
Schritt 3 Starte noch einmal FRST.
|
|
22.10.2014, 04:07
| #9 |
| | winlogon.exe - ATRAPS.Gen Eset meldet noch Funde  Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 20.10.2014 Suchlauf-Zeit: 00:15:51 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.09.19.05 Rootkit Datenbank: v2014.10.17.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Matthias Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 303968 Verstrichene Zeit: 6 Min, 27 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 22 Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\60.exe, 3408, , [bbc630bf7efd02347559fb27b050659b] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\395.exe, 1060, , [077a2fc0780337ffce0034ee34ccd030] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\985.exe, 1616, , [ff829b540378f244a826869cb14f5ea2] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\870.exe, 5620, , [2a578768334820168c421909ae528f71] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\211.exe, 4992, , [29580ae5215a6fc77757b66c8b75b34d] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\829.exe, 820, , [8af7aa45abd0d462c00ef032f907629e] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\174.exe, 5088, , [5a27c629bfbc50e65579c95940c0817f] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\967.exe, 6388, , [047da24d7b00a492e7e7cb570cf48d73] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\320.exe, 6664, , [c3be539cf08b76c0af1f3ee4629e7a86] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\662.exe, 6948, , [1a6702ed8cefe5515975170be02042be] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\264.exe, 6184, , [1d645a951764d95dc509d44ed729768a] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\932.exe, 7104, , [6021c32c6615db5b1db1be64e7193dc3] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\739.exe, 2480, , [324ff5fa176404323f8fdc4643bd19e7] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\545.exe, 1036, , [9de48f606318ca6c0dc1d64ced13a858] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\355.exe, 6152, , [bec308e7d8a3cf674a8469b9768ad729] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\205.exe, 5196, , [b0d1915e601b06305c72ab77f70912ee] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\214.exe, 5588, , [a0e1b03f3a41290d26a8e43eaf5105fb] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\554.exe, 900, , [2160f5fa7dfef442339b26fc629e23dd] Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\175.exe, 752, , [6f1224cb176439fdc20cad7598687987] Trojan.Dropper, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe, 360, , [c1c02fc06714ae88634cf80c13f0b14f] Trojan.Agent, C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe, 6180, , [344d10dfee8d3bfb0b9c65cf9d6639c7] Backdoor.Agent.DC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe, 3880, , [651cdb142e4de84e0879f20609faba46] Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 1 Malware.Trace, HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\DC3_FEXEC, , [5031559a394265d1b5c4dffc6d96ea16], Registrierungswerte: 2 Backdoor.Agent.DCE, HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Winlogon, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe, , [2f526f801d5e989e81dca4cfdd2753ad] Backdoor.Agent.DC, HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MicroUpdate, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe, , [651cdb142e4de84e0879f20609faba46] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 31 Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\60.exe, , [bbc630bf7efd02347559fb27b050659b], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\395.exe, , [077a2fc0780337ffce0034ee34ccd030], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\985.exe, , [ff829b540378f244a826869cb14f5ea2], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\870.exe, , [2a578768334820168c421909ae528f71], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\211.exe, , [29580ae5215a6fc77757b66c8b75b34d], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\829.exe, , [8af7aa45abd0d462c00ef032f907629e], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\174.exe, , [5a27c629bfbc50e65579c95940c0817f], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\967.exe, , [047da24d7b00a492e7e7cb570cf48d73], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\320.exe, , [c3be539cf08b76c0af1f3ee4629e7a86], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\662.exe, , [1a6702ed8cefe5515975170be02042be], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\264.exe, , [1d645a951764d95dc509d44ed729768a], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\932.exe, , [6021c32c6615db5b1db1be64e7193dc3], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\739.exe, , [324ff5fa176404323f8fdc4643bd19e7], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\545.exe, , [9de48f606318ca6c0dc1d64ced13a858], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\355.exe, , [bec308e7d8a3cf674a8469b9768ad729], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\205.exe, , [b0d1915e601b06305c72ab77f70912ee], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\214.exe, , [a0e1b03f3a41290d26a8e43eaf5105fb], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\554.exe, , [2160f5fa7dfef442339b26fc629e23dd], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\175.exe, , [6f1224cb176439fdc20cad7598687987], Backdoor.MSIL.PGen, C:\Users\Matthias\AppData\Roaming\loader_crypt.exe, , [1c65eb04403bb086ab5bd5c3bb457a86], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\886.exe, , [b9c829c67308ac8a06c8d84a916ffc04], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\71.exe, , [2f52549baecdaf87d3fb061cf30de61a], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\421.exe, , [8ef39a55adce21158549a280b44ccb35], Trojan.WolfRat, C:\Users\Matthias\AppData\Local\Temp\552.exe, , [d3ae707f017a0b2bf0de0022f40cf10f], Trojan.Dropper, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\csrss.exe, , [c1c02fc06714ae88634cf80c13f0b14f], Trojan.Agent, C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe, , [344d10dfee8d3bfb0b9c65cf9d6639c7], Trojan.Bitminer, C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.bat, , [671a6986ec8fd46256db046fa85cea16], Trojan.Bitminer, C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.vbs, , [b2cfa34cc9b2181e230e165d4fb53dc3], Trojan.Bitminer, C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\cpu.exe, , [9fe28a65770478be76bd076cea1af30d], Backdoor.Agent.DCE, C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe, , [2f526f801d5e989e81dca4cfdd2753ad], Backdoor.Agent.DC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe, , [651cdb142e4de84e0879f20609faba46], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7f4c36a712870140ac0230bc3ff4a24d
# engine=20714
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2014-10-22 02:39:58
# local_time=2014-10-22 04:39:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 30535 18329119 0 0
# scanned=169687
# found=2
# cleaned=0
# scan_time=1932
sh=D0331DA3D821ACA77304F9D2F8654203CC1473BA ft=1 fh=05b393ca614acd65 vn="Win64/CoinMiner.V Trojaner" ac=I fn="C:\Users\Matthias\AppData\Roaming\upc.exe"
sh=7641C21A0E506F4ADFDF81A182296C070ED3B41F ft=0 fh=0000000000000000 vn="VBS/Runner.NCQ Trojaner" ac=I fn="C:\Users\Matthias\AppData\Roaming\upc.vbs"
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014 Ran by Matthias (administrator) on MATTHIAS on 22-10-2014 05:01:58 Running from D:\ Loaded Profile: Matthias (Available profiles: Matthias) Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (FinalWire Ltd.) C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Outertech) C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe (Dropbox, Inc.) C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe () C:\Users\Matthias\Documents\GIGABYTE\GIGABYTE Sim\Mouse.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2014-07-20] (Realtek Semiconductor) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation) HKLM-x32\...\Run: [GIGABYTEMOUSE] => C:\Users\Matthias\Documents\GIGABYTE\GIGABYTE Sim\Mouse.exe [1311552 2014-08-28] () Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.) HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google) HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech) HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ASRock A-Tuning] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day0] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day1] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day2] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day3] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day4] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day5] => [X] HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day6] => [X] Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-13] Chrome: ======= CHR HomePage: Default -> CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Easy Auto Refresh) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-04-20] CHR Extension: (Google*Übersetzer) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-04-20] CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-20] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10] CHR Extension: (Pushbullet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-04-20] CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-04-20] CHR Extension: (Session Buddy) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-04-20] CHR Extension: (My JDownloader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2014-04-20] CHR Extension: (Chrome Remote Desktop) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-04-20] CHR Extension: (AdBlock) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-20] CHR Extension: (Cr!Box) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp [2014-04-20] CHR Extension: (In Google Drive speichern) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-04-20] CHR Extension: (Scroll To Top) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegiignepmecppikdlbohnnbfjdoaghj [2014-04-20] CHR Extension: (ModHeader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2014-07-15] CHR Extension: (WEB.DE MailCheck) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-04-20] CHR Extension: (Panel View for Keep) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2014-04-20] CHR Extension: (LongClick New Tab) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphlcgnallcfbnpgmblmlmkehbffnoph [2014-04-20] CHR Extension: (Reload All Tabs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2014-04-20] CHR Extension: (Hangouts) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-04-20] CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-20] CHR Extension: (Close Right) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\npemobdkdcknhfaiioheeffincgpgafj [2014-04-20] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Matthias\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed] R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe [51016 2014-08-21] (Google Inc.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-14] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation) S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2014-07-20] (Realtek Semiconductor) S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation) R3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 [34136 2014-10-06] () S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-07-09] (ASRock Incorporation) R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation) S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] () S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] () S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] () R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) R3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation) S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [X] S3 GPU-Z; \??\C:\Users\Matthias\AppData\Local\Temp\GPU-Z.sys [X] S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-22 05:01 - 2014-10-22 05:01 - 00000000 ____D () C:\FRST 2014-10-22 04:05 - 2014-10-22 04:05 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-10-21 20:55 - 2014-10-21 20:55 - 00000000 ____D () C:\Users\Matthias\Documents\GIGABYTE 2014-10-21 17:02 - 2014-10-21 17:02 - 00000000 ____D () C:\Windows\LastGood 2014-10-20 16:50 - 2014-10-20 16:50 - 00003222 _____ () C:\Windows\System32\Tasks\AIDA64 AutoStart 2014-10-20 16:34 - 2014-10-20 16:34 - 00000000 ____D () C:\Program Files (x86)\FinalWire 2014-10-20 16:17 - 2014-10-22 03:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-20 16:17 - 2014-10-20 16:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-20 16:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-20 16:17 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-20 16:17 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-20 05:00 - 2014-10-20 05:00 - 00102844 _____ () C:\ProgramData\1413773998.bdinstall.bin 2014-10-20 04:59 - 2014-10-20 04:59 - 00037671 _____ () C:\ProgramData\1413773997.bdinstall.bin 2014-10-20 04:56 - 2014-10-20 04:56 - 00174873 _____ () C:\ProgramData\1413773762.bdinstall.bin 2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Windows\LastGood.Tmp 2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\QuickScan 2014-10-20 04:56 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys 2014-10-19 14:31 - 2014-10-21 17:04 - 00001689 _____ () C:\Windows\setupact.log 2014-10-19 14:31 - 2014-10-19 14:31 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-19 05:54 - 2014-10-19 05:54 - 00000000 ____D () C:\Program Files\Calibre2 2014-10-19 05:15 - 2014-10-19 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy XIII 2014-10-14 23:50 - 2014-10-14 23:50 - 02880848 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiVAD64.exe 2014-10-14 23:50 - 2014-10-14 23:50 - 02775400 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAAC64.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 02020352 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 01512296 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSecureSourceFilter64.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 01365504 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00957528 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiWinNextAgent64.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00734720 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00688640 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00672048 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAudioFilter64.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00616240 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMux64.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00472464 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUMS64.exe 2014-10-14 23:50 - 2014-10-14 23:50 - 00457616 _____ () C:\Windows\system32\igfxTray.exe 2014-10-14 23:50 - 2014-10-14 23:50 - 00403671 _____ () C:\Windows\system32\ImageStabilization.wmv 2014-10-14 23:50 - 2014-10-14 23:50 - 00372736 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00372224 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00354096 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSilenceFilter64.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00304128 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00304016 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe 2014-10-14 23:50 - 2014-10-14 23:50 - 00279952 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe 2014-10-14 23:50 - 2014-10-14 23:50 - 00273408 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00266032 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUtils64.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00254976 _____ () C:\Windows\system32\igfxCPL.cpl 2014-10-14 23:50 - 2014-10-14 23:50 - 00246672 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe 2014-10-14 23:50 - 2014-10-14 23:50 - 00224256 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00207496 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00197424 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiDDEAgent64.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00195984 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe 2014-10-14 23:50 - 2014-10-14 23:50 - 00183296 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3977.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00175024 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00134960 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMCUMD64.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00126312 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiLogServer64.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00082432 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00069632 _____ () C:\Windows\system32\igfxCUIServicePS.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00069632 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00059392 _____ ( ) C:\Windows\system32\igfxDHLib.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00031408 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00030720 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00010752 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00010752 _____ ( ) C:\Windows\system32\igfxDILib.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll 2014-10-14 23:50 - 2014-10-14 23:50 - 00004020 _____ () C:\Windows\system32\iglhxs64.vp 2014-10-14 23:49 - 2014-10-14 23:49 - 24185912 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 23999488 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 23391264 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 18872832 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 17285448 _____ () C:\Windows\system32\igd11dxva64.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 16811648 _____ () C:\Windows\SysWOW64\igd11dxva32.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 08187392 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 07668736 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 05889000 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 04850104 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys 2014-10-14 23:49 - 2014-10-14 23:49 - 04640104 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 01061376 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 00629784 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 00510304 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 00397824 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 00349696 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 00225792 _____ () C:\Windows\system32\igdde64.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 00207872 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 00186368 _____ () C:\Windows\SysWOW64\igdde32.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 00175104 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 00162304 _____ (Intel Corporation) C:\Windows\system32\igdail64.dll 2014-10-14 23:49 - 2014-10-14 23:49 - 00144896 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll 2014-10-14 23:48 - 2014-10-14 23:48 - 09122816 _____ (Intel Corporation) C:\Windows\system32\ig75icd64.dll 2014-10-14 23:48 - 2014-10-14 23:48 - 07768744 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll 2014-10-14 23:48 - 2014-10-14 23:48 - 07205376 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll 2014-10-14 23:48 - 2014-10-14 23:48 - 07070880 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll 2014-10-14 23:48 - 2014-10-14 23:48 - 01131008 _____ (Intel Corporation) C:\Windows\system32\GfxResources.dll 2014-10-14 23:48 - 2014-10-14 23:48 - 01020816 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe 2014-10-14 23:48 - 2014-10-14 23:48 - 01017232 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe 2014-10-14 23:48 - 2014-10-14 23:48 - 00641530 _____ () C:\Windows\system32\FilmModeDetection.wmv 2014-10-14 23:48 - 2014-10-14 23:48 - 00418704 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe 2014-10-14 23:48 - 2014-10-14 23:48 - 00338832 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe 2014-10-14 23:48 - 2014-10-14 23:48 - 00338832 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe 2014-10-14 23:48 - 2014-10-14 23:48 - 00155536 _____ (Intel Corporation) C:\Windows\system32\difx64.exe 2014-10-14 23:47 - 2014-10-14 23:47 - 00375173 _____ () C:\Windows\system32\ColorImageEnhancement.wmv 2014-10-14 20:32 - 2014-10-14 20:32 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2014-10-14 19:16 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-14 19:16 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-14 19:16 - 2014-09-10 08:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-10-14 19:16 - 2014-09-08 05:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-10-14 19:16 - 2014-09-08 05:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-10-14 19:16 - 2014-09-08 00:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml 2014-10-14 19:16 - 2014-09-05 00:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-10-14 19:16 - 2014-09-05 00:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-10-14 19:16 - 2014-09-04 05:15 - 00561416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-10-14 19:16 - 2014-09-04 05:14 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-10-14 19:16 - 2014-09-04 05:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2014-10-14 19:16 - 2014-09-04 04:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2014-10-14 19:16 - 2014-09-04 03:19 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2014-10-14 19:16 - 2014-09-04 03:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2014-10-14 19:16 - 2014-09-04 02:45 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-10-14 19:16 - 2014-09-04 02:41 - 01420288 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-10-14 19:16 - 2014-09-04 02:36 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-10-14 19:16 - 2014-09-04 02:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2014-10-14 19:16 - 2014-09-04 02:15 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-10-14 19:16 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll 2014-10-14 19:16 - 2014-09-04 01:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2014-10-14 19:16 - 2014-09-04 01:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2014-10-14 19:16 - 2014-08-31 02:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2014-10-14 19:16 - 2014-08-31 02:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-10-14 19:16 - 2014-08-31 00:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-10-14 19:16 - 2014-08-31 00:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll 2014-10-14 19:16 - 2014-08-30 23:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll 2014-10-14 19:16 - 2014-08-30 23:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2014-10-14 19:16 - 2014-08-30 22:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll 2014-10-14 19:16 - 2014-08-30 22:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-10-14 19:16 - 2014-08-28 04:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-14 19:16 - 2014-08-28 02:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-10-14 19:16 - 2014-08-28 02:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-10-14 19:16 - 2014-08-23 07:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-10-14 19:16 - 2014-08-23 07:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-10-14 19:16 - 2014-08-23 06:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2014-10-14 19:16 - 2014-08-02 02:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2014-10-14 19:16 - 2014-08-02 02:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2014-10-14 19:15 - 2014-09-28 00:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-14 19:15 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-14 19:15 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-14 19:15 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-14 19:15 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-14 19:15 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-14 19:15 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-14 19:15 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-14 19:15 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-14 19:15 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-14 19:15 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-14 19:15 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-14 19:15 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-14 19:15 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-14 19:15 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-14 19:15 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-14 19:15 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-14 19:15 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-14 19:15 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-14 19:15 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-14 19:15 - 2014-09-19 02:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-14 19:15 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-14 19:15 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-14 19:15 - 2014-09-19 02:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-14 19:15 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-14 19:15 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-14 19:15 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-14 19:15 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-14 19:15 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-14 19:15 - 2014-09-08 02:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-10-14 19:14 - 2014-09-13 08:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-14 19:14 - 2014-09-13 08:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-14 19:14 - 2014-09-13 07:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-14 19:14 - 2014-09-13 07:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-14 19:14 - 2014-09-08 05:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-10-14 19:14 - 2014-09-08 03:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-10-14 19:14 - 2014-09-08 03:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-10-14 19:14 - 2014-09-08 02:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-10-14 19:14 - 2014-09-08 02:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-10-14 19:14 - 2014-09-08 02:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-10-14 19:14 - 2014-09-08 02:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-10-14 19:14 - 2014-09-08 02:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-10-14 19:14 - 2014-09-08 02:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-10-14 19:14 - 2014-09-08 01:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-10-14 19:14 - 2014-09-08 01:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-10-14 19:14 - 2014-09-08 01:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-10-14 19:14 - 2014-09-08 01:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-10-14 19:14 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-14 19:14 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-07 01:53 - 2014-10-07 01:41 - 00042288 _____ (Intel Corporation) C:\Windows\system32\Drivers\intelaud.sys 2014-10-07 01:53 - 2014-10-07 01:41 - 00030512 _____ (Intel Corporation) C:\Windows\system32\Drivers\iwdbus.sys 2014-09-29 20:25 - 2014-09-29 20:35 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\FileBot ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-22 05:01 - 2014-07-05 23:47 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\NetSpeedMonitor 2014-10-22 05:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2014-10-22 04:54 - 2014-04-20 09:19 - 01807058 _____ () C:\Windows\WindowsUpdate.log 2014-10-22 04:52 - 2014-04-20 09:32 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-22 04:32 - 2014-09-10 20:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-22 04:15 - 2014-05-20 18:16 - 00005084 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MATTHIAS-Matthias Matthias 2014-10-22 04:11 - 2014-03-18 12:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-22 04:11 - 2014-03-18 11:25 - 00764340 _____ () C:\Windows\system32\perfh007.dat 2014-10-22 04:11 - 2014-03-18 11:25 - 00159160 _____ () C:\Windows\system32\perfc007.dat 2014-10-22 04:05 - 2014-04-20 17:21 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Dropbox 2014-10-22 04:04 - 2014-04-20 09:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-22 04:04 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-22 02:27 - 2014-04-20 17:40 - 00000000 ____D () C:\Program Files\JDownloader 2014-10-22 02:22 - 2014-07-29 17:06 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc 2014-10-21 22:52 - 2014-04-20 09:28 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-357331442-1347990815-2063067355-1001 2014-10-21 17:25 - 2014-04-20 10:41 - 00000425 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2014-10-21 17:25 - 2014-04-20 09:24 - 00000000 ____D () C:\Intel 2014-10-21 16:34 - 2014-04-20 11:07 - 00025812 _____ () C:\Windows\LDPINST.LOG 2014-10-20 20:21 - 2014-03-18 03:51 - 00373108 _____ () C:\Windows\PFRO.log 2014-10-20 08:00 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-10-20 07:54 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\L2Schemas 2014-10-20 07:54 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-10-20 05:33 - 2014-04-20 17:47 - 00000000 ____D () C:\ProgramData\Package Cache 2014-10-20 05:27 - 2014-04-20 17:26 - 00014860 _____ () C:\Users\Matthias\Documents\metadata_db_prefs_backup.json 2014-10-20 05:27 - 2014-04-20 17:25 - 00185344 _____ () C:\Users\Matthias\Documents\metadata.db 2014-10-20 04:29 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Packages 2014-10-20 04:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-10-19 08:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-10-19 05:21 - 2014-06-07 19:32 - 00000000 ____D () C:\ProgramData\Steam 2014-10-17 20:47 - 2014-04-20 09:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-17 20:47 - 2014-04-20 09:32 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-17 15:16 - 2013-08-22 16:44 - 00434768 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-15 04:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache 2014-10-14 23:50 - 2014-04-20 09:24 - 00082432 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL 2014-10-14 23:50 - 2014-04-20 09:24 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL 2014-10-14 23:50 - 2014-03-17 16:33 - 00329104 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe 2014-10-14 19:55 - 2014-06-07 19:12 - 00101329 _____ () C:\Windows\DirectX.log 2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData 2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer 2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager 2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera 2014-10-14 19:26 - 2014-05-01 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-10-14 19:26 - 2014-05-01 18:21 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-14 19:26 - 2014-04-20 09:29 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-14 19:26 - 2013-08-22 15:25 - 00000167 _____ () C:\Windows\win.ini 2014-10-14 19:24 - 2014-04-20 09:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-14 17:01 - 2014-06-12 02:38 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-10-14 04:33 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias 2014-10-13 15:22 - 2014-08-13 16:06 - 00000000 ____D () C:\Users\Matthias\Downloads\LiveSetup 2014-10-01 23:48 - 2014-04-20 09:32 - 00000000 ____D () C:\Program Files (x86)\Google 2014-09-30 00:45 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-30 00:45 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-22 08:42 - 2014-04-20 09:29 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\Matthias\AppData\Local\Temp\avgnt.exe C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8el4tn.dll C:\Users\Matthias\AppData\Local\Temp\proxy_vole8285772289007070674.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-20 04:36 ==================== End Of Log ============================ |
|
22.10.2014, 23:47
| #10 |
| Ruhe in Frieden † 2019 | winlogon.exe - ATRAPS.Gen Hallo, das gefällt mir auch nicht. Laut dem Log von Malwarebytes wurden die Funde aber nicht entfernt, das war ein reiner Suchlauf. Wir werden das von aussen machen müssen, die Dateien wurden nicht gelöscht. Schritt 1 Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
|
|
23.10.2014, 03:03
| #11 |
| | winlogon.exe - ATRAPS.Gen Kein problem FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by Matthias (administrator) on MATTHIAS on 23-10-2014 03:57:50
Running from G:\
Loaded Profile: Matthias (Available profiles: Matthias)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\cmd.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2014-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech)
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day0] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day1] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day2] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day3] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day4] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day5] => [X]
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\RunOnce: [AsrOMG_Day6] => [X]
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-13]
Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-04-20]
CHR Extension: (Google*Übersetzer) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-04-20]
CHR Extension: (Google Drive) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (Pushbullet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-04-20]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-04-20]
CHR Extension: (Session Buddy) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-04-20]
CHR Extension: (My JDownloader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2014-04-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-04-20]
CHR Extension: (AdBlock) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-20]
CHR Extension: (Cr!Box) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp [2014-04-20]
CHR Extension: (In Google Drive speichern) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-04-20]
CHR Extension: (Scroll To Top) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegiignepmecppikdlbohnnbfjdoaghj [2014-04-20]
CHR Extension: (ModHeader) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2014-07-15]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-04-20]
CHR Extension: (Panel View for Keep) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2014-04-20]
CHR Extension: (LongClick New Tab) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphlcgnallcfbnpgmblmlmkehbffnoph [2014-04-20]
CHR Extension: (Reload All Tabs) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam [2014-04-20]
CHR Extension: (Hangouts) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-04-20]
CHR Extension: (Google Wallet) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-20]
CHR Extension: (Close Right) - C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\npemobdkdcknhfaiioheeffincgpgafj [2014-04-20]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Matthias\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe [51016 2014-08-21] (Google Inc.)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-14] (Intel Corporation)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2014-07-20] (Realtek Semiconductor)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 [34136 2014-10-06] ()
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-07-09] (ASRock Incorporation)
S3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2014-10-16] (NVIDIA Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [X]
S3 GPU-Z; \??\C:\Users\Matthias\AppData\Local\Temp\GPU-Z.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-23 03:57 - 2014-10-23 03:57 - 00000000 ____D () C:\FRST
2014-10-22 21:54 - 2014-10-16 18:54 - 31890064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 24555840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 20922696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 18499648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 17260864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 14029400 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 13942368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 13190288 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-10-22 21:54 - 2014-10-16 18:54 - 11395672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 11333848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 04289856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 04009672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434448.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434448.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00962376 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00931984 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00921928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00895176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00870112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00833864 _____ () C:\Windows\system32\nvmcumd.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00392008 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00348488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00101696 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2014-10-22 21:54 - 2014-10-16 18:54 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2014-10-21 17:02 - 2014-10-22 21:55 - 00000000 ____D () C:\Windows\LastGood
2014-10-20 16:50 - 2014-10-20 16:50 - 00003222 _____ () C:\Windows\System32\Tasks\AIDA64 AutoStart
2014-10-20 16:34 - 2014-10-20 16:34 - 00000000 ____D () C:\Program Files (x86)\FinalWire
2014-10-20 16:17 - 2014-10-22 03:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-20 16:17 - 2014-10-20 16:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-20 16:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-20 16:17 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-20 16:17 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-20 05:00 - 2014-10-20 05:00 - 00102844 _____ () C:\ProgramData\1413773998.bdinstall.bin
2014-10-20 04:59 - 2014-10-20 04:59 - 00037671 _____ () C:\ProgramData\1413773997.bdinstall.bin
2014-10-20 04:56 - 2014-10-20 04:56 - 00174873 _____ () C:\ProgramData\1413773762.bdinstall.bin
2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-10-20 04:56 - 2014-10-20 04:56 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\QuickScan
2014-10-20 04:56 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-10-19 14:31 - 2014-10-22 21:55 - 00001895 _____ () C:\Windows\setupact.log
2014-10-19 14:31 - 2014-10-19 14:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-19 05:54 - 2014-10-19 05:54 - 00000000 ____D () C:\Program Files\Calibre2
2014-10-19 05:15 - 2014-10-19 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy XIII
2014-10-14 23:50 - 2014-10-14 23:50 - 02880848 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiVAD64.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 02775400 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAAC64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 02020352 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 01512296 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSecureSourceFilter64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 01365504 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00957528 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiWinNextAgent64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00734720 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00688640 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00672048 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAudioFilter64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00616240 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMux64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00472464 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUMS64.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00457616 _____ () C:\Windows\system32\igfxTray.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00403671 _____ () C:\Windows\system32\ImageStabilization.wmv
2014-10-14 23:50 - 2014-10-14 23:50 - 00372736 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00372224 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00354096 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSilenceFilter64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00304128 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00304016 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00279952 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00273408 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00266032 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUtils64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00254976 _____ () C:\Windows\system32\igfxCPL.cpl
2014-10-14 23:50 - 2014-10-14 23:50 - 00246672 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00224256 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00207496 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00197424 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiDDEAgent64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00195984 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2014-10-14 23:50 - 2014-10-14 23:50 - 00183296 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3977.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00175024 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00134960 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMCUMD64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00126312 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiLogServer64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00082432 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00069632 _____ () C:\Windows\system32\igfxCUIServicePS.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00069632 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00059392 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00031408 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00030720 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00010752 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00010752 _____ ( ) C:\Windows\system32\igfxDILib.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2014-10-14 23:50 - 2014-10-14 23:50 - 00004020 _____ () C:\Windows\system32\iglhxs64.vp
2014-10-14 23:49 - 2014-10-14 23:49 - 24185912 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 23999488 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 23391264 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 18872832 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 17285448 _____ () C:\Windows\system32\igd11dxva64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 16811648 _____ () C:\Windows\SysWOW64\igd11dxva32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 08187392 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 07668736 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 05889000 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 04850104 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2014-10-14 23:49 - 2014-10-14 23:49 - 04640104 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 01061376 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00629784 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00510304 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00397824 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00349696 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00225792 _____ () C:\Windows\system32\igdde64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00207872 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00186368 _____ () C:\Windows\SysWOW64\igdde32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00175104 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00162304 _____ (Intel Corporation) C:\Windows\system32\igdail64.dll
2014-10-14 23:49 - 2014-10-14 23:49 - 00144896 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 09122816 _____ (Intel Corporation) C:\Windows\system32\ig75icd64.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 07768744 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 07205376 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 07070880 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 01131008 _____ (Intel Corporation) C:\Windows\system32\GfxResources.dll
2014-10-14 23:48 - 2014-10-14 23:48 - 01020816 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 01017232 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 00641530 _____ () C:\Windows\system32\FilmModeDetection.wmv
2014-10-14 23:48 - 2014-10-14 23:48 - 00418704 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 00338832 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 00338832 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2014-10-14 23:48 - 2014-10-14 23:48 - 00155536 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2014-10-14 23:47 - 2014-10-14 23:47 - 00375173 _____ () C:\Windows\system32\ColorImageEnhancement.wmv
2014-10-14 20:32 - 2014-10-14 20:32 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-10-14 19:16 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 19:16 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 19:16 - 2014-09-10 08:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-10-14 19:16 - 2014-09-08 05:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-14 19:16 - 2014-09-08 05:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-14 19:16 - 2014-09-08 00:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-14 19:16 - 2014-09-05 00:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-10-14 19:16 - 2014-09-05 00:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-10-14 19:16 - 2014-09-04 05:15 - 00561416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-10-14 19:16 - 2014-09-04 05:14 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-10-14 19:16 - 2014-09-04 05:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-10-14 19:16 - 2014-09-04 04:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-10-14 19:16 - 2014-09-04 03:19 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-10-14 19:16 - 2014-09-04 03:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-10-14 19:16 - 2014-09-04 02:45 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-10-14 19:16 - 2014-09-04 02:41 - 01420288 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-14 19:16 - 2014-09-04 02:36 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-14 19:16 - 2014-09-04 02:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-10-14 19:16 - 2014-09-04 02:15 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-14 19:16 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-14 19:16 - 2014-09-04 01:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-14 19:16 - 2014-09-04 01:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-14 19:16 - 2014-08-31 02:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-10-14 19:16 - 2014-08-31 02:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-14 19:16 - 2014-08-31 00:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-14 19:16 - 2014-08-31 00:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-10-14 19:16 - 2014-08-30 23:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-10-14 19:16 - 2014-08-30 23:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-10-14 19:16 - 2014-08-30 22:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-10-14 19:16 - 2014-08-30 22:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-10-14 19:16 - 2014-08-28 04:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 19:16 - 2014-08-28 02:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-10-14 19:16 - 2014-08-28 02:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-10-14 19:16 - 2014-08-23 07:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-10-14 19:16 - 2014-08-23 07:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-10-14 19:16 - 2014-08-23 06:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-10-14 19:16 - 2014-08-02 02:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-10-14 19:16 - 2014-08-02 02:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-10-14 19:15 - 2014-09-28 00:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 19:15 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 19:15 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 19:15 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 19:15 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 19:15 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 19:15 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 19:15 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 19:15 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 19:15 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 19:15 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 19:15 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 19:15 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 19:15 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 19:15 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 19:15 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 19:15 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 19:15 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 19:15 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 19:15 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 19:15 - 2014-09-19 02:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 19:15 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 19:15 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 19:15 - 2014-09-19 02:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 19:15 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 19:15 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 19:15 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 19:15 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 19:15 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 19:15 - 2014-09-08 02:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-14 19:14 - 2014-09-13 08:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 19:14 - 2014-09-13 08:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 19:14 - 2014-09-13 07:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 19:14 - 2014-09-13 07:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 19:14 - 2014-09-08 05:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-14 19:14 - 2014-09-08 03:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-14 19:14 - 2014-09-08 03:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-14 19:14 - 2014-09-08 02:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-14 19:14 - 2014-09-08 02:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-14 19:14 - 2014-09-08 02:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-14 19:14 - 2014-09-08 02:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-14 19:14 - 2014-09-08 02:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-14 19:14 - 2014-09-08 02:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-14 19:14 - 2014-09-08 01:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-14 19:14 - 2014-09-08 01:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-14 19:14 - 2014-09-08 01:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-14 19:14 - 2014-09-08 01:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-14 19:14 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 19:14 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-07 01:53 - 2014-10-07 01:41 - 00042288 _____ (Intel Corporation) C:\Windows\system32\Drivers\intelaud.sys
2014-10-07 01:53 - 2014-10-07 01:41 - 00030512 _____ (Intel Corporation) C:\Windows\system32\Drivers\iwdbus.sys
2014-09-29 20:25 - 2014-09-29 20:35 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\FileBot
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-23 03:55 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-23 03:54 - 2014-07-05 23:47 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\NetSpeedMonitor
2014-10-23 03:52 - 2014-05-20 18:16 - 00005084 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MATTHIAS-Matthias Matthias
2014-10-23 03:52 - 2014-04-20 09:32 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-23 03:51 - 2014-04-20 17:21 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Dropbox
2014-10-23 03:51 - 2014-04-20 09:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-23 03:32 - 2014-09-10 20:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-23 03:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-22 22:04 - 2014-03-18 12:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-22 22:04 - 2014-03-18 11:25 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2014-10-22 22:04 - 2014-03-18 11:25 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2014-10-22 21:58 - 2014-04-20 09:19 - 01913526 _____ () C:\Windows\WindowsUpdate.log
2014-10-22 21:55 - 2014-05-17 17:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-22 17:44 - 2014-04-20 17:40 - 00000000 ____D () C:\Program Files\JDownloader
2014-10-22 12:32 - 2014-04-20 11:07 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-10-22 12:32 - 2014-04-20 11:07 - 00001020 _____ () C:\Windows\LkmdfCoInst.log
2014-10-22 07:01 - 2014-03-18 03:51 - 00373934 _____ () C:\Windows\PFRO.log
2014-10-22 02:22 - 2014-07-29 17:06 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-10-21 22:52 - 2014-04-20 09:28 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-357331442-1347990815-2063067355-1001
2014-10-21 17:25 - 2014-04-20 10:41 - 00000425 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-10-21 17:25 - 2014-04-20 09:24 - 00000000 ____D () C:\Intel
2014-10-21 16:34 - 2014-04-20 11:07 - 00025812 _____ () C:\Windows\LDPINST.LOG
2014-10-20 08:00 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-20 07:54 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\L2Schemas
2014-10-20 07:54 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-20 05:33 - 2014-04-20 17:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-20 05:27 - 2014-04-20 17:26 - 00014860 _____ () C:\Users\Matthias\Documents\metadata_db_prefs_backup.json
2014-10-20 05:27 - 2014-04-20 17:25 - 00185344 _____ () C:\Users\Matthias\Documents\metadata.db
2014-10-20 04:29 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Packages
2014-10-20 04:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-19 08:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-19 05:21 - 2014-06-07 19:32 - 00000000 ____D () C:\ProgramData\Steam
2014-10-17 20:47 - 2014-04-20 09:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 20:47 - 2014-04-20 09:32 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 15:16 - 2013-08-22 16:44 - 00434768 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 18:54 - 2014-07-29 20:48 - 02849224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-10-16 18:54 - 2014-05-17 17:45 - 20968040 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-10-16 18:54 - 2014-05-17 17:45 - 19966856 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-10-16 18:54 - 2014-05-17 17:45 - 16886168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-10-16 18:54 - 2014-05-17 17:45 - 03237528 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-10-16 18:54 - 2014-05-17 17:45 - 00987008 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-10-16 18:54 - 2014-05-17 17:45 - 00027024 _____ () C:\Windows\system32\nvinfo.pb
2014-10-16 16:11 - 2014-05-17 17:46 - 06883136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-10-16 16:11 - 2014-05-17 17:46 - 03533632 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-10-16 16:11 - 2014-05-17 17:46 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-10-16 16:11 - 2014-05-17 17:46 - 00933064 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-10-16 16:11 - 2014-05-17 17:46 - 00384200 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-10-16 16:11 - 2014-05-17 17:46 - 00061640 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-10-15 04:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-10-15 02:48 - 2014-05-17 17:46 - 04047877 _____ () C:\Windows\system32\nvcoproc.bin
2014-10-14 23:50 - 2014-04-20 09:24 - 00082432 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2014-10-14 23:50 - 2014-04-20 09:24 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2014-10-14 23:50 - 2014-03-17 16:33 - 00329104 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2014-10-14 19:55 - 2014-06-07 19:12 - 00101329 _____ () C:\Windows\DirectX.log
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-14 19:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2014-10-14 19:26 - 2014-05-01 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-14 19:26 - 2014-05-01 18:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-14 19:26 - 2014-04-20 09:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 19:26 - 2013-08-22 15:25 - 00000167 _____ () C:\Windows\win.ini
2014-10-14 19:24 - 2014-04-20 09:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 17:01 - 2014-06-12 02:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-14 04:33 - 2014-04-20 09:22 - 00000000 ____D () C:\Users\Matthias
2014-10-13 15:22 - 2014-08-13 16:06 - 00000000 ____D () C:\Users\Matthias\Downloads\LiveSetup
2014-10-01 23:48 - 2014-04-20 09:32 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-30 00:45 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-30 00:45 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\avgnt.exe
C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5i8cvp.dll
C:\Users\Matthias\AppData\Local\Temp\proxy_vole8140324567497845138.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-20 04:36
==================== End Of Log ============================
|
|
23.10.2014, 22:35
| #12 |
| Ruhe in Frieden † 2019 | winlogon.exe - ATRAPS.Gen Hallo, das ist der abgesicherte Modus, nicht die Recovery. Aber wir können das da auch mal versuchen, wenn das wieder nicht klappt, dann bitte Recovery. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
C:\Users\Matthias\AppData\Roaming\SubFolder\
C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
C:\Users\Matthias\AppData\Roaming\upc.exe
C:\Users\Matthias\AppData\Roaming\upc.vbs
C:\Users\Matthias\AppData\Roaming\loader_crypt.exe
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.bat
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.vbs
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\cpu.exe
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
|
|
24.10.2014, 03:27
| #13 |
| | winlogon.exe - ATRAPS.Gen Hallo, sorry mein Fehler  Hier das -hoffentlich richtige- Log aus dem Recovery:FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014 Ran by SYSTEM on MININT-VM986MK on 24-10-2014 04:13:25 Running from D:\ Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2014-07-20] (Realtek Semiconductor) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\Matthias\...\Run: [GoogleChromeAutoLaunch_8265D6534E6C32D01005D7D3455D029D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [911176 2014-10-10] (Google Inc.) HKU\Matthias\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google) HKU\Matthias\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech) HKU\Matthias\...\Run: [ASRock A-Tuning] => [X] HKU\Matthias\...\RunOnce: [AsrOMG_Day0] => [X] HKU\Matthias\...\RunOnce: [AsrOMG_Day1] => [X] HKU\Matthias\...\RunOnce: [AsrOMG_Day2] => [X] HKU\Matthias\...\RunOnce: [AsrOMG_Day3] => [X] HKU\Matthias\...\RunOnce: [AsrOMG_Day4] => [X] HKU\Matthias\...\RunOnce: [AsrOMG_Day5] => [X] HKU\Matthias\...\RunOnce: [AsrOMG_Day6] => [X] Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe [51016 2014-08-21] (Google Inc.) S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-14] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation) S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation) S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation) S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2014-07-20] (Realtek Semiconductor) S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 [34136 2014-10-06] () S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-07-09] (ASRock Incorporation) S3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation) S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation) S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2014-10-16] (NVIDIA Corporation) S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] () S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] () S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] () S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation) S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [X] S3 GPU-Z; \??\C:\Users\Matthias\AppData\Local\Temp\GPU-Z.sys [X] S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-23 02:57 - 2014-10-24 04:03 - 00000000 ____D () C:\FRST 2014-10-22 20:54 - 2014-10-16 17:54 - 31890064 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 24555840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 20922696 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 18499648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 17260864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 14029400 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 13942368 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 13190288 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys 2014-10-22 20:54 - 2014-10-16 17:54 - 11395672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 11333848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 04289856 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 04009672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 01876296 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6434448.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 01539272 _____ (NVIDIA Corporation) C:\Windows\System32\nvmcvadgenco64.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 01539272 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6434448.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 00962376 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 00931984 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 00921928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 00895176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 00870112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 00833864 _____ () C:\Windows\System32\nvmcumd.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 00500880 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 00392008 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 00352016 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 00348488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 00174856 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 00101696 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcaparm.dll 2014-10-22 20:54 - 2014-10-16 17:54 - 00039240 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvadarm.sys 2014-10-21 16:02 - 2014-10-22 20:55 - 00000000 ____D () C:\Windows\LastGood 2014-10-20 15:50 - 2014-10-20 15:50 - 00003222 _____ () C:\Windows\System32\Tasks\AIDA64 AutoStart 2014-10-20 15:34 - 2014-10-20 15:34 - 00000000 ____D () C:\Program Files (x86)\FinalWire 2014-10-20 15:17 - 2014-10-22 02:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2014-10-20 15:17 - 2014-10-20 15:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-20 15:17 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys 2014-10-20 15:17 - 2014-10-01 10:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys 2014-10-20 15:17 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2014-10-20 04:00 - 2014-10-20 04:00 - 00102844 _____ () C:\ProgramData\1413773998.bdinstall.bin 2014-10-20 03:59 - 2014-10-20 03:59 - 00037671 _____ () C:\ProgramData\1413773997.bdinstall.bin 2014-10-20 03:56 - 2014-10-20 03:56 - 00174873 _____ () C:\ProgramData\1413773762.bdinstall.bin 2014-10-20 03:56 - 2014-10-20 03:56 - 00000000 ____D () C:\Windows\LastGood.Tmp 2014-10-20 03:56 - 2014-10-20 03:56 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\QuickScan 2014-10-20 03:56 - 2012-11-02 13:17 - 00261056 _____ (BitDefender) C:\Windows\System32\Drivers\avchv.sys 2014-10-19 13:31 - 2014-10-22 20:55 - 00001895 _____ () C:\Windows\setupact.log 2014-10-19 13:31 - 2014-10-19 13:31 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-19 04:54 - 2014-10-19 04:54 - 00000000 ____D () C:\Program Files\Calibre2 2014-10-14 22:50 - 2014-10-14 22:50 - 02880848 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiVAD64.exe 2014-10-14 22:50 - 2014-10-14 22:50 - 02775400 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiAAC64.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 02020352 _____ (Intel Corporation) C:\Windows\System32\igfxLHM.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 01512296 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiSecureSourceFilter64.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 01365504 _____ (Intel Corporation) C:\Windows\System32\igfxcmjit64.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00957528 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiWinNextAgent64.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00734720 _____ (Intel Corporation) C:\Windows\System32\MetroIntelGenericUIFramework.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00688640 _____ (Intel Corporation) C:\Windows\System32\igfxDH.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00672048 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiAudioFilter64.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00616240 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiMux64.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00472464 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiUMS64.exe 2014-10-14 22:50 - 2014-10-14 22:50 - 00457616 _____ () C:\Windows\System32\igfxTray.exe 2014-10-14 22:50 - 2014-10-14 22:50 - 00403671 _____ () C:\Windows\System32\ImageStabilization.wmv 2014-10-14 22:50 - 2014-10-14 22:50 - 00372736 _____ (Intel Corporation) C:\Windows\System32\igfxOSP.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00372224 _____ (Intel Corporation) C:\Windows\System32\IntelOpenCL64.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00354096 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiSilenceFilter64.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00304128 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00304016 _____ (Intel Corporation) C:\Windows\System32\igfxEM.exe 2014-10-14 22:50 - 2014-10-14 22:50 - 00279952 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe 2014-10-14 22:50 - 2014-10-14 22:50 - 00273408 _____ (Intel Corporation) C:\Windows\System32\igfxDI.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00266032 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiUtils64.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00254976 _____ () C:\Windows\System32\igfxCPL.cpl 2014-10-14 22:50 - 2014-10-14 22:50 - 00246672 _____ (Intel Corporation) C:\Windows\System32\igfxHK.exe 2014-10-14 22:50 - 2014-10-14 22:50 - 00224256 _____ (Intel Corporation) C:\Windows\System32\igfxDTCM.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00207496 _____ (Intel Corporation) C:\Windows\System32\igfxcmrt64.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00197424 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiDDEAgent64.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00195984 _____ (Intel Corporation) C:\Windows\System32\igfxext.exe 2014-10-14 22:50 - 2014-10-14 22:50 - 00183296 _____ (Intel Corporation) C:\Windows\System32\igfxCoIn_v3977.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00175024 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00134960 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiMCUMD64.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00126312 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiLogServer64.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00082432 _____ (Khronos Group) C:\Windows\System32\Intel_OpenCL_ICD64.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00069632 _____ () C:\Windows\System32\igfxCUIServicePS.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00069632 _____ ( ) C:\Windows\System32\igfxDHLibv2_0.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00059392 _____ ( ) C:\Windows\System32\igfxDHLib.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00031408 _____ (Intel Corporation) C:\Windows\System32\igfxexps.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00030720 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00010752 _____ ( ) C:\Windows\System32\igfxDILibv2_0.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00010752 _____ ( ) C:\Windows\System32\igfxDILib.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00010240 _____ ( ) C:\Windows\System32\igfxEMLibv2_0.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00010240 _____ ( ) C:\Windows\System32\igfxEMLib.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00005120 _____ ( ) C:\Windows\System32\igfxLHMLibv2_0.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00005120 _____ ( ) C:\Windows\System32\igfxLHMLib.dll 2014-10-14 22:50 - 2014-10-14 22:50 - 00004020 _____ () C:\Windows\System32\iglhxs64.vp 2014-10-14 22:49 - 2014-10-14 22:49 - 24185912 _____ (Intel Corporation) C:\Windows\System32\igdumdim64.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 23999488 _____ (Intel Corporation) C:\Windows\System32\igdfcl64.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 23391264 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 18872832 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 17285448 _____ () C:\Windows\System32\igd11dxva64.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 16811648 _____ () C:\Windows\SysWOW64\igd11dxva32.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 08187392 _____ (Intel Corporation) C:\Windows\System32\igdrcl64.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 07668736 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 05889000 _____ (Intel Corporation) C:\Windows\System32\igdusc64.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 04850104 _____ (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys 2014-10-14 22:49 - 2014-10-14 22:49 - 04640104 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 01061376 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 00629784 _____ (Intel Corporation) C:\Windows\System32\igdmd64.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 00510304 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 00397824 _____ (Intel Corporation) C:\Windows\System32\igdbcl64.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 00349696 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 00225792 _____ () C:\Windows\System32\igdde64.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 00207872 _____ (Intel Corporation) C:\Windows\System32\igfx11cmrt64.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 00186368 _____ () C:\Windows\SysWOW64\igdde32.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 00175104 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 00162304 _____ (Intel Corporation) C:\Windows\System32\igdail64.dll 2014-10-14 22:49 - 2014-10-14 22:49 - 00144896 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll 2014-10-14 22:48 - 2014-10-14 22:48 - 09122816 _____ (Intel Corporation) C:\Windows\System32\ig75icd64.dll 2014-10-14 22:48 - 2014-10-14 22:48 - 07768744 _____ (Intel Corporation) C:\Windows\System32\igd10iumd64.dll 2014-10-14 22:48 - 2014-10-14 22:48 - 07205376 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll 2014-10-14 22:48 - 2014-10-14 22:48 - 07070880 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll 2014-10-14 22:48 - 2014-10-14 22:48 - 01131008 _____ (Intel Corporation) C:\Windows\System32\GfxResources.dll 2014-10-14 22:48 - 2014-10-14 22:48 - 01020816 _____ (Intel Corporation) C:\Windows\System32\Gfxv4_0.exe 2014-10-14 22:48 - 2014-10-14 22:48 - 01017232 _____ (Intel Corporation) C:\Windows\System32\Gfxv2_0.exe 2014-10-14 22:48 - 2014-10-14 22:48 - 00641530 _____ () C:\Windows\System32\FilmModeDetection.wmv 2014-10-14 22:48 - 2014-10-14 22:48 - 00418704 _____ (Intel Corporation) C:\Windows\System32\GfxUIEx.exe 2014-10-14 22:48 - 2014-10-14 22:48 - 00338832 _____ (Intel Corporation) C:\Windows\System32\DPTopologyAppv2_0.exe 2014-10-14 22:48 - 2014-10-14 22:48 - 00338832 _____ (Intel Corporation) C:\Windows\System32\DPTopologyApp.exe 2014-10-14 22:48 - 2014-10-14 22:48 - 00155536 _____ (Intel Corporation) C:\Windows\System32\difx64.exe 2014-10-14 22:47 - 2014-10-14 22:47 - 00375173 _____ () C:\Windows\System32\ColorImageEnhancement.wmv 2014-10-14 19:32 - 2014-10-14 19:32 - 02526056 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll 2014-10-14 18:16 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-10-14 18:16 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-14 18:16 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2014-10-14 18:16 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2014-10-14 18:16 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2014-10-14 18:16 - 2014-09-07 23:08 - 00389176 _____ () C:\Windows\System32\ApnDatabase.xml 2014-10-14 18:16 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2014-10-14 18:16 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\System32\localspl.dll 2014-10-14 18:16 - 2014-09-04 04:15 - 00561416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2014-10-14 18:16 - 2014-09-04 04:14 - 00177472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2014-10-14 18:16 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll 2014-10-14 18:16 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2014-10-14 18:16 - 2014-09-04 02:19 - 00436224 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll 2014-10-14 18:16 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\System32\puiobj.dll 2014-10-14 18:16 - 2014-09-04 01:45 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2014-10-14 18:16 - 2014-09-04 01:41 - 01420288 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2014-10-14 18:16 - 2014-09-04 01:36 - 00418304 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll 2014-10-14 18:16 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2014-10-14 18:16 - 2014-09-04 01:15 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-10-14 18:16 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\System32\winbici.dll 2014-10-14 18:16 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\System32\MrmCoreR.dll 2014-10-14 18:16 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2014-10-14 18:16 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS 2014-10-14 18:16 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll 2014-10-14 18:16 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-10-14 18:16 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\System32\FXSCOMEX.dll 2014-10-14 18:16 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\System32\FXSAPI.dll 2014-10-14 18:16 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll 2014-10-14 18:16 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll 2014-10-14 18:16 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2014-10-14 18:16 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2014-10-14 18:16 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll 2014-10-14 18:16 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-10-14 18:16 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll 2014-10-14 18:16 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-10-14 18:16 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers.dll 2014-10-14 18:16 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\System32\untfs.dll 2014-10-14 18:16 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2014-10-14 18:15 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2014-10-14 18:15 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2014-10-14 18:15 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-14 18:15 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-14 18:15 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-14 18:15 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-14 18:15 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2014-10-14 18:15 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2014-10-14 18:15 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2014-10-14 18:15 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll 2014-10-14 18:15 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2014-10-14 18:15 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-14 18:15 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2014-10-14 18:15 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-14 18:15 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2014-10-14 18:15 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-14 18:15 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2014-10-14 18:15 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-14 18:15 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2014-10-14 18:15 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2014-10-14 18:15 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2014-10-14 18:15 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2014-10-14 18:15 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-14 18:15 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-14 18:15 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2014-10-14 18:15 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-14 18:15 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2014-10-14 18:15 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-14 18:15 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-14 18:15 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2014-10-14 18:14 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll 2014-10-14 18:14 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll 2014-10-14 18:14 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-14 18:14 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-14 18:14 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2014-10-14 18:14 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll 2014-10-14 18:14 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll 2014-10-14 18:14 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2014-10-14 18:14 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2014-10-14 18:14 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll 2014-10-14 18:14 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2014-10-14 18:14 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2014-10-14 18:14 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2014-10-14 18:14 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-10-14 18:14 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-10-14 18:14 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-10-14 18:14 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-10-14 18:14 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\System32\rastls.dll 2014-10-14 18:14 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-07 00:53 - 2014-10-07 00:41 - 00042288 _____ (Intel Corporation) C:\Windows\System32\Drivers\intelaud.sys 2014-10-07 00:53 - 2014-10-07 00:41 - 00030512 _____ (Intel Corporation) C:\Windows\System32\Drivers\iwdbus.sys 2014-09-29 19:25 - 2014-09-29 19:35 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\FileBot ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-24 03:11 - 2014-07-05 22:47 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\NetSpeedMonitor 2014-10-24 03:11 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-24 03:10 - 2014-04-20 16:21 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Dropbox 2014-10-24 03:10 - 2014-04-20 08:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-24 02:52 - 2014-04-20 08:32 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-24 02:32 - 2014-09-10 19:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-24 02:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\sru 2014-10-23 23:49 - 2014-04-20 08:19 - 02055070 _____ () C:\Windows\WindowsUpdate.log 2014-10-23 22:18 - 2014-04-20 16:26 - 00014860 _____ () C:\Users\Matthias\Documents\metadata_db_prefs_backup.json 2014-10-23 22:18 - 2014-04-20 16:25 - 00185344 _____ () C:\Users\Matthias\Documents\metadata.db 2014-10-23 22:16 - 2014-04-20 16:40 - 00000000 ____D () C:\Program Files\JDownloader 2014-10-23 19:31 - 2014-05-20 17:16 - 00005084 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MATTHIAS-Matthias Matthias 2014-10-23 19:26 - 2014-03-18 11:04 - 01776918 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-10-23 19:26 - 2014-03-18 10:25 - 00764340 _____ () C:\Windows\System32\perfh007.dat 2014-10-23 19:26 - 2014-03-18 10:25 - 00159160 _____ () C:\Windows\System32\perfc007.dat 2014-10-22 20:55 - 2014-05-17 16:46 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-22 11:32 - 2014-04-20 10:07 - 00018960 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys 2014-10-22 11:32 - 2014-04-20 10:07 - 00001020 _____ () C:\Windows\LkmdfCoInst.log 2014-10-22 06:01 - 2014-03-18 02:51 - 00373934 _____ () C:\Windows\PFRO.log 2014-10-22 01:22 - 2014-07-29 16:06 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc 2014-10-21 21:52 - 2014-04-20 08:28 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-357331442-1347990815-2063067355-1001 2014-10-21 16:25 - 2014-04-20 09:41 - 00000425 _____ () C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2014-10-21 16:25 - 2014-04-20 08:24 - 00000000 ____D () C:\Intel 2014-10-21 15:34 - 2014-04-20 10:07 - 00025812 _____ () C:\Windows\LDPINST.LOG 2014-10-20 07:00 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM 2014-10-20 06:54 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\L2Schemas 2014-10-20 06:54 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-10-20 04:33 - 2014-04-20 16:47 - 00000000 ____D () C:\ProgramData\Package Cache 2014-10-20 03:29 - 2014-04-20 08:22 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Packages 2014-10-20 03:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-10-19 07:36 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\System32\config\BBI 2014-10-19 04:21 - 2014-06-07 18:32 - 00000000 ____D () C:\ProgramData\Steam 2014-10-17 19:47 - 2014-04-20 08:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-17 19:47 - 2014-04-20 08:32 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-17 14:16 - 2013-08-22 15:44 - 00434768 _____ () C:\Windows\System32\FNTCACHE.DAT 2014-10-16 17:54 - 2014-07-29 19:48 - 02849224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-10-16 17:54 - 2014-05-17 16:45 - 20968040 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll 2014-10-16 17:54 - 2014-05-17 16:45 - 19966856 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll 2014-10-16 17:54 - 2014-05-17 16:45 - 16886168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2014-10-16 17:54 - 2014-05-17 16:45 - 03237528 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll 2014-10-16 17:54 - 2014-05-17 16:45 - 00987008 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll 2014-10-16 17:54 - 2014-05-17 16:45 - 00027024 _____ () C:\Windows\System32\nvinfo.pb 2014-10-16 15:11 - 2014-05-17 16:46 - 06883136 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll 2014-10-16 15:11 - 2014-05-17 16:46 - 03533632 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll 2014-10-16 15:11 - 2014-05-17 16:46 - 02559808 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll 2014-10-16 15:11 - 2014-05-17 16:46 - 00933064 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe 2014-10-16 15:11 - 2014-05-17 16:46 - 00384200 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll 2014-10-16 15:11 - 2014-05-17 16:46 - 00061640 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll 2014-10-15 03:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2014-10-15 01:48 - 2014-05-17 16:46 - 04047877 _____ () C:\Windows\System32\nvcoproc.bin 2014-10-14 22:50 - 2014-04-20 08:24 - 00082432 _____ (Khronos Group) C:\Windows\System32\OpenCL.DLL 2014-10-14 22:50 - 2014-04-20 08:24 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL 2014-10-14 22:50 - 2014-03-17 15:33 - 00329104 _____ (Intel Corporation) C:\Windows\System32\igfxCUIService.exe 2014-10-14 18:55 - 2014-06-07 18:12 - 00101329 _____ () C:\Windows\DirectX.log 2014-10-14 18:43 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2014-10-14 18:43 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-10-14 18:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer 2014-10-14 18:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager 2014-10-14 18:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera 2014-10-14 18:26 - 2014-05-01 17:21 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-14 18:26 - 2014-04-20 08:29 - 00000000 ____D () C:\Windows\System32\MRT 2014-10-14 18:26 - 2013-08-22 14:25 - 00000167 _____ () C:\Windows\win.ini 2014-10-14 18:24 - 2014-04-20 08:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-10-14 16:01 - 2014-06-12 01:38 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-10-14 03:33 - 2014-04-20 08:22 - 00000000 ____D () C:\users\Matthias 2014-10-13 14:22 - 2014-08-13 15:06 - 00000000 ____D () C:\Users\Matthias\Downloads\LiveSetup 2014-10-01 22:48 - 2014-04-20 08:32 - 00000000 ____D () C:\Program Files (x86)\Google 2014-09-29 23:45 - 2013-08-22 16:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-29 23:45 - 2013-08-22 16:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\Matthias\AppData\Local\Temp\avgnt.exe C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphl_f3u.dll C:\Users\Matthias\AppData\Local\Temp\proxy_vole6277922626763108122.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2014-09-09 18:25] - [2014-08-23 08:48] - 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA C:\Windows\SysWOW64\explorer.exe [2014-09-09 18:25] - [2014-08-23 08:13] - 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2014-09-02 20:15] - [2014-07-24 16:23] - 1519488 ____A (Microsoft Corporation) A055D7D686F1CB5CBEDCFBB4C6DC9E2E C:\Windows\SysWOW64\User32.dll [2014-09-02 20:15] - [2014-07-24 09:49] - 1361408 ____A (Microsoft Corporation) A39251FAE3189E1AE1F0DF0884D37E2A C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2014-09-02 20:15] - [2014-06-19 03:13] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB ==================== Restore Points ========================= Restore point made on: 2014-10-14 07:07:46 Restore point made on: 2014-10-17 22:16:25 Restore point made on: 2014-10-17 22:16:27 Restore point made on: 2014-10-17 22:17:11 Restore point made on: 2014-10-19 04:54:07 Restore point made on: 2014-10-19 22:26:45 Restore point made on: 2014-10-19 22:26:47 Restore point made on: 2014-10-19 22:28:18 Restore point made on: 2014-10-19 23:24:48 Restore point made on: 2014-10-19 23:24:49 Restore point made on: 2014-10-19 23:39:11 Restore point made on: 2014-10-19 23:39:12 Restore point made on: 2014-10-20 00:06:45 Restore point made on: 2014-10-20 00:17:21 Restore point made on: 2014-10-20 00:17:29 Restore point made on: 2014-10-20 00:17:31 Restore point made on: 2014-10-20 00:17:43 Restore point made on: 2014-10-20 00:17:45 Restore point made on: 2014-10-20 00:17:47 Restore point made on: 2014-10-20 00:17:48 Restore point made on: 2014-10-20 00:17:50 Restore point made on: 2014-10-20 00:17:52 Restore point made on: 2014-10-20 00:17:53 Restore point made on: 2014-10-20 00:17:55 Restore point made on: 2014-10-20 00:17:57 Restore point made on: 2014-10-20 00:17:58 Restore point made on: 2014-10-20 00:18:00 Restore point made on: 2014-10-20 00:18:02 Restore point made on: 2014-10-20 00:18:04 Restore point made on: 2014-10-20 00:18:05 Restore point made on: 2014-10-20 00:18:07 Restore point made on: 2014-10-20 00:18:09 Restore point made on: 2014-10-20 00:18:10 Restore point made on: 2014-10-20 00:18:12 Restore point made on: 2014-10-20 00:18:14 Restore point made on: 2014-10-20 00:18:15 Restore point made on: 2014-10-20 00:18:17 Restore point made on: 2014-10-20 00:18:19 Restore point made on: 2014-10-20 00:18:49 Restore point made on: 2014-10-20 00:18:52 Restore point made on: 2014-10-20 00:18:54 Restore point made on: 2014-10-20 00:18:56 Restore point made on: 2014-10-20 00:18:58 Restore point made on: 2014-10-20 00:18:59 Restore point made on: 2014-10-20 00:19:02 Restore point made on: 2014-10-20 00:19:04 Restore point made on: 2014-10-20 00:19:06 Restore point made on: 2014-10-20 00:19:07 Restore point made on: 2014-10-20 00:19:11 Restore point made on: 2014-10-20 00:19:13 Restore point made on: 2014-10-20 00:19:15 Restore point made on: 2014-10-20 00:19:17 Restore point made on: 2014-10-20 00:19:18 Restore point made on: 2014-10-20 00:19:20 Restore point made on: 2014-10-20 00:19:22 Restore point made on: 2014-10-20 00:19:24 Restore point made on: 2014-10-20 00:19:30 Restore point made on: 2014-10-20 00:19:32 Restore point made on: 2014-10-20 00:19:34 Restore point made on: 2014-10-20 00:19:36 Restore point made on: 2014-10-20 00:19:37 Restore point made on: 2014-10-20 00:19:39 Restore point made on: 2014-10-20 00:19:41 Restore point made on: 2014-10-20 00:19:43 Restore point made on: 2014-10-20 00:19:45 Restore point made on: 2014-10-20 00:20:13 Restore point made on: 2014-10-20 00:20:15 Restore point made on: 2014-10-20 00:20:17 Restore point made on: 2014-10-20 00:21:39 Restore point made on: 2014-10-20 00:21:41 Restore point made on: 2014-10-20 00:21:43 Restore point made on: 2014-10-20 00:21:45 Restore point made on: 2014-10-20 00:21:47 Restore point made on: 2014-10-20 00:21:49 Restore point made on: 2014-10-20 00:24:34 Restore point made on: 2014-10-20 00:24:37 Restore point made on: 2014-10-20 00:24:39 Restore point made on: 2014-10-20 00:24:41 Restore point made on: 2014-10-20 00:24:43 Restore point made on: 2014-10-20 00:24:45 Restore point made on: 2014-10-20 00:24:47 Restore point made on: 2014-10-20 00:25:08 Restore point made on: 2014-10-20 00:25:11 Restore point made on: 2014-10-20 00:25:13 Restore point made on: 2014-10-20 00:25:15 Restore point made on: 2014-10-20 00:25:18 Restore point made on: 2014-10-21 15:08:10 ==================== Memory info =========================== Percentage of memory in use: 4% Total physical RAM: 16229.04 MB Available physical RAM: 15441.41 MB Total Pagefile: 16229.04 MB Available Pagefile: 15461.1 MB Total Virtual: 131072 MB Available Virtual: 131071.87 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.27 GB) (Free:70.67 GB) NTFS Drive d: (Daten) (Fixed) (Total:195.67 GB) (Free:158.54 GB) NTFS Drive e: (SAFE) (Fixed) (Total:90.94 GB) (Free:33.15 GB) NTFS Drive f: () (Removable) (Total:29.76 GB) (Free:29.5 GB) FAT32 Drive g: (Multimedia II) (Fixed) (Total:735.84 GB) (Free:192.66 GB) NTFS Drive h: (Extern) (Fixed) (Total:840.57 GB) (Free:612.56 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 111.8 GB) (Disk ID: A98184E0) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 97F0BB35) Partition 1: (Active) - (Size=195.7 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=735.8 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1B537923) Partition 1: (Not Active) - (Size=90.9 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=840.6 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: B0445822) Partition 1: (Active) - (Size=29.8 GB) - (Type=0C) LastRegBack: 2014-10-20 03:36 ==================== End Of Log ============================ --- --- --- ...und Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-10-2014
Ran by Matthias at 2014-10-24 04:20:14 Run:1
Running from D:\
Loaded Profile: Matthias (Available profiles: Matthias)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [Winlogon] => C:\Users\Matthias\AppData\Roaming\SubFolder\SubFolder\winlogon.exe
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [MicroUpdate] => C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
C:\Users\Matthias\AppData\Roaming\SubFolder\
C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
C:\Users\Matthias\AppData\Roaming\upc.exe
C:\Users\Matthias\AppData\Roaming\upc.vbs
C:\Users\Matthias\AppData\Roaming\loader_crypt.exe
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.bat
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.vbs
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\cpu.exe
emptytemp:
*****************
HKU\S-1-5-21-357331442-1347990815-2063067355-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => Value not found.
HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => Value not found.
"C:\Users\Matthias\AppData\Roaming\SubFolder" => File/Directory not found.
"C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe" => File/Directory not found.
C:\Users\Matthias\AppData\Roaming\upc.exe => Moved successfully.
C:\Users\Matthias\AppData\Roaming\upc.vbs => Moved successfully.
"C:\Users\Matthias\AppData\Roaming\loader_crypt.exe" => File/Directory not found.
"C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.bat" => File/Directory not found.
"C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.vbs" => File/Directory not found.
"C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\cpu.exe" => File/Directory not found.
EmptyTemp: => Removed 1 GB temporary data.
The system needed a reboot.
==== End of Fixlog ====
|
|
24.10.2014, 23:07
| #14 |
| Ruhe in Frieden † 2019 | winlogon.exe - ATRAPS.Gen Hallo, du hast den Fix im normalen Modus ausgeführt, ich hatte dich aber gebeten den im abgesicherten Modus auszuführen. Ich verstehe grad nicht so ganz, warum FRST diese Einträge nicht sieht, obwohl ESET und Malwarebytes die gefunden haben, hast du dort etwas von gelöscht? Wir werden diesen Fix jetzt noch einmal in der Recovery versuchen. Schritt 1 Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f
C:\Users\Matthias\AppData\Roaming\SubFolder\
C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
C:\Users\Matthias\AppData\Roaming\loader_crypt.exe
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.bat
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.vbs
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\cpu.exe
|
|
25.10.2014, 03:22
| #15 |
| | winlogon.exe - ATRAPS.Gen Hi, nein ich hab weder was von Hand gelöscht, noch hab ich ein anderes Viren-Programm laufen lassen. Arbeite an der Beseitigung wirklich nur, sobald du hier was postest Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-10-2014
Ran by SYSTEM at 2014-10-25 04:16:18 Run:1
Running from D:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f
reg: reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f
C:\Users\Matthias\AppData\Roaming\SubFolder\
C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe
C:\Users\Matthias\AppData\Roaming\loader_crypt.exe
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.bat
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.vbs
C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\cpu.exe
*****************
========= reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon =========
Registrierungswert Winlogon l”schen (Ja/Nein)? FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
========= reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
========= reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
========= reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
========= reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
========= reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
========= reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
========= reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\Currentversion\Run" /v Winlogon /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
========= reg delete "HKU\S-1-5-21-357331442-1347990815-2063067355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Windows\Currentversion\Run" /v MicroUpdate /f =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
"C:\Users\Matthias\AppData\Roaming\SubFolder" => File/Directory not found.
"C:\Users\Matthias\AppData\Roaming\Microsoft\winlogon.exe" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft\msdcsc.exe" => File/Directory not found.
"C:\Users\Matthias\AppData\Roaming\loader_crypt.exe" => File/Directory not found.
"C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.bat" => File/Directory not found.
"C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\check.vbs" => File/Directory not found.
"C:\Users\Matthias\AppData\Roaming\Adobe\Flash Player\FileCache\cpu.exe" => File/Directory not found.
==== End of Fixlog ====
|
|
Linear-Darstellung
