Bitdefender meldet nach Start von Firefox virtualcloudnow.com Malware

SimAran · 22.04.2015, 16:04

Hallo liebes Trojaner-Board,

ich wende mich an euch, da ich seit wenigen Tagen genau dasselbe Problem habe wie der Nutzer im Thema unter http://www.trojaner-board.de/166311-...m-malware.html und der Sache um sicherzugehen gerne auf den Grund gehen möchte. Es wäre zwar bei Weitem nicht das erste Mal, dass der Bitdefender eine false positive meldet, aber man weiß ja nie...

Ich habe bis jetzt lediglich den Bitdefender einen ergebnislosen Scan durchführen lassen und den Firefox selbst kurz nach verdächtigen Extensions durchsucht. Sonst habe ich noch keine Schritte unternommen.

Vielen Dank im Voraus für die Hilfe.

SimAran

deeprybka · 22.04.2015, 16:24

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

SimAran · 22.04.2015, 18:01

Hallo Jürgen!
Danke für die zügige Antwort und einfache Erklärung... ich habe mich an die Schritte gehalten und das Tool ausgeführt. Hier sind die Logs:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015
Ran by Susanne (administrator) on XPREDATOR_NEW on 22-04-2015 18:55:01
Running from D:\Downloads
Loaded Profiles: Susanne (Available profiles: Susanne)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) D:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Bitdefender) D:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) E:\VMware\vmware-authd.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Bitdefender) D:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) D:\Program Files\Mozilla_Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [Bdagent] => D:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-04-10] (Bitdefender)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Tt eSPORTS THERON Gaming Mouse] => C:\Program Files (x86)\Tt eSPORTS\Tt eSPORTS THERON\THERON.exe [21456680 2014-05-20] (Thermaltake)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [11196224 2015-02-23] (Corsair Components, Inc.)
HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\...\Run: [NvLedServiceHost] => C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe [87184 2015-03-28] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-11-04]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{D6E67DA7-8988-46FB-BF12-70635254B0CD}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2894863473-1291922871-1129395940-1001] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - D:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-25] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - D:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-25] (Bitdefender)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\b8tc5rl9.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-20] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-20] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2894863473-1291922871-1129395940-1001: amazon.com/AmazonMP3DownloaderPlugin -> D:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-12] (Amazon.com, Inc.)
FF Extension: YouTube Unblocker - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\b8tc5rl9.default\Extensions\youtubeunblocker@unblocker.yt [2015-04-16]
FF Extension: Magic Actions for YouTube™ - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\b8tc5rl9.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2015-03-18]
FF Extension: Skype Service - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\b8tc5rl9.default\Extensions\{060e9e40-8d52-4a4e-aca6-d45961ea2178}.xpi [2015-04-13]
FF Extension: NoScript - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\b8tc5rl9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-03-18]
FF Extension: {f46d542f-b810-405e-ad23-53cbb61de32d} - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\b8tc5rl9.default\Extensions\{f46d542f-b810-405e-ad23-53cbb61de32d}.xpi [2015-03-18]
FF Extension: Adblock Edge - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\b8tc5rl9.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-03-18]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - D:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - D:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-11-04]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - D:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - D:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-11-04]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - D:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
StartMenuInternet: FIREFOX.EXE - D:\Program Files\Mozilla_Firefox\firefox.exe

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

Opera: 
=======
StartMenuInternet: (HKLM) OperaStable - D:\Program Files (x86)\Opera\Launcher.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BdDesktopParental; D:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-01-20] (Bitdefender)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-11-04] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-11-04] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-20] (Intel Corporation)
S4 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files\Origin\OriginClientService.exe [1930608 2015-03-30] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-12-09] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-05] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-10-17] (Qualcomm Atheros) [File not signed]
S2 SkypeUpdate; D:\Program Files\Skype\Updater\Updater.exe [315488 2015-01-02] (Skype Technologies)
R2 UPDATESRV; D:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-24] (Bitdefender)
R2 VMAuthdService; E:\VMware\vmware-authd.exe [87744 2015-02-06] (VMware, Inc.)
R2 vsserv; D:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-04-10] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-25] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [262544 2015-02-25] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-25] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-02-25] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-25] (BitDefender SRL)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [98992 2014-10-16] (Qualcomm Atheros, Inc.)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [48808 2014-10-29] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [22696 2014-10-29] (Corsair)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-04-10] (BitDefender LLC)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
R3 Thermnaltake MS6 Filter; C:\Windows\System32\Drivers\MS6Filter.sys [57200 2013-11-28] (Thermaltake)
R3 Thermnaltake MS6 Filter; C:\Windows\SysWOW64\Drivers\MS6Filter.sys [31488 2013-11-28] (Thermaltake) [File not signed]
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-11-24] (BitDefender S.R.L.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 18:54 - 2015-04-22 18:55 - 00000000 ____D () C:\FRST
2015-04-22 18:53 - 2015-04-22 18:53 - 02099712 _____ (Farbar) C:\Users\Susanne\Downloads\FRST64.exe
2015-04-22 16:57 - 2015-04-22 16:49 - 00024611 _____ () C:\Users\Susanne\Desktop\1429713461_1_01.xml
2015-04-20 19:51 - 2015-04-20 19:51 - 00000348 _____ () C:\Windows\setupact.log
2015-04-20 19:51 - 2015-04-20 19:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-18 14:13 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-18 14:13 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-18 14:13 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-18 14:13 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-18 14:13 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-18 14:13 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-18 14:13 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-18 14:13 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-18 14:13 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-18 14:13 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-18 14:13 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-18 14:13 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-18 14:13 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-18 14:13 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-18 14:13 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-18 14:13 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-18 14:13 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-18 14:13 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-18 14:13 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-18 14:13 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-18 14:13 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-18 14:13 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-18 14:13 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-18 14:13 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-18 14:13 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-18 14:13 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-18 14:13 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-18 14:13 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-18 14:13 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-18 14:13 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-18 14:13 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-18 14:13 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-18 14:13 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-18 14:13 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-18 14:13 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-18 14:13 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-18 14:13 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-18 14:13 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-18 14:13 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-18 14:13 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-18 14:13 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-18 14:13 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-16 01:03 - 2015-01-06 05:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2015-04-16 01:03 - 2015-01-06 04:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2015-04-16 01:03 - 2015-01-06 03:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2015-04-16 01:03 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2015-04-16 00:59 - 2015-04-16 00:59 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-14 23:29 - 2015-04-09 02:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-14 23:29 - 2015-04-09 02:58 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00849552 _____ () C:\Windows\system32\nvmcumd.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-13 15:51 - 2015-04-13 15:51 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-13 15:51 - 2015-04-13 15:51 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-13 15:51 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-13 15:51 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-13 15:51 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-13 15:51 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-13 15:51 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-13 15:51 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-13 15:51 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-13 15:51 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-13 15:51 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-13 15:51 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-13 15:51 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-13 15:51 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-13 15:51 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-13 15:51 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-13 15:51 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-13 15:51 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-13 15:51 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-13 15:51 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-13 15:51 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-13 15:51 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-13 15:51 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-13 15:51 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-13 15:51 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-13 15:51 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-13 15:51 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-13 15:51 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-13 15:51 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-13 15:51 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-13 15:51 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-10 19:56 - 2015-04-10 19:56 - 00160544 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 17:20 - 2014-11-04 08:06 - 01633259 _____ () C:\Windows\WindowsUpdate.log
2015-04-22 15:38 - 2014-11-04 08:22 - 00000000 ___DO () C:\Users\Susanne\OneDrive
2015-04-22 15:27 - 2014-11-04 08:18 - 00032739 _____ () C:\Windows\SysWOW64\Gms.log
2015-04-21 22:16 - 2014-11-04 17:18 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-20 22:29 - 2014-03-18 12:03 - 01788458 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-20 22:29 - 2014-03-18 11:25 - 00768062 _____ () C:\Windows\system32\perfh007.dat
2015-04-20 22:29 - 2014-03-18 11:25 - 00160906 _____ () C:\Windows\system32\perfc007.dat
2015-04-20 20:29 - 2014-11-04 08:13 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2894863473-1291922871-1129395940-1001
2015-04-20 19:55 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-04-20 19:51 - 2015-01-24 00:08 - 00000000 ____D () C:\ProgramData\VMware
2015-04-20 19:51 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-20 19:50 - 2013-08-22 15:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-04-20 11:30 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-04-18 14:19 - 2014-11-22 18:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-18 14:18 - 2014-11-22 17:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-18 14:18 - 2014-11-04 20:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-18 14:17 - 2014-11-04 20:18 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-18 14:17 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-18 14:17 - 2013-08-22 15:25 - 00000167 _____ () C:\Windows\win.ini
2015-04-17 17:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-17 14:21 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-16 11:17 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 00:59 - 2014-11-22 16:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-14 23:29 - 2015-02-10 20:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-14 23:29 - 2014-11-04 08:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-14 01:24 - 2013-08-22 17:38 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-11 20:59 - 2015-03-18 21:57 - 00003858 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1426708674
2015-04-09 02:58 - 2015-02-10 20:22 - 00078480 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-04-09 02:58 - 2015-02-10 20:22 - 00066704 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-04-09 02:58 - 2014-12-20 20:15 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-09 02:58 - 2014-12-20 20:15 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-09 02:58 - 2014-11-04 08:11 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-09 02:58 - 2014-11-04 08:11 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-08 23:30 - 2015-02-10 20:23 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-08 23:30 - 2015-02-10 20:23 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-08 23:30 - 2015-02-10 20:23 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-08 23:30 - 2015-02-10 20:23 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-08 23:30 - 2015-02-10 20:23 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-08 23:30 - 2015-02-10 20:23 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-08 19:52 - 2015-02-10 20:23 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-31 23:32 - 2014-11-04 19:47 - 00000000 ____D () C:\Users\Susanne\AppData\Roaming\TS3Client
2015-03-31 23:29 - 2014-11-04 20:57 - 00000000 ____D () C:\ProgramData\Origin
2015-03-31 22:49 - 2014-11-26 14:40 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-03-31 22:48 - 2014-11-26 14:40 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-03-31 14:23 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-31 13:27 - 2014-11-04 17:24 - 00000000 ____D () C:\Users\Susanne\AppData\Roaming\Skype
2015-03-31 13:17 - 2015-01-24 01:15 - 00000000 ____D () C:\Users\Susanne\AppData\Roaming\VMware
2015-03-31 13:17 - 2015-01-24 01:15 - 00000000 ____D () C:\Users\Susanne\AppData\Local\VMware
2015-03-28 05:44 - 2015-02-10 20:23 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:44 - 2015-02-10 20:23 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:43 - 2015-02-10 20:23 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2015-02-10 20:23 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

==================== Files in the root of some directories =======

2014-11-04 08:07 - 2014-11-04 08:07 - 0000000 _____ () C:\Users\Susanne\AppData\Local\Driver_LOM_8161Present.flag
2014-11-04 19:15 - 2014-11-04 19:15 - 2593867 _____ () C:\ProgramData\1415120926.bdinstall.bin

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-18 13:45

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Additional Log:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2015
Ran by Susanne at 2015-04-22 18:55:17
Running from D:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version:  - Ubisoft Montreal)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.17.0.1227 - Bitdefender)
Corsair Utility Engine (HKLM-x32\...\{0EDCDA72-13D1-4230-BE94-328656A79936}) (Version: 1.5.80 - Corsair)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.44 - Creative Technology Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative AutoMode Switcher (HKLM-x32\...\Creative AutoMode Switcher) (Version: 1.00 - Creative Technology Limited)
Creative Konsole Starter (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Crysis®3 Digital Deluxe Edition Content (HKLM-x32\...\{2A8C5AE3-2772-4EB1-8206-D5E53D111A61}) (Version: 1.0.0.0 - Electronic Arts)
DmC Devil May Cry (HKLM-x32\...\Steam App 220440) (Version:  - Ninja Theory)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version:  - Ubisoft Montreal)
FINAL FANTASY XIII (HKLM-x32\...\Steam App 292120) (Version:  - SQUARE ENIX)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lautstärkefenster (HKLM-x32\...\Creative Volume Panel) (Version: 2.21 - Creative Technology Limited)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)
Metro 2033 Redux (HKLM-x32\...\Steam App 286690) (Version:  - 4A GAMES)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Firefox 37.0.2 (x86 de) (HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 28.0.1750.48 (HKLM-x32\...\Opera 28.0.1750.48) (Version: 28.0.1750.48 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.48.1376 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.48.1376 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{638B2F8F-46C9-477D-9E3E-1D3807319428}) (Version: 1.1.48.1376 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.48.1376 - Qualcomm Atheros) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
SimCity 4 Deluxe Edition (HKLM-x32\...\1207664593_is1) (Version: 2.1.0.9 - GOG.com)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Sins of a Solar Empire®: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - Ironclad Games)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stranded Deep (HKLM-x32\...\Steam App 313120) (Version:  - Beam Team Games)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
THX-Einrichtungskonsole (HKLM-x32\...\THX_Console_Unicode) (Version:  - )
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Tt eSPORTS THERON (HKLM-x32\...\{B50AB875-64A2-4D12-BB48-B15611B48CE0}) (Version: 1.0.0 - Tt eSPORTS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{CBCC2FD8-7DFE-4752-95B5-2E447C226F45}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.1.0 - VMware, Inc)
VMware Player (Version: 7.1.0 - VMware, Inc.) Hidden
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-03-2015 11:27:28 Windows Update
14-03-2015 20:25:22 DirectX wurde installiert
19-03-2015 11:28:25 Windows Update
13-04-2015 15:51:32 Windows Update
14-04-2015 23:29:35 NVIDIA PhysX wird entfernt
18-04-2015 14:16:13 Windows Update
20-04-2015 19:49:17 Konfiguriert Tt eSPORTS THERON

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2014-11-07 19:56 - 00001054 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 apps.skype.com/
127.0.0.1 rad.msn.com
127.0.0.1 live.rads.msn.com
127.0.0.1 ads1.msn.com
127.0.0.1 static.2mdn.net
127.0.0.1 g.msn.com
127.0.0.1 a.ads2.msads.net
127.0.0.1 b.ads2.msads.net
127.0.0.1 ac3.msn.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14863D19-1C18-4F92-BD05-04B45C2C19C4} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {17DBBD80-69F1-4D39-A04D-30A71663EA26} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {22F7D111-8AEF-472C-9549-C927A7820EBB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {275B28F6-A48B-4D17-9B42-4EDF98BFD525} - System32\Tasks\Opera scheduled Autoupdate 1426708674 => D:\Program Files (x86)\Opera\launcher.exe [2015-03-16] (Opera Software)
Task: {4505592F-E33D-4AB6-B4D1-B6F24ED97577} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-18] (Microsoft Corporation)
Task: {49B7AD81-A1D5-4907-B6BD-D5AB84384C5B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {5D630B29-AFB7-4BC4-B6FC-EA0C44B84209} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {83126218-84F4-4F94-95A7-4D0833E08FCC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {8B9279C3-C7FB-4E6C-AD14-BA161593023D} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {B113AD0F-A1AD-4066-B3BA-B5CFD2ADC612} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {B272F6FE-20D4-429F-9440-C4FB96B46923} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {CD02C8A1-B089-49EE-A7AE-9551D5CD0E01} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) ==============

2014-11-04 19:14 - 2014-08-27 17:31 - 00265080 _____ () D:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-11-04 19:14 - 2013-09-03 15:29 - 00101328 _____ () D:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-11-04 19:14 - 2014-10-15 13:08 - 00003072 _____ () D:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-11-04 19:14 - 2012-10-29 15:22 - 00152816 _____ () D:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-04-20 15:31 - 2015-04-20 15:31 - 00789856 _____ () D:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_005\ashttpbr.mdl
2015-04-20 15:31 - 2015-04-20 15:31 - 00710016 _____ () D:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_005\ashttpdsp.mdl
2015-04-20 15:31 - 2015-04-20 15:31 - 02683008 _____ () D:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_005\ashttpph.mdl
2015-04-20 15:31 - 2015-04-20 15:31 - 01325480 _____ () D:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_005\ashttprbl.mdl
2014-11-26 14:40 - 2015-02-05 12:38 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-10 20:23 - 2015-04-08 23:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-25 23:04 - 2014-11-25 23:06 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-10-17 14:40 - 2014-10-17 14:40 - 00325120 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2015-02-06 19:40 - 2015-02-06 19:40 - 01301696 _____ () E:\VMware\libxml2.dll
2014-03-20 12:43 - 2014-03-20 12:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-03-31 14:20 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-11-04 08:28 - 2014-09-28 18:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Susanne\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Susanne\Desktop\HPP_1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Susanne\Desktop\HPP_1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Susanne\Desktop\HPP_2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Susanne\Desktop\HPP_2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Susanne\Downloads\FRST64.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\...\fritz.box -> fritz.box

IE restricted site: HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\...\2mdn.net -> static.2mdn.net
IE restricted site: HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\...\msads.net -> a.ads2.msads.net
IE restricted site: HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\...\msn.com -> ac3.msn.com
IE restricted site: HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\...\skype.com -> apps.skype.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Susanne\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\dark_colors_abstract-1920x1200.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: iumsvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: Origin Client Service => 3
HKLM\...\StartupApproved\Run32: => "Corsair Utility Engine"
HKLM\...\StartupApproved\Run32: => "Tt eSPORTS THERON Gaming Mouse"
HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\...\StartupApproved\Run: => "Bitdefender-Geldbörse-Agent"
HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\...\StartupApproved\Run: => "NvLedServiceHost"

==================== Accounts: =============================

Administrator (S-1-5-21-2894863473-1291922871-1129395940-500 - Administrator - Disabled)
Gast (S-1-5-21-2894863473-1291922871-1129395940-501 - Limited - Disabled)
Susanne (S-1-5-21-2894863473-1291922871-1129395940-1001 - Administrator - Enabled) => C:\Users\Susanne

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2015 03:33:23 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')

Error: (04/22/2015 03:28:17 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/22/2015 09:23:43 AM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')

Error: (04/22/2015 09:18:38 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/21/2015 05:16:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm winamp.exe, Version 5.6.6.3516 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1688

Startzeit: 01d07c461b923032

Endzeit: 4

Anwendungspfad: D:\Program Files\Winamp\winamp.exe

Berichts-ID: 631d4025-e839-11e4-82a7-d050992795e5

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/21/2015 05:16:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm winamp.exe, Version 5.6.6.3516 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c28

Startzeit: 01d07c46081fd772

Endzeit: 5

Anwendungspfad: D:\Program Files\Winamp\winamp.exe

Berichts-ID: 512ed36f-e839-11e4-82a7-d050992795e5

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/21/2015 03:11:15 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')

Error: (04/21/2015 03:06:09 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/21/2015 11:21:22 AM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')

Error: (04/21/2015 09:48:39 AM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')


System errors:
=============
Error: (04/18/2015 02:15:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/18/2015 02:15:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (04/16/2015 01:03:18 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240054 fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3013769)

Error: (04/11/2015 08:59:35 PM) (Source: Schannel) (EventID: 4108) (User: NT-AUTORITÄT)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092013. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (04/11/2015 08:59:35 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 552.

Error: (04/11/2015 08:59:26 PM) (Source: Schannel) (EventID: 4108) (User: NT-AUTORITÄT)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092013. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (04/11/2015 08:59:26 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 552.

Error: (04/11/2015 08:59:22 PM) (Source: Schannel) (EventID: 4108) (User: NT-AUTORITÄT)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092013. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.

Error: (04/11/2015 08:59:22 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 552.

Error: (04/11/2015 08:59:18 PM) (Source: Schannel) (EventID: 4108) (User: NT-AUTORITÄT)
Description: Das vom Remoteserver erhaltene Zertifikat wurde falsch verifiziert. Fehlercode: 0x80092013. Fehler bei der SSL-Zertifikatanforderung. Die angefügten Daten enthalten das Serverzertifikat.


Microsoft Office Sessions:
=========================
Error: (04/22/2015 03:33:23 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')

Error: (04/22/2015 03:28:17 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/22/2015 09:23:43 AM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')

Error: (04/22/2015 09:18:38 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/21/2015 05:16:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: winamp.exe5.6.6.3516168801d07c461b9230324D:\Program Files\Winamp\winamp.exe631d4025-e839-11e4-82a7-d050992795e5

Error: (04/21/2015 05:16:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: winamp.exe5.6.6.3516c2801d07c46081fd7725D:\Program Files\Winamp\winamp.exe512ed36f-e839-11e4-82a7-d050992795e5

Error: (04/21/2015 03:11:15 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')

Error: (04/21/2015 03:06:09 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/21/2015 11:21:22 AM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')

Error: (04/21/2015 09:48:39 AM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 16%
Total physical RAM: 16341.58 MB
Available physical RAM: 13673.14 MB
Total Pagefile: 18773.58 MB
Available Pagefile: 16729.83 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.6 GB) (Free:294.42 GB) NTFS
Drive d: () (Fixed) (Total:1667.7 GB) (Free:1498.69 GB) NTFS
Drive e: () (Fixed) (Total:195.31 GB) (Free:159.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 41019181)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=476.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 41019192)
Partition 1: (Not Active) - (Size=1667.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

deeprybka · 22.04.2015, 20:14

Hi,

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Download und Anleitung
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Gehe zurück zum Armaturenbrett und klicke auf "Jetzt scannen".
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben und poste mir das Log.

Schritt 3

Bitte starte FRST erneut, markiere auch die checkbox

und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

SimAran · 23.04.2015, 12:29

Ok, dann mal los:

Adwcleaner Log:

Code:

ATTFilter

# AdwCleaner v4.201 - Bericht erstellt 23/04/2015 um 13:13:45
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-22.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Susanne - XPREDATOR_NEW
# Gestarted von : C:\Users\Susanne\Desktop\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0.1 (x86 de)


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [901 Bytes] - [23/04/2015 13:13:23]
AdwCleaner[S0].txt - [822 Bytes] - [23/04/2015 13:13:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [880  Bytes] ##########

Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 23.04.2015
Suchlauf-Zeit: 13:18:04
Logdatei: Malwarebytes Scan Log.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.04.23.03
Rootkit Datenbank: v2015.04.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Susanne

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 342573
Verstrichene Zeit: 3 Min, 50 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015
Ran by Susanne (administrator) on XPREDATOR_NEW on 23-04-2015 13:27:01
Running from D:\Downloads
Loaded Profiles: Susanne (Available profiles: Susanne)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) D:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Bitdefender) D:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(VMware, Inc.) E:\VMware\vmware-authd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Bitdefender) D:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Malwarebytes Corporation) D:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) D:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) D:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [Bdagent] => D:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-04-10] (Bitdefender)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Tt eSPORTS THERON Gaming Mouse] => C:\Program Files (x86)\Tt eSPORTS\Tt eSPORTS THERON\THERON.exe [21456680 2014-05-20] (Thermaltake)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [11196224 2015-02-23] (Corsair Components, Inc.)
HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\...\Run: [NvLedServiceHost] => C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe [87184 2015-03-28] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-11-04]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{D6E67DA7-8988-46FB-BF12-70635254B0CD}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - D:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-25] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - D:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-25] (Bitdefender)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\b8tc5rl9.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-20] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-20] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2894863473-1291922871-1129395940-1001: amazon.com/AmazonMP3DownloaderPlugin -> D:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-12] (Amazon.com, Inc.)
FF Extension: YouTube Unblocker - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\b8tc5rl9.default\Extensions\youtubeunblocker@unblocker.yt [2015-04-16]
FF Extension: Magic Actions for YouTube™ - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\b8tc5rl9.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2015-03-18]
FF Extension: Skype Service - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\b8tc5rl9.default\Extensions\{060e9e40-8d52-4a4e-aca6-d45961ea2178}.xpi [2015-04-13]
FF Extension: NoScript - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\b8tc5rl9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-03-18]
FF Extension: {f46d542f-b810-405e-ad23-53cbb61de32d} - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\b8tc5rl9.default\Extensions\{f46d542f-b810-405e-ad23-53cbb61de32d}.xpi [2015-03-18]
FF Extension: Adblock Edge - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\b8tc5rl9.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-03-18]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - D:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - D:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-11-04]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - D:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - D:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-11-04]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - D:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
StartMenuInternet: FIREFOX.EXE - D:\Program Files\Mozilla_Firefox\firefox.exe

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

Opera: 
=======
StartMenuInternet: (HKLM) OperaStable - D:\Program Files (x86)\Opera\Launcher.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BdDesktopParental; D:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-01-20] (Bitdefender)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-11-04] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-11-04] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-20] (Intel Corporation)
S4 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMScheduler; D:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; D:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files\Origin\OriginClientService.exe [1930608 2015-03-30] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-12-09] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-05] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-10-17] (Qualcomm Atheros) [File not signed]
S2 SkypeUpdate; D:\Program Files\Skype\Updater\Updater.exe [315488 2015-01-02] (Skype Technologies)
R2 UPDATESRV; D:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-24] (Bitdefender)
R2 VMAuthdService; E:\VMware\vmware-authd.exe [87744 2015-02-06] (VMware, Inc.)
R2 vsserv; D:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-04-10] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-25] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [262544 2015-02-25] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-25] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-02-25] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-25] (BitDefender SRL)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [98992 2014-10-16] (Qualcomm Atheros, Inc.)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [48808 2014-10-29] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [22696 2014-10-29] (Corsair)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-04-10] (BitDefender LLC)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
R3 Thermnaltake MS6 Filter; C:\Windows\System32\Drivers\MS6Filter.sys [57200 2013-11-28] (Thermaltake)
R3 Thermnaltake MS6 Filter; C:\Windows\SysWOW64\Drivers\MS6Filter.sys [31488 2013-11-28] (Thermaltake) [File not signed]
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-11-24] (BitDefender S.R.L.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-23 13:17 - 2015-04-23 13:17 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-23 13:17 - 2015-04-23 13:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-23 13:17 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-23 13:17 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-23 13:17 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-23 13:13 - 2015-04-23 13:13 - 00000000 ____D () C:\AdwCleaner
2015-04-23 13:11 - 2015-04-23 13:11 - 02217984 _____ () C:\Users\Susanne\Desktop\AdwCleaner_4.201.exe
2015-04-22 18:54 - 2015-04-23 13:27 - 00000000 ____D () C:\FRST
2015-04-22 18:53 - 2015-04-22 18:53 - 02099712 _____ (Farbar) C:\Users\Susanne\Downloads\FRST64.exe
2015-04-20 19:51 - 2015-04-23 13:14 - 00000696 _____ () C:\Windows\setupact.log
2015-04-20 19:51 - 2015-04-20 19:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-18 14:13 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-18 14:13 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-18 14:13 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-18 14:13 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-18 14:13 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-18 14:13 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-18 14:13 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-18 14:13 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-18 14:13 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-18 14:13 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-18 14:13 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-18 14:13 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-18 14:13 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-18 14:13 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-18 14:13 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-18 14:13 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-18 14:13 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-18 14:13 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-18 14:13 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-18 14:13 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-18 14:13 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-18 14:13 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-18 14:13 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-18 14:13 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-18 14:13 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-18 14:13 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-18 14:13 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-18 14:13 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-18 14:13 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-18 14:13 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-18 14:13 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-18 14:13 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-18 14:13 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-18 14:13 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-18 14:13 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-18 14:13 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-18 14:13 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-18 14:13 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-18 14:13 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-18 14:13 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-18 14:13 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-18 14:13 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-16 01:03 - 2015-01-06 05:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2015-04-16 01:03 - 2015-01-06 04:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2015-04-16 01:03 - 2015-01-06 03:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2015-04-16 01:03 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2015-04-16 00:59 - 2015-04-16 00:59 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-14 23:29 - 2015-04-09 02:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-14 23:29 - 2015-04-09 02:58 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00849552 _____ () C:\Windows\system32\nvmcumd.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-14 23:29 - 2015-04-09 02:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-13 15:51 - 2015-04-13 15:51 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-13 15:51 - 2015-04-13 15:51 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-13 15:51 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-13 15:51 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-13 15:51 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-13 15:51 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-13 15:51 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-13 15:51 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-13 15:51 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-13 15:51 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-13 15:51 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-13 15:51 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-13 15:51 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-13 15:51 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-13 15:51 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-13 15:51 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-13 15:51 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-13 15:51 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-13 15:51 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-13 15:51 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-13 15:51 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-13 15:51 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-13 15:51 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-13 15:51 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-13 15:51 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-13 15:51 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-13 15:51 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-13 15:51 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-13 15:51 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-13 15:51 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-13 15:51 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-10 19:56 - 2015-04-10 19:56 - 00160544 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-23 13:21 - 2014-11-04 08:06 - 01732686 _____ () C:\Windows\WindowsUpdate.log
2015-04-23 13:21 - 2014-03-18 12:03 - 01788458 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-23 13:21 - 2014-03-18 11:25 - 00768062 _____ () C:\Windows\system32\perfh007.dat
2015-04-23 13:21 - 2014-03-18 11:25 - 00160906 _____ () C:\Windows\system32\perfc007.dat
2015-04-23 13:16 - 2014-11-04 08:18 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log
2015-04-23 13:15 - 2014-11-04 08:22 - 00000000 __RDO () C:\Users\Susanne\OneDrive
2015-04-23 13:14 - 2015-01-24 00:08 - 00000000 ____D () C:\ProgramData\VMware
2015-04-23 13:14 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-23 13:13 - 2013-08-22 15:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-04-23 01:08 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-22 23:46 - 2014-11-04 17:18 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-22 23:20 - 2014-11-04 17:24 - 00000000 ____D () C:\Users\Susanne\AppData\Roaming\Skype
2015-04-20 20:29 - 2014-11-04 08:13 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2894863473-1291922871-1129395940-1001
2015-04-20 19:55 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-04-20 11:30 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-04-18 14:19 - 2014-11-22 18:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-18 14:18 - 2014-11-22 17:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-18 14:18 - 2014-11-04 20:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-18 14:17 - 2014-11-04 20:18 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-18 14:17 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-18 14:17 - 2013-08-22 15:25 - 00000167 _____ () C:\Windows\win.ini
2015-04-17 17:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-17 14:21 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-16 11:17 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 00:59 - 2014-11-22 16:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-14 23:29 - 2015-02-10 20:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-14 23:29 - 2014-11-04 08:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-14 01:24 - 2013-08-22 17:38 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-11 20:59 - 2015-03-18 21:57 - 00003858 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1426708674
2015-04-09 02:58 - 2015-02-10 20:22 - 00078480 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-04-09 02:58 - 2015-02-10 20:22 - 00066704 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-04-09 02:58 - 2014-12-20 20:15 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-09 02:58 - 2014-12-20 20:15 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-09 02:58 - 2014-11-04 08:11 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-09 02:58 - 2014-11-04 08:11 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-08 23:30 - 2015-02-10 20:23 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-08 23:30 - 2015-02-10 20:23 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-08 23:30 - 2015-02-10 20:23 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-08 23:30 - 2015-02-10 20:23 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-08 23:30 - 2015-02-10 20:23 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-08 23:30 - 2015-02-10 20:23 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-08 19:52 - 2015-02-10 20:23 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-31 23:32 - 2014-11-04 19:47 - 00000000 ____D () C:\Users\Susanne\AppData\Roaming\TS3Client
2015-03-31 23:29 - 2014-11-04 20:57 - 00000000 ____D () C:\ProgramData\Origin
2015-03-31 22:49 - 2014-11-26 14:40 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-03-31 22:48 - 2014-11-26 14:40 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-03-31 14:23 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-31 13:17 - 2015-01-24 01:15 - 00000000 ____D () C:\Users\Susanne\AppData\Roaming\VMware
2015-03-31 13:17 - 2015-01-24 01:15 - 00000000 ____D () C:\Users\Susanne\AppData\Local\VMware
2015-03-28 05:44 - 2015-02-10 20:23 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:44 - 2015-02-10 20:23 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:43 - 2015-02-10 20:23 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2015-02-10 20:23 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

==================== Files in the root of some directories =======

2014-11-04 08:07 - 2014-11-04 08:07 - 0000000 _____ () C:\Users\Susanne\AppData\Local\Driver_LOM_8161Present.flag
2014-11-04 19:15 - 2014-11-04 19:15 - 2593867 _____ () C:\ProgramData\1415120926.bdinstall.bin

Some content of TEMP:
====================
C:\Users\Susanne\AppData\Local\Temp\Quarantine.exe
C:\Users\Susanne\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-18 13:45

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2015
Ran by Susanne at 2015-04-23 13:27:14
Running from D:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version:  - Ubisoft Montreal)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.17.0.1227 - Bitdefender)
Corsair Utility Engine (HKLM-x32\...\{0EDCDA72-13D1-4230-BE94-328656A79936}) (Version: 1.5.80 - Corsair)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.44 - Creative Technology Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative AutoMode Switcher (HKLM-x32\...\Creative AutoMode Switcher) (Version: 1.00 - Creative Technology Limited)
Creative Konsole Starter (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Crysis®3 Digital Deluxe Edition Content (HKLM-x32\...\{2A8C5AE3-2772-4EB1-8206-D5E53D111A61}) (Version: 1.0.0.0 - Electronic Arts)
DmC Devil May Cry (HKLM-x32\...\Steam App 220440) (Version:  - Ninja Theory)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version:  - Ubisoft Montreal)
FINAL FANTASY XIII (HKLM-x32\...\Steam App 292120) (Version:  - SQUARE ENIX)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lautstärkefenster (HKLM-x32\...\Creative Volume Panel) (Version: 2.21 - Creative Technology Limited)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)
Metro 2033 Redux (HKLM-x32\...\Steam App 286690) (Version:  - 4A GAMES)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Firefox 37.0.2 (x86 de) (HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 28.0.1750.48 (HKLM-x32\...\Opera 28.0.1750.48) (Version: 28.0.1750.48 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.48.1376 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.48.1376 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{638B2F8F-46C9-477D-9E3E-1D3807319428}) (Version: 1.1.48.1376 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.48.1376 - Qualcomm Atheros) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
SimCity 4 Deluxe Edition (HKLM-x32\...\1207664593_is1) (Version: 2.1.0.9 - GOG.com)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Sins of a Solar Empire®: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - Ironclad Games)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stranded Deep (HKLM-x32\...\Steam App 313120) (Version:  - Beam Team Games)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
THX-Einrichtungskonsole (HKLM-x32\...\THX_Console_Unicode) (Version:  - )
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Tt eSPORTS THERON (HKLM-x32\...\{B50AB875-64A2-4D12-BB48-B15611B48CE0}) (Version: 1.0.0 - Tt eSPORTS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{CBCC2FD8-7DFE-4752-95B5-2E447C226F45}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.1.0 - VMware, Inc)
VMware Player (Version: 7.1.0 - VMware, Inc.) Hidden
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-03-2015 11:27:28 Windows Update
14-03-2015 20:25:22 DirectX wurde installiert
19-03-2015 11:28:25 Windows Update
13-04-2015 15:51:32 Windows Update
14-04-2015 23:29:35 NVIDIA PhysX wird entfernt
18-04-2015 14:16:13 Windows Update
20-04-2015 19:49:17 Konfiguriert Tt eSPORTS THERON

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2014-11-07 19:56 - 00001054 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 apps.skype.com/
127.0.0.1 rad.msn.com
127.0.0.1 live.rads.msn.com
127.0.0.1 ads1.msn.com
127.0.0.1 static.2mdn.net
127.0.0.1 g.msn.com
127.0.0.1 a.ads2.msads.net
127.0.0.1 b.ads2.msads.net
127.0.0.1 ac3.msn.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14863D19-1C18-4F92-BD05-04B45C2C19C4} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {17DBBD80-69F1-4D39-A04D-30A71663EA26} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {22F7D111-8AEF-472C-9549-C927A7820EBB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {275B28F6-A48B-4D17-9B42-4EDF98BFD525} - System32\Tasks\Opera scheduled Autoupdate 1426708674 => D:\Program Files (x86)\Opera\launcher.exe [2015-03-16] (Opera Software)
Task: {49B7AD81-A1D5-4907-B6BD-D5AB84384C5B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {5D630B29-AFB7-4BC4-B6FC-EA0C44B84209} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {83126218-84F4-4F94-95A7-4D0833E08FCC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {8B9279C3-C7FB-4E6C-AD14-BA161593023D} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {B113AD0F-A1AD-4066-B3BA-B5CFD2ADC612} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {B272F6FE-20D4-429F-9440-C4FB96B46923} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {CB16DE71-6ACE-480B-B5D3-AAB35744AEB6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-18] (Microsoft Corporation)
Task: {CD02C8A1-B089-49EE-A7AE-9551D5CD0E01} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) ==============

2014-11-04 19:14 - 2014-08-27 17:31 - 00265080 _____ () D:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-11-04 19:14 - 2013-09-03 15:29 - 00101328 _____ () D:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-11-04 19:14 - 2014-10-15 13:08 - 00003072 _____ () D:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-11-04 19:14 - 2012-10-29 15:22 - 00152816 _____ () D:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-04-20 15:31 - 2015-04-20 15:31 - 00789856 _____ () D:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_005\ashttpbr.mdl
2015-04-20 15:31 - 2015-04-20 15:31 - 00710016 _____ () D:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_005\ashttpdsp.mdl
2015-04-20 15:31 - 2015-04-20 15:31 - 02683008 _____ () D:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_005\ashttpph.mdl
2015-04-20 15:31 - 2015-04-20 15:31 - 01325480 _____ () D:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_005\ashttprbl.mdl
2015-02-10 20:23 - 2015-04-08 23:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-26 14:40 - 2015-02-05 12:38 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-10-17 14:40 - 2014-10-17 14:40 - 00325120 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2015-02-06 19:40 - 2015-02-06 19:40 - 01301696 _____ () E:\VMware\libxml2.dll
2015-03-31 14:20 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-11-04 08:28 - 2014-09-28 18:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-03-20 12:43 - 2014-03-20 12:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Susanne\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Susanne\Desktop\AdwCleaner_4.201.exe:BDU
AlternateDataStreams: C:\Users\Susanne\Desktop\HPP_1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Susanne\Desktop\HPP_1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Susanne\Desktop\HPP_2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Susanne\Desktop\HPP_2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Susanne\Downloads\FRST64.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\...\fritz.box -> fritz.box

IE restricted site: HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\...\2mdn.net -> static.2mdn.net
IE restricted site: HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\...\msads.net -> a.ads2.msads.net
IE restricted site: HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\...\msn.com -> ac3.msn.com
IE restricted site: HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\...\skype.com -> apps.skype.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Susanne\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\dark_colors_abstract-1920x1200.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: iumsvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: Origin Client Service => 3
HKLM\...\StartupApproved\Run32: => "Corsair Utility Engine"
HKLM\...\StartupApproved\Run32: => "Tt eSPORTS THERON Gaming Mouse"
HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\...\StartupApproved\Run: => "Bitdefender-Geldbörse-Agent"
HKU\S-1-5-21-2894863473-1291922871-1129395940-1001\...\StartupApproved\Run: => "NvLedServiceHost"

==================== Accounts: =============================

Administrator (S-1-5-21-2894863473-1291922871-1129395940-500 - Administrator - Disabled)
Gast (S-1-5-21-2894863473-1291922871-1129395940-501 - Limited - Disabled)
Susanne (S-1-5-21-2894863473-1291922871-1129395940-1001 - Administrator - Enabled) => C:\Users\Susanne

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/23/2015 01:20:24 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')

Error: (04/23/2015 00:31:08 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')

Error: (04/23/2015 00:26:03 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [5]

Error: (04/23/2015 01:12:39 AM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')

Error: (04/23/2015 01:07:33 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/22/2015 03:33:23 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')

Error: (04/22/2015 03:28:17 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/22/2015 09:23:43 AM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')

Error: (04/22/2015 09:18:38 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/21/2015 05:16:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm winamp.exe, Version 5.6.6.3516 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1688

Startzeit: 01d07c461b923032

Endzeit: 4

Anwendungspfad: D:\Program Files\Winamp\winamp.exe

Berichts-ID: 631d4025-e839-11e4-82a7-d050992795e5

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (04/23/2015 01:13:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2015 01:13:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel® ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2015 01:13:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2015 01:13:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VMware Authorization Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2015 01:13:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "VMware USB Arbitration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/23/2015 01:13:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VMware DHCP Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2015 01:13:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "VMware NAT Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/23/2015 01:13:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Qualcomm Atheros Killer Service V2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2015 01:13:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2015 01:13:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (04/23/2015 01:20:24 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')

Error: (04/23/2015 00:31:08 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')

Error: (04/23/2015 00:26:03 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [5]

Error: (04/23/2015 01:12:39 AM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')

Error: (04/23/2015 01:07:33 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/22/2015 03:33:23 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')

Error: (04/22/2015 03:28:17 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/22/2015 09:23:43 AM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')

Error: (04/22/2015 09:18:38 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/21/2015 05:16:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: winamp.exe5.6.6.3516168801d07c461b9230324D:\Program Files\Winamp\winamp.exe631d4025-e839-11e4-82a7-d050992795e5


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 12%
Total physical RAM: 16341.58 MB
Available physical RAM: 14303.73 MB
Total Pagefile: 18773.58 MB
Available Pagefile: 16686.73 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.6 GB) (Free:294.07 GB) NTFS
Drive d: () (Fixed) (Total:1667.7 GB) (Free:1498.62 GB) NTFS
Drive e: () (Fixed) (Total:195.31 GB) (Free:159.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 41019181)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=476.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 41019192)
Partition 1: (Not Active) - (Size=1667.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

deeprybka · 23.04.2015, 12:53

Hi,

Schritt 1

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

SimAran · 23.04.2015, 22:10

Hier das Eset Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2374ed891a591142b85f5eaa8082a2c3
# engine=23531
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-23 09:01:16
# local_time=2015-04-23 11:01:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2066 16777213 85 100 2191 133668185 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3755644 54704169 0 0
# scanned=244302
# found=0
# cleaned=0
# scan_time=1979

deeprybka · 23.04.2015, 22:12

Danke Dir!
Motzt Bitdefender noch immer? Kannst mal bitte ein Log oder einen Screenshot posten?

SimAran · 23.04.2015, 22:23

Ja, wann immer ich Firefox öffne, meckert er... Es kommen 3 verschiedene Meldungen, manchmal alle 3 gleichzeitig, manchmal aber auch nur 2 oder eine davon. Log konnte ich keines finden, hab also schnell Screenshots von den Meldungen gemacht.

Aus irgendeinem Grund lässt das Forum mich die Bilder nicht als Grafik einfügen, daher hier die Links zu den 3 Screenshots:

h**p://www.directupload.net/file/d/3966/86cgb42i_png.htm
h**p://www.directupload.net/file/d/3966/fmn6rwkd_png.htm
h**p://www.directupload.net/file/d/3966/zyp98gvh_png.htm

deeprybka · 24.04.2015, 16:15

Hi, bitte Bitdefender vorübergehend deaktivieren:

Schritt 1
Download von

ZOEK (by Smeenk)

Speichere die zoek.exe auf dem Desktop.
Bitte deaktiviere während der Verwendung von Zoek Deinen Virenscanner, da dieser Zoek stören könnte.
Starte die zoek.exe mit einem Doppelklick und warte bis die Programmoberfläche erscheint (ca. 30 Sekunden)
Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
Code:
ATTFilter
```
standardsearch; 
shortcutfix;
emptyclsid;
autoclean;
         
```

Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.

Zitat:

Zoek.exe is running now.
Do not start any browser windows, they may get closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter C:\
Bitte poste mir das zoek-results.log.

SimAran · 24.04.2015, 22:00

Hier das Log. Das Programm hat im Übrigen beim Laufen eine Fehlermeldung rausgegeben, hab dummerweise aber in dem Moment nicht dran gedacht davon einen Screenshot zu machen.

Code:

ATTFilter

Zoek.exe v5.0.0.0 Updated 23-04-2015
Tool run by Susanne on 24.04.2015 at 22:47:51,24.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

24.04.2015 22:48:23 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\Susanne\AppData\Roaming\QuickScan deleted successfully
C:\Users\Susanne\AppData\Local\Adobe deleted successfully
C:\Users\Susanne\AppData\Local\PackageStaging deleted successfully
C:\Users\Susanne\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
E:\VMware\vmware-authd.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
D:\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\b8tc5rl9.default

user.js not found
---- Lines search.com removed from prefs.js ----
user_pref("capability.policy.maonoscript.sites", "addons.mozilla.org adobe.com afx.ms ajax.aspnetcdn.com ajax.googleapis.com akamaihd.net alte-apothek
---- FireFox user.js and prefs.js backups ---- 

prefs__2252_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\b8tc5rl9.default\jetpack deleted
C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\b8tc5rl9.default\extensions\youtubeunblocker@unblocker.yt deleted

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 16342 MB
CPU Info: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
CPU Speed: 4061,9 MHz
Sound Card: Lautsprecher (Creative SB X-Fi) | 
SPDIF-Out (Creative SB X-Fi) | 
Display Adapters: NVIDIA GeForce GTX 770 | NVIDIA GeForce GTX 770 | NVIDIA GeForce GTX 770 | NVIDIA GeForce GTX 770
Monitors: 1x; AOC G2460 | 
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Killer e2200 Gigabit Ethernet Controller (NDIS 6.30) | VMware Virtual Ethernet Adapter for VMnet1 | VMware Virtual Ethernet Adapter for VMnet8
CD / DVD Drives: 1x (F: | ) F: HL-DT-STBD-RE  BH16NS40
Ports: COM1 LPT Port NOT Present. 
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  476,6GB | D:  1667,7GB | E:  195,3GB
Hard Disks - Free: C:  295,0GB | D:  1498,6GB | E:  159,4GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 12/17/14 | ALASKA - 1072009
Time Zone: Mitteleuropäische Zeit
Motherboard *: ASRock Z97 Killer
Country: Deutschland 
Language: DEU 

==== System Specs (Software) ======================

Anti-Virus: Bitdefender Antivirus On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Bitdefender Spyware-Schutz disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: Bitdefender Firewall disabled
Default Browser: Firefox	37.0.2
Internet Explorer Version: 11.0.9600.17728 
Mozilla Firefox version: 36.0.1 (x86 de)
Opera Browser version: 28.0.1750.48
Sun Java version: 1.8.0_31 (32-bit) 
Sun Java version: 1.8.0_31 (64-bit) 
Flash Player version: 17.0.0.169

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Susanne\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-04-23 15:34:08	CB07788DF1639ED547F645403BECD759	141824	----a-w-	C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-04-23 15:34:07	CF0904281FE0B02C39EF071D05A22181	358912	----a-w-	C:\Windows\SysWOW64\schannel.dll
2015-04-23 15:34:07	95AB9B30166221ED22E43290D47198CD	364544	----a-w-	C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-04-23 15:34:07	828217922A264B1E81EF19729363AAF9	324096	----a-w-	C:\Windows\SysWOW64\certcli.dll
2015-04-23 15:34:07	69304975B8DF00BDC9567AAAF97791F2	1812992	----a-w-	C:\Windows\SysWOW64\SRH.dll
2015-04-23 15:34:07	032D9982B72E4F9A9B62A43B4CEDB072	1969664	----a-w-	C:\Windows\SysWOW64\wpdshext.dll
2015-04-18 12:13:42	2F42037DD6F2831332653EB7F35D7E9A	19695616	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2015-04-18 12:13:41	C46904F2E9E121A91DDDABB48D7648C3	1888256	----a-w-	C:\Windows\SysWOW64\wininet.dll
2015-04-18 12:13:41	AE8A9FCDC135F681EFE9135929CF4A7B	12825600	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2015-04-18 12:13:41	8127C2EE2E287BB3AB7843F9923B62BD	1311232	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2015-04-18 12:13:41	77104FDBBD821F2D73338D9370675EF3	2278400	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2015-04-18 12:13:41	65296F27564BFA862B12D8E42B11D14E	880128	----a-w-	C:\Windows\SysWOW64\inetcomm.dll
2015-04-18 12:13:41	43A5A38E45F0D4FA02A0CCD51244AA17	4305408	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2015-04-18 12:13:40	EC442CB6F2D08F4FAA6BA68A23B82383	689152	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2015-04-18 12:13:40	9DE502561C39D71B174FE24541449F82	664064	----a-w-	C:\Windows\SysWOW64\jscript.dll
2015-04-18 12:13:40	7776F3DA2B1AEDC2DA226F726B1E9A01	503296	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2015-04-18 12:13:40	2CBD6D22499EB13A2666F62EF33D00E2	16303	----a-w-	C:\Windows\SysWOW64\ieuinit.inf
2015-04-18 12:13:40	01C2BB4C13E6E0AF50867BCE8EE8A03E	710144	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2015-04-18 12:13:17	C1A8175D03884045F1D266D3D8B902DC	369152	----a-w-	C:\Windows\SysWOW64\tracerpt.exe
2015-04-18 12:13:17	A2AE5C4AE0E64B39687EBD015293A531	257216	----a-w-	C:\Windows\SysWOW64\sechost.dll
2015-04-18 12:13:17	374FD87A72F8FEFF75B8AD7BBBF7A7D0	1498872	----a-w-	C:\Windows\SysWOW64\ntdll.dll
2015-04-18 12:13:17	1663E8E480EDD51FEEFDAF46E3949A9C	749568	----a-w-	C:\Windows\SysWOW64\tdh.dll
2015-04-18 12:13:15	5E88986E655935B4D68B964A47A9BFB7	208896	----a-w-	C:\Windows\SysWOW64\pku2u.dll
2015-04-18 12:13:11	3E8FCF4A26FA1A75AEE64FBDE19A2290	58880	----a-w-	C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 23:03:29	E3925B4D7AE619468031677BC95B0020	164864	----a-w-	C:\Windows\SysWOW64\rascfg.dll
2015-04-14 21:29:06	ECBC5B32B8849FE258B64EF28CD3690A	2935416	----a-w-	C:\Windows\SysWOW64\nvapi.dll
2015-04-14 21:29:06	E4DD2EB4A892AD10F2B8535AB3AE3C68	14617288	----a-w-	C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-14 21:29:06	CDEBCEE0698B3F3505F430CA86E9C682	24053576	----a-w-	C:\Windows\SysWOW64\nvoglv32.dll
2015-04-14 21:29:06	C21F94E499714A114B67510F9D168FB5	12852784	----a-w-	C:\Windows\SysWOW64\nvopencl.dll
2015-04-14 21:29:06	A2FE4EB3712D2BD9E9016C11C3FCED15	927440	----a-w-	C:\Windows\SysWOW64\nvumdshim.dll
2015-04-14 21:29:06	A248994C17896065FD5F976C0A8F3DD5	128512	----a-w-	C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-14 21:29:06	98EF2126D6FCC216ED76C2EDDECF47A0	970568	----a-w-	C:\Windows\SysWOW64\NvIFR.dll
2015-04-14 21:29:06	4A372D16B079F7D60EFFE9499529D00A	25375048	----a-w-	C:\Windows\SysWOW64\nvcompiler.dll
2015-04-14 21:29:06	44839FC131CFC983BE5531ACD551F171	346256	----a-w-	C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-14 21:29:06	411EAB7837D941A958B5ACAE6B7BB18B	154256	----a-w-	C:\Windows\SysWOW64\nvinit.dll
2015-04-14 21:29:06	298A2FC3EED3B05A4E773F5CE55639FC	2573456	----a-w-	C:\Windows\SysWOW64\nvcuvid.dll
2015-04-14 21:29:06	2671B71CEA3DDFF7A9322D560390E813	962192	----a-w-	C:\Windows\SysWOW64\NvFBC.dll
2015-04-14 21:29:06	2334CFC30B31B171EAF431439E744705	11380728	----a-w-	C:\Windows\SysWOW64\nvcuda.dll
2015-04-14 21:29:06	148AE93BEB8BE5B6F1794C314F4504BC	402576	----a-w-	C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-13 13:51:29	A7964350B8F9E26679225CB897A522A4	124928	----a-w-	C:\Windows\SysWOW64\wuwebv.dll
2015-04-13 13:51:29	9C8D7CE66075A93954F3082CD6896F0D	81920	----a-w-	C:\Windows\SysWOW64\wudriver.dll
2015-04-13 13:51:29	46DE9C72EE0F23B9AB6A625214C16FE3	1124352	----a-w-	C:\Windows\SysWOW64\msctf.dll
2015-04-13 13:51:29	307FED3A389198547D6446693E8FEFAA	27136	----a-w-	C:\Windows\SysWOW64\wups.dll
2015-04-13 13:51:29	1F457FACEBEE5F9C3882163FF9A51AFC	721920	----a-w-	C:\Windows\SysWOW64\wuapi.dll
2015-04-13 13:51:29	1DAD87D13FE06EF4ECD873A1DDF445E3	29696	----a-w-	C:\Windows\SysWOW64\wuapp.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-04-23 15:34:08	7E36F0698777668A09DD316E59807E0E	172544	----a-w-	C:\Windows\Sysnative\Windows.UI.Input.Inking.dll
2015-04-23 15:34:08	4658D596725A71521971054D3AF1DCD0	2819584	----a-w-	C:\Windows\Sysnative\SettingsHandlers.dll
2015-04-23 15:34:07	B023C38663271E79FC2A9B63F6FE6417	445440	----a-w-	C:\Windows\Sysnative\PhotoMetadataHandler.dll
2015-04-23 15:34:07	8F5EEB8FC2F2EF384798FFB9144645BC	445440	----a-w-	C:\Windows\Sysnative\certcli.dll
2015-04-23 15:34:07	8442CC9A31FC381255B98D615E49EF82	2162176	----a-w-	C:\Windows\Sysnative\SRH.dll
2015-04-23 15:34:07	55E07851E657D1419A95540321B4AB80	4179968	----a-w-	C:\Windows\Sysnative\win32k.sys
2015-04-23 15:34:07	4CA1707858E8D0396C4227481D7DFB16	430080	----a-w-	C:\Windows\Sysnative\schannel.dll
2015-04-23 15:34:07	0F5DF8F08C138D9E1DE88984FEAA1B96	1696256	----a-w-	C:\Windows\Sysnative\wevtsvc.dll
2015-04-23 15:34:07	0BB6089A1AEE468209FE22E29E6B87BD	2067968	----a-w-	C:\Windows\Sysnative\wpdshext.dll
2015-04-23 15:34:07	053EF531F55B508343BB3CA91386C1C7	186368	----a-w-	C:\Windows\Sysnative\dpapisrv.dll
2015-04-18 12:13:42	DBC0C4554A8B2A81F68690D30F12C99E	24980480	----a-w-	C:\Windows\Sysnative\mshtml.dll
2015-04-18 12:13:41	FA10EC0F44A75511D13F9D93184CFC90	14397440	----a-w-	C:\Windows\Sysnative\ieframe.dll
2015-04-18 12:13:41	EF1A03145BC0F28BC7604207A4CE29AB	1032704	----a-w-	C:\Windows\Sysnative\inetcomm.dll
2015-04-18 12:13:41	AA0640B3252BB6E9F90715F79EE77399	6025216	----a-w-	C:\Windows\Sysnative\jscript9.dll
2015-04-18 12:13:41	77B35D0FC22A2D2EAC8D07C3F9784DBF	2358784	----a-w-	C:\Windows\Sysnative\wininet.dll
2015-04-18 12:13:41	7571102ACD8A82A55D1657CDF96A1A0E	720384	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2015-04-18 12:13:41	50B2A19B2FBFEFE0FFC537C1BA6C5DD9	2886144	----a-w-	C:\Windows\Sysnative\iertutil.dll
2015-04-18 12:13:41	3C9D34F1F5A2C6867ECC60026F1F6CB7	1548288	----a-w-	C:\Windows\Sysnative\urlmon.dll
2015-04-18 12:13:41	3457A873B2246B36F1FF58876841D7FE	92160	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2015-04-18 12:13:40	E593E891B374088572AD021431EBC38B	584192	----a-w-	C:\Windows\Sysnative\vbscript.dll
2015-04-18 12:13:40	9171D1A18B1185A78BA33FEE884B8912	801280	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2015-04-18 12:13:40	3408F27ABC8B2426481306336F747949	800768	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2015-04-18 12:13:40	2FB7437C878ED672C00C5EC8109411F4	816128	----a-w-	C:\Windows\Sysnative\jscript.dll
2015-04-18 12:13:40	2CBD6D22499EB13A2666F62EF33D00E2	16303	----a-w-	C:\Windows\Sysnative\ieuinit.inf
2015-04-18 12:13:17	DB2A64D1A82226DCEFF4076725BD5577	13312	----a-w-	C:\Windows\Sysnative\wow64cpu.dll
2015-04-18 12:13:17	D2451F8CF7EAA14531E3731C06D6D27E	246272	----a-w-	C:\Windows\Sysnative\microsoft-windows-system-events.dll
2015-04-18 12:13:17	AF4309E729C1943908E1E10DAEE42413	285184	----a-w-	C:\Windows\Sysnative\wow64.dll
2015-04-18 12:13:17	9E23ACF90477AA76857130FD01EAE09B	950784	----a-w-	C:\Windows\Sysnative\tdh.dll
2015-04-18 12:13:17	7DB50C244AE8F15D62AD044B84824B69	7476032	----a-w-	C:\Windows\Sysnative\ntoskrnl.exe
2015-04-18 12:13:17	50C5F7952F821EED8253BDC4203DECDB	360480	----a-w-	C:\Windows\Sysnative\sechost.dll
2015-04-18 12:13:17	18F7A5A02CB66AC3E08B3B5DCD5BDBF4	1733952	----a-w-	C:\Windows\Sysnative\ntdll.dll
2015-04-18 12:13:17	168ECAC2C72695D6F827050BE5386206	411648	----a-w-	C:\Windows\Sysnative\tracerpt.exe
2015-04-18 12:13:15	31E9837295401C2470027AF7DD75C4D2	259072	----a-w-	C:\Windows\Sysnative\pku2u.dll
2015-04-18 12:13:11	EFC011253AE4F21DE600907AD9F0263D	75264	----a-w-	C:\Windows\Sysnative\clfsw32.dll
2015-04-15 23:03:29	7954A148CD2D6FDBF31FC9229628AA99	185856	----a-w-	C:\Windows\Sysnative\rascfg.dll
2015-04-14 21:29:06	C2D5D6129C4796A2BA79C5F6E3162C11	1047368	----a-w-	C:\Windows\Sysnative\NvIFR64.dll
2015-04-14 21:29:06	BBA19B52E5AA6405492D947F2E5834E3	175880	----a-w-	C:\Windows\Sysnative\nvinitx.dll
2015-04-14 21:29:06	6702E1CB1F18FDB9CC1457AE093722B9	30397072	----a-w-	C:\Windows\Sysnative\nvcompiler.dll
2015-04-14 21:29:06	66CC62F0700F2F8EDD5EC4E261F31598	1895568	----a-w-	C:\Windows\Sysnative\nvdispco6435012.dll
2015-04-14 21:29:06	644EAF3E495238732B2D5F07B964C5EE	2896528	----a-w-	C:\Windows\Sysnative\nvcuvid.dll
2015-04-14 21:29:06	61C0936987E84EF8776417D1FE6EF002	31570064	----a-w-	C:\Windows\Sysnative\nvoglv64.dll
2015-04-14 21:29:06	5893FE36B20DB3096054DACF3CF2EF7E	150648	----a-w-	C:\Windows\Sysnative\nvoglshim64.dll
2015-04-14 21:29:06	438DC1055A99B48183B671545C9253C9	499344	----a-w-	C:\Windows\Sysnative\nvEncodeAPI64.dll
2015-04-14 21:29:06	336EDAAA3D0720EAE7FFDB44CE7CDABB	14006752	----a-w-	C:\Windows\Sysnative\nvcuda.dll
2015-04-14 21:29:06	233B7402415BEDAE23C7A49202936DAF	1037640	----a-w-	C:\Windows\Sysnative\NvFBC64.dll
2015-04-14 21:29:06	20BA3F77F7580D3D0C525783BC4A9E14	15716232	----a-w-	C:\Windows\Sysnative\nvopencl.dll
2015-04-14 21:29:06	181692D52662B3FAE72C41AC7F91B1DA	15818528	----a-w-	C:\Windows\Sysnative\nvd3dumx.dll
2015-04-14 21:29:06	11822036302B54EED6D19E380F9932F6	1557648	----a-w-	C:\Windows\Sysnative\nvdispgenco6435012.dll
2015-04-14 21:29:06	0F484EDB4E5EDE98645C0B4EEA850258	849552	----a-w-	C:\Windows\Sysnative\nvmcumd.dll
2015-04-14 21:29:06	0E6A99112E4D9BA0D6E68D2FDF08B1E4	1086424	----a-w-	C:\Windows\Sysnative\nvumdshimx.dll
2015-04-14 21:29:06	040DACD1AEFDAC1D03F24C14E109024B	390472	----a-w-	C:\Windows\Sysnative\NvIFROpenGL.dll
2015-04-13 13:51:30	A40A005B63E305A0509A69A604659944	133256	----a-w-	C:\Windows\Sysnative\wuauclt.exe
2015-04-13 13:51:30	5F3D70B19BCAC985DA90F22CA2FF45E4	3678720	----a-w-	C:\Windows\Sysnative\wuaueng.dll
2015-04-13 13:51:30	47C04EEA5C1C3D27744E123F3AF25E57	891392	----a-w-	C:\Windows\Sysnative\wuapi.dll
2015-04-13 13:51:29	EE5ED8E6998D7E686F614BA8D876829B	192000	----a-w-	C:\Windows\Sysnative\aepic.dll
2015-04-13 13:51:29	DDFFE37C690F8D0AB05309C11AE8A740	52224	----a-w-	C:\Windows\Sysnative\wups2.dll
2015-04-13 13:51:29	BF5F10811E8249075D48153E8766184D	35840	----a-w-	C:\Windows\Sysnative\wuapp.exe
2015-04-13 13:51:29	BA93F0E6B27510746864DA8D26DD3852	30720	----a-w-	C:\Windows\Sysnative\acmigration.dll
2015-04-13 13:51:29	A6D023786B16C2C6FEC235A69F60A5B2	15360	----a-w-	C:\Windows\Sysnative\wu.upgrade.ps.dll
2015-04-13 13:51:29	A6B426B5502174F2FDC5D2CA174E6B6C	95744	----a-w-	C:\Windows\Sysnative\wudriver.dll
2015-04-13 13:51:29	9B8BE8DDC0D9CD6A4D2182196ABE99E2	419328	----a-w-	C:\Windows\Sysnative\devinv.dll
2015-04-13 13:51:29	8DE0A3EC9024DC2AF1DE8BDCE4AEA2C6	2373632	----a-w-	C:\Windows\Sysnative\wucltux.dll
2015-04-13 13:51:29	813906D7D0A35CB7158C45E6568FA3DD	227328	----a-w-	C:\Windows\Sysnative\aepdu.dll
2015-04-13 13:51:29	7F6FF3CFCE8A174BA6635FC1617E0F02	957440	----a-w-	C:\Windows\Sysnative\appraiser.dll
2015-04-13 13:51:29	4C6D7A1AA4EB4DA0382484ECF38040A7	140288	----a-w-	C:\Windows\Sysnative\wuwebv.dll
2015-04-13 13:51:29	49B0AE13918B1456C1EFB284E4DC52D1	408064	----a-w-	C:\Windows\Sysnative\WUSettingsProvider.dll
2015-04-13 13:51:29	3E9BB985DF2FF26CCE840DE1D24E9381	1385256	----a-w-	C:\Windows\Sysnative\msctf.dll
2015-04-13 13:51:29	3BAAE060A97C0F9AD48AFE3330B577E5	267264	----a-w-	C:\Windows\Sysnative\WinSetupUI.dll
2015-04-13 13:51:29	35FAB05339F7083611B12ED7143AFA81	200192	----a-w-	C:\Windows\Sysnative\storewuauth.dll
2015-04-13 13:51:29	1EB1732C67D40598222103776F7AF829	66048	----a-w-	C:\Windows\Sysnative\wups.dll
2015-04-13 13:51:29	1C6716A453FEB8DB6EE7A05E02CF5C6A	769024	----a-w-	C:\Windows\Sysnative\invagent.dll
2015-04-13 13:51:29	1588D38241818380E156613D29C1C303	726528	----a-w-	C:\Windows\Sysnative\generaltel.dll
2015-04-13 13:51:29	150416EB645442AB9AF3ECC0AA183A92	1111552	----a-w-	C:\Windows\Sysnative\aeinv.dll
2015-04-13 13:51:28	9A7A7E45DAED2E8C2816716D8D28236A	780800	----a-w-	C:\Windows\Sysnative\lsm.dll
====== C:\Windows\Sysnative\drivers =====
2015-04-23 15:34:08	95B0179BDA907252025DEEA183699FB3	467776	-c--a-w-	C:\Windows\Sysnative\drivers\USBHUB3.SYS
2015-04-23 15:34:07	C54B6B2170BF628FD42F799A66956D75	239424	----a-w-	C:\Windows\Sysnative\drivers\sdbus.sys
2015-04-23 15:34:07	95E295FD19F80B3AD33629B5AEFEC9C7	154432	----a-w-	C:\Windows\Sysnative\drivers\dumpsd.sys
2015-04-23 15:34:07	272A62B660A48AEF366F8A1836CED19F	57856	----a-w-	C:\Windows\Sysnative\drivers\bthhfenum.sys
2015-04-23 15:34:06	C61EAF8E1E4B2F62BA4FDF457440B2C6	316416	----a-w-	C:\Windows\Sysnative\drivers\udfs.sys
2015-04-23 11:17:47	E9CD058C79EA15B4AA93E259FA713B07	136408	----a-w-	C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-04-23 11:17:17	54D70409DE6932E9EFA117779611E7A9	107736	----a-w-	C:\Windows\Sysnative\drivers\mbamchameleon.sys
2015-04-23 11:17:17	28B597A61C9AC9B59BC0573D70A62CBF	64216	----a-w-	C:\Windows\Sysnative\drivers\mwac.sys
2015-04-23 11:17:17	1E9E32AEC3E1EB1B31B8169F33168B56	25816	----a-w-	C:\Windows\Sysnative\drivers\mbam.sys
2015-04-18 12:13:12	E87A6D3B8FECD5B93BC0CFBB48C27970	991552	----a-w-	C:\Windows\Sysnative\drivers\http.sys
2015-04-18 12:13:12	8EB7E70C2D348FE2476A2E3F2D585E3D	377152	----a-w-	C:\Windows\Sysnative\drivers\clfs.sys
2015-04-15 23:03:29	B8F36CBC72FC5C8B8A30AD850165EA8E	72192	----a-w-	C:\Windows\Sysnative\drivers\ndproxy.sys
2015-04-15 23:03:29	23006D660C0E54BF1CE8253E15F5E995	80896	----a-w-	C:\Windows\Sysnative\drivers\wanarp.sys
2015-04-14 21:29:06	7C28BA74B766F3470128107DA764F711	10423952	----a-w-	C:\Windows\Sysnative\drivers\nvlddmkm.sys
2015-04-10 17:56:08	4250E0978FBC9B3C0D115CD26C5BA9F4	160544	----a-w-	C:\Windows\Sysnative\drivers\gzflt.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Susanne\AppData\Roaming ======
====== C:\Users\Susanne ======
2015-04-22 16:53:38	187FB8C4E436BD547C1D8091643578CD	2099712	----a-w-	C:\Users\Susanne\Downloads\FRST64.exe

====== C: exe-files ==
2015-04-24 13:30:22	CA80BBB72A9B76A0D23279F34A93FEF1	5603024	----a-w-	C:\Users\Susanne\AppData\Local\NVIDIA\NvBackend\Packages\000074f4\DAO.19517359.exe
2015-04-23 15:34:07	57ABF04B01CBA20B76F3EE89C18C6612	474624	----a-w-	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
2015-04-23 15:02:26	4F34B0CD24A85E25091128599B993FA2	675256	----a-w-	C:\Users\Susanne\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
2015-04-23 15:02:22	3744CD802C7E0817FEE764F2486564F9	172984	----a-w-	C:\Users\Susanne\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe
2015-04-23 13:30:00	7BB83609603FF1D8727BC1E541DFFCB4	450264	----a-w-	C:\Users\Susanne\AppData\Local\NVIDIA\NvBackend\Packages\000074e1\CoProc update.19516454.exe
2015-04-22 16:53:38	187FB8C4E436BD547C1D8091643578CD	2099712	----a-w-	C:\Users\Susanne\Downloads\FRST64.exe
2015-04-20 19:41:20	4BC153105392806046AF0B0461B04F68	1961736	----a-w-	C:\Users\Susanne\AppData\Local\NVIDIA\NvBackend\Packages\00007473\vops-devil_may_cry.19506266.exe
2015-04-20 19:41:20	18D7445A7DF6AE6FDF91B59050512609	5736408	----a-w-	C:\Users\Susanne\AppData\Local\NVIDIA\NvBackend\Packages\0000745e\vops-battlefield_4.19506266.exe
2015-04-20 19:41:20	0EFB6A2A51470BBC220B7D8FA6994F35	5904792	----a-w-	C:\Users\Susanne\AppData\Local\NVIDIA\NvBackend\Packages\0000747e\vops-far_cry_3_blood_dragon.19506266.exe
2015-04-20 17:50:16	24219249997A70254738017F886754CF	21456680	----a-w-	C:\Program Files (x86)\Tt eSPORTS\Tt eSPORTS THERON\Theron.exe
2015-04-18 12:13:41	7571102ACD8A82A55D1657CDF96A1A0E	720384	----a-w-	C:\Windows\System32\ie4uinit.exe
2015-04-18 12:13:17	C1A8175D03884045F1D266D3D8B902DC	369152	----a-w-	C:\Windows\SysWOW64\tracerpt.exe
2015-04-18 12:13:17	7DB50C244AE8F15D62AD044B84824B69	7476032	----a-w-	C:\Windows\System32\ntoskrnl.exe
2015-04-18 12:13:17	168ECAC2C72695D6F827050BE5386206	411648	----a-w-	C:\Windows\System32\tracerpt.exe
=== C: other files ==
2015-04-23 15:34:08	95B0179BDA907252025DEEA183699FB3	467776	-c--a-w-	C:\Windows\System32\drivers\USBHUB3.SYS
2015-04-23 15:34:07	C54B6B2170BF628FD42F799A66956D75	239424	-c--a-w-	C:\Windows\System32\drivers\sdbus.sys
2015-04-23 15:34:07	95E295FD19F80B3AD33629B5AEFEC9C7	154432	-c--a-w-	C:\Windows\System32\drivers\dumpsd.sys
2015-04-23 15:34:07	55E07851E657D1419A95540321B4AB80	4179968	----a-w-	C:\Windows\System32\win32k.sys
2015-04-23 15:34:07	272A62B660A48AEF366F8A1836CED19F	57856	-c--a-w-	C:\Windows\System32\drivers\bthhfenum.sys
2015-04-23 15:34:06	C61EAF8E1E4B2F62BA4FDF457440B2C6	316416	----a-w-	C:\Windows\System32\drivers\udfs.sys
2015-04-23 11:17:47	E9CD058C79EA15B4AA93E259FA713B07	136408	----a-w-	C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-04-23 11:17:17	54D70409DE6932E9EFA117779611E7A9	107736	----a-w-	C:\Windows\System32\drivers\mbamchameleon.sys
2015-04-23 11:17:17	28B597A61C9AC9B59BC0573D70A62CBF	64216	----a-w-	C:\Windows\System32\drivers\mwac.sys
2015-04-23 11:17:17	1E9E32AEC3E1EB1B31B8169F33168B56	25816	----a-w-	C:\Windows\System32\drivers\mbam.sys
2015-04-18 12:13:12	E87A6D3B8FECD5B93BC0CFBB48C27970	991552	----a-w-	C:\Windows\System32\drivers\http.sys
2015-04-18 12:13:12	8EB7E70C2D348FE2476A2E3F2D585E3D	377152	----a-w-	C:\Windows\System32\drivers\clfs.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2894863473-1291922871-1129395940-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"NvLedServiceHost"="C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe RunStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tt eSPORTS THERON Gaming Mouse"="C:\Program Files (x86)\Tt eSPORTS\Tt eSPORTS THERON\THERON.exe /Automation "
"VolPanel"="C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe /r"
"Corsair Utility Engine"="C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe --autorun"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NvLedServiceHost"="C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe RunStartup"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60"
"Bdagent"="D:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iumsvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvStreamSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Origin Client Service]


==== Startup Folders ======================

2014-11-04 06:07:48	2837	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" ["C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"]
"C:\Windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" ["C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"]
"C:\Windows\SysNative\tasks\Opera scheduled Autoupdate 1426708674" [D:\Program Files (x86)\Opera\launcher.exe]
"C:\Windows\SysNative\tasks\SamsungMagician" ["C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"bdwteff@bitdefender.com"="D:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff" [15.10.2014 13:14]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\b8tc5rl9.default
- Magic Actions for YouTube - %ProfilePath%\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi
- Skype Service - %ProfilePath%\extensions\{060e9e40-8d52-4a4e-aca6-d45961ea2178}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- f46d542f-b810-405e-ad23-53cbb61de32d - %ProfilePath%\extensions\{f46d542f-b810-405e-ad23-53cbb61de32d}.xpi
- Adblock Edge - %ProfilePath%\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\b8tc5rl9.default
9AE02005247DA91AB1743F5208DBEF76	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll -	Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fabcmochhfpldjekobfaaggijgohadih - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="hxxp://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Guild Wars 2.lnk - D:\Program Files\Guild Wars 2\Gw2.exe 

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine\Corsair Utility Engine.lnk - C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk - D:\Program Files (x86)\Opera\launcher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2\Guild Wars 2.lnk - D:\Program Files\Guild Wars 2\Gw2.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\An OneNote 2013 senden.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\joticon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\xlicons.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\grv_icons.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\joticon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\outicon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\pptico.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\wordicon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity 4 Deluxe Edition [GOG.com]\Language Setup.lnk - D:\Program Files\GOG Games\SimCity 4 Deluxe Edition\Language Setup.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity 4 Deluxe Edition [GOG.com]\Manual.lnk - D:\Program Files\GOG Games\SimCity 4 Deluxe Edition\Manual.pdf 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity 4 Deluxe Edition [GOG.com]\SimCity 4 (Windowed Mode).lnk - D:\Program Files\GOG Games\SimCity 4 Deluxe Edition\Apps\SimCity 4.exe -CPUCount:1 -w
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity 4 Deluxe Edition [GOG.com]\SimCity 4 Deluxe Edition.lnk - D:\Program Files\GOG Games\SimCity 4 Deluxe Edition\Apps\SimCity 4.exe -CPUCount:1 -f
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity 4 Deluxe Edition [GOG.com]\Uninstall SimCity 4 Deluxe Edition.lnk - D:\Program Files\GOG Games\SimCity 4 Deluxe Edition\unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tt eSPORTS\THERON\Tt eSPORTS THERON.lnk - C:\Program Files (x86)\Tt eSPORTS\Tt eSPORTS THERON\Theron.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tt eSPORTS\THERON\UNINSTALL.lnk - C:\Program Files (x86)\Tt eSPORTS\Tt eSPORTS THERON\UnInstall.exe 

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk - E:\VMware\vmplayer.exe 
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk - E:\VMware\vmplayer.exe 
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Launch SimCity 4 Deluxe Edition.lnk - D:\Program Files\GOG Games\SimCity 4 Deluxe Edition\Apps\SimCity 4.exe -CPUCount:1 -f -CustomResolution:enabled -r1920x1080x32 -intro:off
C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - D:\Program Files\Mozilla_Firefox\firefox.exe 
C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Origin.lnk - D:\Program Files\Origin\Origin.exe 
C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - D:\Program Files\Skype\Phone\Skype.exe 
C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe 
C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamSpeak 3 Client.lnk - D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe 
C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Uplay.lnk - D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe 
C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VMware Player.lnk - E:\VMware\vmplayer.exe 
C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Winamp.lnk - D:\Program Files\Winamp\winamp.exe 

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O3 - Toolbar: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - D:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
O4 - HKLM\..\Run: [Tt eSPORTS THERON Gaming Mouse] "C:\Program Files (x86)\Tt eSPORTS\Tt eSPORTS THERON\THERON.exe" /Automation 
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Corsair Utility Engine] "C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe" --autorun
O4 - HKCU\..\Run: [NvLedServiceHost] C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe RunStartup
O4 - Global Startup: Killer Network Manager.lnk = ?
O8 - Extra context menu item: An OneNote s&enden - res://D:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.fritz.box
O15 - Trusted IP range: 192.168.178.1
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bitdefender Desktop Parental Control (BdDesktopParental) - Bitdefender - D:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® ME Service (Intel(R) ME Service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - D:\Program Files\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Qualcomm Atheros Killer Service V2 - Qualcomm Atheros - C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - D:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\VMware\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (vsserv) - Bitdefender - D:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Susanne\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Susanne\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Susanne\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Susanne\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Susanne\AppData\Local\Mozilla\Firefox\Profiles\b8tc5rl9.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Susanne\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=135 folders=58 17437047 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Susanne\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Susanne\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 24.04.2015 at 22:57:48,96 ======================

Ach ja, und mir fiel auf, dass seit heute Abend der Bitdefender nicht mehr die Malware Meldung ausspuckt, gar nicht mehr.

deeprybka · 25.04.2015, 17:22

Also keine Probleme mehr?

SimAran · 25.04.2015, 22:26

Ja, genau. Alles gut

deeprybka · 26.04.2015, 00:17

Prima.

Code:

ATTFilter

Mozilla Firefox version: 36.0.1 (x86 de)
Sun Java version: 1.8.0_31 (32-bit) 
Sun Java version: 1.8.0_31 (64-bit)

Das bitte alles deinstallieren. Java mit der aktuellen Version ersetzen.

Cleanup:

Alle Logs gepostet? Ja! Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

>>clean<<
Wir haben es geschafft!

Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

Wie kann ich mich in Zukunft besser schützen?

Tipps, Dos & Don'ts

Updates & Software

Beim Betriebsystem Windows die automatischen Updates aktivieren.

Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Browser
Java
Flash-Player & PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.

Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Firewall, Antivirus & Co.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. (Updatefunktion aktivieren!)
Meine Empfehlungen:
Kaspersky Antivirus
Emsisoft Anti-Malware
avast Free Antivirus
Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Cracks, Downloads & Co.

Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.
Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)

Auch virustotal.com ist Dein Freund! Lade dubiose oder unbekannte Dateien hoch, bevor Du diese startest oder installierst.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).

Surfe daher mit Vorsicht und klicke mit Verstand.
Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von Dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo Deine Daten eingeben.
Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst Du von einem Deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und Du solltest nicht denselben Fehler machen.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.

Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:

Erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

23.04.2015, 22:12	#8
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Bitdefender meldet nach Start von Firefox virtualcloudnow.com Malware Danke Dir! Motzt Bitdefender noch immer? Kannst mal bitte ein Log oder einen Screenshot posten? __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

25.04.2015, 17:22	#12
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Bitdefender meldet nach Start von Firefox virtualcloudnow.com Malware Also keine Probleme mehr? __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Bitdefender meldet nach Start von Firefox virtualcloudnow.com Malware

Plagegeister aller Art und deren Bekämpfung: Bitdefender meldet nach Start von Firefox virtualcloudnow.com Malware