Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner oder anderer Virus wahrscheinlich durch download (https://www.trojaner-board.de/162201-trojaner-anderer-virus-wahrscheinlich-download.html)

Shattro 27.12.2014 21:34
Trojaner oder anderer Virus wahrscheinlich durch download
 
Ich habe heute von wem einen Link einen Virus gedownloadet. Ich hab das bei dem Download erkannt und sofort auf Datei verwerfen geklickt und ein Antiviren Programm drüber laufen lassen und es wurde auch mehrmals fündig. Ich bin mir jedoch sicher ,dass ich den Virus noch nicht los bin.

schrauber 27.12.2014 22:19
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Shattro 27.12.2014 22:53
FRST.txt

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by Michel (administrator) on SHATTRO-PC on 27-12-2014 22:49:41
Running from C:\Users\Michel\Downloads
Loaded Profile: Michel (Available profiles: Michel)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Spotify Ltd) C:\Users\Michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2404296 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [51456 2014-07-22] (Acer Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1473415466-3613894533-4282407392-1001\...\Run: [Spotify Web Helper] => C:\Users\Michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-14] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1473415466-3613894533-4282407392-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51097;https=127.0.0.1:51097
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1473415466-3613894533-4282407392-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1473415466-3613894533-4282407392-1001 -> {6FB73551-6C1D-4E9E-9AA0-9BAA3881DC83} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-31]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (Adblock Pro) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhifeddjphjgoeajnekfceoifcigbhlb [2014-08-04]
CHR Extension: (Adblock Plus) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-04]
CHR Extension: (Skype Click to Call) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-04]
CHR Extension: (Google Wallet) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-04]
CHR Extension: (Google Mail) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [610688 2014-11-04] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [3058944 2014-07-22] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-05-28] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-05-28] (Creative Labs) [File not signed]
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107792 2013-07-03] (Condusiv Technologies)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18974152 2014-08-09] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2013-06-26] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25872 2013-07-03] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112912 2013-07-03] (Condusiv Technologies)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [21448 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2012-09-12] (Creative Technology Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 22:49 - 2014-12-27 22:49 - 02122752 _____ (Farbar) C:\Users\Michel\Downloads\FRST64.exe
2014-12-27 22:49 - 2014-12-27 22:49 - 00020887 _____ () C:\Users\Michel\Downloads\FRST.txt
2014-12-27 22:49 - 2014-12-27 22:49 - 00000000 ____D () C:\FRST
2014-12-27 20:10 - 2014-12-27 20:10 - 00000000 ___SH () C:\DkHyperbootSync
2014-12-24 21:45 - 2014-12-24 21:45 - 00000123 _____ () C:\Users\Public\Desktop\FarCry 4.url
2014-12-22 02:24 - 2014-12-27 22:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-22 02:24 - 2014-12-27 22:10 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2014-12-22 02:24 - 2014-12-22 02:24 - 00003862 _____ () C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2014-12-22 02:24 - 2014-12-22 02:24 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-22 02:24 - 2014-12-22 02:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-12-22 02:24 - 2014-12-22 02:24 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-22 02:24 - 2014-12-22 02:24 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-12-20 01:44 - 2014-12-20 01:44 - 00000000 ____D () C:\Users\Michel\AppData\Local\Chromium
2014-12-19 23:23 - 2014-12-19 23:23 - 00000222 _____ () C:\Users\Michel\Desktop\The Binding of Isaac Rebirth.url
2014-12-19 19:45 - 2014-12-20 17:37 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Might & Magic Heroes VI
2014-12-19 19:45 - 2014-12-20 01:48 - 00000000 ____D () C:\Users\Michel\Documents\Might & Magic Heroes VI
2014-12-15 10:01 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-15 10:01 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-13 15:46 - 2014-12-13 15:46 - 00000219 _____ () C:\Users\Michel\Desktop\Counter-Strike Global Offensive.url
2014-12-10 22:28 - 2014-12-10 22:28 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 14:49 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 14:49 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 14:49 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 14:49 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 14:48 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 14:48 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 14:48 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 14:48 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 14:48 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 14:48 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 14:48 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 14:48 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 14:48 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 14:48 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 14:48 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 14:48 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 14:48 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 14:48 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 14:48 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 14:48 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 14:48 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 14:48 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 14:48 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 14:48 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 14:48 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 14:48 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 14:48 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 14:48 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 14:48 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 14:48 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 14:48 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 14:48 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 14:48 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 14:48 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 14:48 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 14:48 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 14:48 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 14:48 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 14:48 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 14:48 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 14:48 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 14:48 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 14:48 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 14:48 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 14:48 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 14:48 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 14:48 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 14:48 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 14:48 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 14:48 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 14:48 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 14:48 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 14:48 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-07 13:58 - 2014-12-07 14:20 - 00000000 ____D () C:\Users\Michel\Documents\DayZ
2014-12-07 13:58 - 2014-12-07 14:20 - 00000000 ____D () C:\Users\Michel\AppData\Local\DayZ
2014-12-06 16:44 - 2014-12-07 19:09 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Tropico 5
2014-12-06 16:42 - 2014-12-06 16:42 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Kalypso Media
2014-12-06 15:38 - 2014-12-06 15:38 - 00000222 _____ () C:\Users\Michel\Desktop\Tropico 5.url
2014-12-06 14:44 - 2014-12-06 14:44 - 00000222 _____ () C:\Users\Michel\Desktop\Warframe.url
2014-12-04 17:46 - 2014-12-04 17:46 - 00007618 _____ () C:\Users\Michel\AppData\Local\Resmon.ResmonCfg
2014-12-03 19:49 - 2014-12-03 19:49 - 01510302 _____ () C:\Users\Michel\Downloads\DBM_Beta_r11664.zip
2014-12-03 19:49 - 2014-12-03 19:49 - 01510302 _____ () C:\Users\Michel\Downloads\DBM_Beta_r11664 (1).zip
2014-12-01 19:18 - 2014-12-01 19:18 - 00000233 _____ () C:\Users\Michel\Desktop\Watch Dogs.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 22:47 - 2014-08-04 19:37 - 00000000 ____D () C:\Program Files (x86)\Easy Speed Check
2014-12-27 22:42 - 2014-08-24 15:29 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\TS3Client
2014-12-27 22:42 - 2014-08-04 19:50 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-27 22:39 - 2014-08-04 19:35 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8B871452-4DB6-4A2A-B4EB-4FABBABFEBA4}
2014-12-27 22:00 - 2014-08-04 23:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-27 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-27 21:58 - 2014-05-28 15:58 - 01915150 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 21:56 - 2014-08-04 19:36 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-27 21:56 - 2014-08-04 19:36 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-27 21:36 - 2014-08-04 20:26 - 00000000 ____D () C:\Users\Michel\AppData\Local\Battle.net
2014-12-27 16:31 - 2014-08-04 20:44 - 00000000 __RDO () C:\Users\Michel\SkyDrive
2014-12-25 18:46 - 2014-08-04 19:23 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1473415466-3613894533-4282407392-1001
2014-12-25 17:05 - 2014-09-25 19:04 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\OBS
2014-12-25 14:42 - 2014-08-23 17:59 - 00000000 ____D () C:\Users\Michel\Documents\My Games
2014-12-25 14:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-25 03:21 - 2014-05-24 15:46 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2014-12-25 03:21 - 2014-05-24 15:46 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2014-12-25 03:21 - 2013-10-31 04:21 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 21:47 - 2014-08-09 21:17 - 00256576 _____ () C:\Windows\DirectX.log
2014-12-24 20:45 - 2014-10-11 17:07 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-12-24 02:45 - 2014-08-13 19:15 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-12-23 14:45 - 2014-08-26 16:52 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-22 02:25 - 2014-09-08 16:49 - 00000000 ____D () C:\Users\Michel\AppData\Local\Adobe
2014-12-22 02:24 - 2013-10-31 04:30 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-21 23:33 - 2014-08-13 02:26 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Spotify
2014-12-21 22:51 - 2014-08-13 02:26 - 00000000 ____D () C:\Users\Michel\AppData\Local\Spotify
2014-12-21 19:17 - 2014-08-09 21:19 - 00000000 ____D () C:\Users\Michel\AppData\Local\ArmA 2 OA
2014-12-21 19:17 - 2014-08-04 20:49 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Skype
2014-12-21 18:58 - 2014-08-04 20:49 - 00000000 ____D () C:\ProgramData\Skype
2014-12-21 00:32 - 2014-03-18 02:09 - 00000000 ____D () C:\Users\Michel\Desktop\YGOPro DevPro
2014-12-20 19:22 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-20 13:43 - 2014-08-04 22:57 - 00000000 ____D () C:\Users\Michel\AppData\Local\CrashDumps
2014-12-19 18:38 - 2014-05-28 16:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-19 18:23 - 2014-08-12 22:01 - 00000000 ____D () C:\ProgramData\Origin
2014-12-19 18:23 - 2014-08-12 22:01 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-17 14:46 - 2014-08-04 20:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-17 14:43 - 2014-08-04 20:42 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-13 18:27 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-13 18:26 - 2014-05-28 16:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-12 14:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-11 16:08 - 2013-10-31 04:04 - 00407466 _____ () C:\Windows\PFRO.log
2014-12-10 22:28 - 2014-08-16 16:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 22:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 22:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 22:28 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-10 19:38 - 2014-08-04 20:26 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-10 16:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-10 16:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-11-30 01:09 - 2014-09-25 19:04 - 00000000 ____D () C:\Program Files\OBS

Some content of TEMP:
====================
C:\Users\Michel\AppData\Local\Temp\2uhtcgvs.dll
C:\Users\Michel\AppData\Local\Temp\4_9iwmnh.dll
C:\Users\Michel\AppData\Local\Temp\agu2xiai.dll
C:\Users\Michel\AppData\Local\Temp\ai1ylvsn.dll
C:\Users\Michel\AppData\Local\Temp\airA2BA.exe
C:\Users\Michel\AppData\Local\Temp\avgnt.exe
C:\Users\Michel\AppData\Local\Temp\awrd7so9.dll
C:\Users\Michel\AppData\Local\Temp\CloudBackup555.exe
C:\Users\Michel\AppData\Local\Temp\drc814sd.dll
C:\Users\Michel\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Michel\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Michel\AppData\Local\Temp\en2mp3gt.dll
C:\Users\Michel\AppData\Local\Temp\fjwfpsaj.dll
C:\Users\Michel\AppData\Local\Temp\fnqssrdu.dll
C:\Users\Michel\AppData\Local\Temp\fov7hf59.dll
C:\Users\Michel\AppData\Local\Temp\fv_prfhe.dll
C:\Users\Michel\AppData\Local\Temp\gbthqxpa.dll
C:\Users\Michel\AppData\Local\Temp\gid5snzt.dll
C:\Users\Michel\AppData\Local\Temp\hvifanmb.dll
C:\Users\Michel\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Michel\AppData\Local\Temp\ICSW_0L1L2X1P.exe
C:\Users\Michel\AppData\Local\Temp\j0njdcxs.dll
C:\Users\Michel\AppData\Local\Temp\m_t2l2ke.dll
C:\Users\Michel\AppData\Local\Temp\nrquipug.dll
C:\Users\Michel\AppData\Local\Temp\nsfE2E9.tmp.exe
C:\Users\Michel\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Michel\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Michel\AppData\Local\Temp\nvStInst.exe
C:\Users\Michel\AppData\Local\Temp\oct37A6.tmp.exe
C:\Users\Michel\AppData\Local\Temp\okfxjngc.dll
C:\Users\Michel\AppData\Local\Temp\p36bkte9.dll
C:\Users\Michel\AppData\Local\Temp\p877vken.dll
C:\Users\Michel\AppData\Local\Temp\Quarantine.exe
C:\Users\Michel\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Michel\AppData\Local\Temp\rej8_wyi.dll
C:\Users\Michel\AppData\Local\Temp\s-dh09yj.dll
C:\Users\Michel\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Michel\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Michel\AppData\Local\Temp\shutdown1411493986.exe
C:\Users\Michel\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Michel\AppData\Local\Temp\u_dfb4yf.dll
C:\Users\Michel\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Michel\AppData\Local\Temp\xqr3sg18.dll
C:\Users\Michel\AppData\Local\Temp\y20citqj.dll
C:\Users\Michel\AppData\Local\Temp\YgoUpdater.exe
C:\Users\Michel\AppData\Local\Temp\yklzzg0h.dll
C:\Users\Michel\AppData\Local\Temp\_ehiquuj.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-27 19:45

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014
Ran by Michel at 2014-12-27 22:50:07
Running from C:\Users\Michel\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.04.3004 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.05.2004.3 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.00.2007.1 - Acer Incorporated)
Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2001 - Acer)
Acer Games (HKU\S-1-5-21-1473415466-3613894533-4282407392-1001\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.9.43466 - Pokki)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.3104 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.01.2010.0 - Acer Incorporated)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.12 - Belkin)
Belkin USB Wireless Adapter (x32 Version: 1.0.0.12 - Belkin) Hidden
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3323.57 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ Commander (HKLM-x32\...\{7B2CA5E9-763C-4FCE-81EE-13E81ABFE908}) (Version: 0.92.115 - Dotjosh Studios)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - Trendy Entertainment)
ExpressCache (HKLM\...\{6E55C9F8-138E-4128-8A9F-6464725BE98A}) (Version: 1.0.102.0 - Condusiv Technologies)
FarCry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8101 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Might & Magic Heroes VI (HKLM-x32\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 1.8 - Ubisoft)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.0.0.0 - Electronic Arts)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{7996efb2-c9f4-4120-aea7-e36bb2da30f8}) (Version: latest - ppy Pty Ltd)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30166 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Sound Blaster Cinema (HKLM-x32\...\{AF2E323C-1E8A-4CE6-BE9E-B29296BF7FAE}) (Version: 1.00.03 - Creative Technology Limited)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Tropico 5 (HKLM-x32\...\Steam App 245620) (Version:  - Haemimont Games)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-12-2014 18:20:15 Windows Update
19-12-2014 18:37:14 Installiert Might & Magic Heroes VI
24-12-2014 21:46:10 DirectX wurde installiert

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0562F5A7-049A-406E-BF1D-86E61160A4B3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {331B0F16-2D05-42BD-BE88-24BAD09BDDC3} - System32\Tasks\{9E74B0DC-6AFA-44E3-9368-D7095B8849F3} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.admin.exe" -d "C:\Riot Games\League of Legends"
Task: {33B195D0-B634-4D88-A85F-A3BA2678BF11} - System32\Tasks\{F20A194F-0778-4B2F-8793-20623341653D} => pcalua.exe -a "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" -d "C:\Program Files (x86)\Battle.net"
Task: {38A451E7-E14D-4A69-B5E4-F0190899A1B5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-22] (Adobe Systems Incorporated)
Task: {3B5DE90B-603A-4EF2-8726-5C51D4D36640} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-08-22] (Acer Incorporated)
Task: {3C915E78-0C68-403C-AEBA-54B8B78F48F6} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {43177D68-F1DC-4E62-ABBD-1FBF8F53E3E2} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
Task: {4D4240BA-AAD4-4A54-9FF2-E890BBAC10E2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-17] (Microsoft Corporation)
Task: {506A60EA-2B11-4822-98CC-752A4ACB7514} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-04] (Google Inc.)
Task: {53FA74BA-951A-4371-B7EB-4E761D61651E} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {B56ED7AA-F3B1-47CD-8981-1E9916F7E394} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {CCABC439-E808-4684-984A-0D16F6D09999} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {D0E2F806-654E-4552-8DA7-476CE2E8348B} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)
Task: {D4B0A9CF-7079-42E9-90DD-E55F6F6EB7D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-04] (Google Inc.)
Task: {ED303A06-DB0C-458E-AEDD-19D0DD7953ED} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-04] (AVAST Software)
Task: {FE0C6341-053A-406F-8BF0-F7E54DC8CE99} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_235_pepper.exe [2014-12-22] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_235_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-27 15:05 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-05-28 16:14 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-28 16:36 - 2013-07-30 17:11 - 00110152 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-05-28 16:19 - 2012-11-01 10:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-08-04 19:50 - 2014-08-04 19:50 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-12-13 14:41 - 2014-12-13 14:41 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121300\algo.dll
2014-12-13 18:28 - 2014-12-13 18:28 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121301\algo.dll
2014-12-27 19:52 - 2014-12-27 19:52 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122701\algo.dll
2014-05-28 16:16 - 2013-09-16 20:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-08-04 19:31 - 2014-07-22 09:24 - 00063744 _____ () C:\Program Files (x86)\Acer\AOP Framework\acer\inteldll.dll
2014-07-14 15:49 - 2014-07-14 15:49 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-14 15:49 - 2014-07-14 15:49 - 00065104 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-02-28 14:33 - 2014-02-28 14:33 - 00148480 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\quazip.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00864768 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 14:45 - 2014-02-27 14:45 - 00677376 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-07-11 15:02 - 2014-07-11 15:02 - 00092104 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
2014-07-11 15:02 - 2014-07-11 15:02 - 00105416 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00025600 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00242688 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-07-11 15:04 - 2014-07-11 15:04 - 00477128 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-07-14 09:21 - 2014-07-14 09:21 - 00484808 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00123904 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2014-08-04 19:31 - 2014-08-04 19:31 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2014-07-22 15:24 - 2014-07-22 15:24 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-06-30 20:26 - 2014-06-30 20:26 - 00279296 _____ () C:\Program Files (x86)\Acer\abMedia\libcurl.dll
2014-07-22 16:43 - 2014-07-22 16:43 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2014-07-22 16:44 - 2014-07-22 16:44 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2014-07-22 16:44 - 2014-07-22 16:44 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2014-07-22 16:43 - 2014-07-22 16:43 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2014-08-04 19:50 - 2014-08-04 19:50 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-24 12:12 - 2014-07-14 15:49 - 00049744 _____ () C:\Users\Michel\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-05-28 16:36 - 2013-07-30 17:11 - 00088648 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2014-12-09 18:56 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-09 18:56 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-09 18:56 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-09 18:56 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-08-29 14:22 - 2014-11-11 19:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 14:22 - 2014-11-11 19:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 14:22 - 2014-11-11 19:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-04 23:46 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-08-04 23:46 - 2014-11-18 21:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 14:22 - 2014-11-11 19:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 14:22 - 2014-11-11 19:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-08-04 23:46 - 2014-11-18 21:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-08-04 23:46 - 2014-11-11 19:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-14 20:12 - 2014-11-11 19:48 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Michel\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1473415466-3613894533-4282407392-500 - Administrator - Disabled)
Gast (S-1-5-21-1473415466-3613894533-4282407392-501 - Limited - Disabled)
Michel (S-1-5-21-1473415466-3613894533-4282407392-1001 - Administrator - Enabled) => C:\Users\Michel

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2014 08:52:28 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/26/2014 08:52:28 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/25/2014 08:52:29 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/24/2014 08:52:29 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/23/2014 08:52:30 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/22/2014 08:52:29 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/21/2014 08:52:29 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/20/2014 08:52:29 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/20/2014 01:42:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Might & Magic Heroes VI.exe, Version: 1.8.0.0, Zeitstempel: 0x5065b41f
Name des fehlerhaften Moduls: Might & Magic Heroes VI.exe, Version: 1.8.0.0, Zeitstempel: 0x5065b41f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x007e193c
ID des fehlerhaften Prozesses: 0x1444
Startzeit der fehlerhaften Anwendung: 0xMight & Magic Heroes VI.exe0
Pfad der fehlerhaften Anwendung: Might & Magic Heroes VI.exe1
Pfad des fehlerhaften Moduls: Might & Magic Heroes VI.exe2
Berichtskennung: Might & Magic Heroes VI.exe3
Vollständiger Name des fehlerhaften Pakets: Might & Magic Heroes VI.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Might & Magic Heroes VI.exe5

Error: (12/19/2014 11:27:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Steam.exe, Version 2.50.25.37 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1408

Startzeit: 01d01bc0e40a58a7

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID: 3b68fb5d-87ce-11e4-827f-448a5b672c44

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (12/16/2014 06:21:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software für Windows 8, 8.1 und Windows Server 2012, 2012 R2 x64 Edition - Dezember 2014 (KB890830)

Error: (12/14/2014 03:03:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software für Windows 8, 8.1 und Windows Server 2012, 2012 R2 x64 Edition - Dezember 2014 (KB890830)

Error: (12/13/2014 06:27:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (12/13/2014 06:26:45 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (12/13/2014 06:26:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎13.‎12.‎2014 um 18:16:49 unerwartet heruntergefahren.

Error: (12/11/2014 07:05:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software für Windows 8, 8.1 und Windows Server 2012, 2012 R2 x64 Edition - Dezember 2014 (KB890830)

Error: (12/11/2014 04:09:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (11/21/2014 06:55:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (11/21/2014 06:55:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (11/21/2014 08:13:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (12/27/2014 08:52:28 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/26/2014 08:52:28 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/25/2014 08:52:29 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/24/2014 08:52:29 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/23/2014 08:52:30 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/22/2014 08:52:29 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/21/2014 08:52:29 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/20/2014 08:52:29 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/20/2014 01:42:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Might & Magic Heroes VI.exe1.8.0.05065b41fMight & Magic Heroes VI.exe1.8.0.05065b41fc0000005007e193c144401d01c517d8255b8C:\Program Files (x86)\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exeC:\Program Files (x86)\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exeba3eec0b-8845-11e4-827f-448a5b672c44

Error: (12/19/2014 11:27:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Steam.exe2.50.25.37140801d01bc0e40a58a74294967295C:\Program Files (x86)\Steam\Steam.exe3b68fb5d-87ce-11e4-827f-448a5b672c44


CodeIntegrity Errors:
===================================
  Date: 2014-10-25 16:23:56.841
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\UHSAPO64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-25 16:23:56.780
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\UHSAPO64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-25 16:23:56.721
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\UHSAPO64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-25 16:23:56.663
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\UHSAPO64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-25 16:23:56.603
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\UHSAPO64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-25 16:23:56.544
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\UHSAPO64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-25 16:23:56.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\UHSAPO64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-25 16:23:56.427
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\UHSAPO64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-25 16:23:56.368
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\UHSAPO64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-25 16:23:56.311
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\UHSAPO64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 44%
Total physical RAM: 8111.7 MB
Available physical RAM: 4511.58 MB
Total Pagefile: 10039.41 MB
Available Pagefile: 5793.41 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:455.1 GB) (Free:130.17 GB) NTFS
Drive d: (DATA) (Fixed) (Total:455.61 GB) (Free:454.85 GB) NTFS
Drive e: (3) (CDROM) (Total:7.78 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 22.4 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=22.4 GB) - (Type=73)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: BB7F90EA)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber 28.12.2014 17:49
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Shattro 28.12.2014 23:52
mbam.txt
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 28.12.2014
Suchlauf-Zeit: 22:38:04
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.28.08
Rootkit Datenbank: v2014.12.23.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Michel

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 326350
Verstrichene Zeit: 11 Min, 31 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 2
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [c77190d87a02d264c5ac79622bd9c13f],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [0632ca9e80fce94de090f9e2c83c22de],

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 2
PUP.Optional.OpenCandy, C:\Users\Michel\AppData\Roaming\OpenCandy, In Quarantäne, [f147e187354759dd3d3d1b0df310639d],
PUP.Optional.OpenCandy, C:\Users\Michel\AppData\Roaming\OpenCandy\33726A2015C2485BAA0AEFBD64AF93A6, In Quarantäne, [f147e187354759dd3d3d1b0df310639d],

Dateien: 4
PUP.Optional.MyPCBackup.A, C:\Users\Michel\AppData\Local\Temp\CloudBackup555.exe, In Quarantäne, [2117bcac5c20ec4afb818e5635ccf808],
PUP.Optional.Tuto4PC.A, C:\Users\Michel\AppData\Local\Temp\is-4119L.tmp\package_secprotwhite_installer_multilang.exe, In Quarantäne, [b1872642d1ab5dd95a3a15da9e63936d],
PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, In Quarantäne, [191f89df5f1d3cfa7004ad2eb54f8a76],
PUP.Optional.OpenCandy, C:\Users\Michel\AppData\Roaming\OpenCandy\33726A2015C2485BAA0AEFBD64AF93A6\TuneUp2014GER15day-de-DE-p4v1.exe, In Quarantäne, [f147e187354759dd3d3d1b0df310639d],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
adwcleaner.txt
Code:
# AdwCleaner v4.106 - Bericht erstellt am 28/12/2014 um 23:35:20
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-28.1 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Michel - SHATTRO-PC
# Gestartet von : C:\Users\Michel\Downloads\AdwCleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Easy Speed Check
Ordner Gelöscht : C:\Users\Michel\AppData\Local\Temp\Deal Keeper
Ordner Gelöscht : C:\Users\Michel\AppData\Roaming\ap_logs
Ordner Gelöscht : C:\Users\Michel\AppData\Roaming\Probit Software
Ordner Gelöscht : C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Datei Gelöscht : C:\Windows\Reimage.ini
Datei Gelöscht : C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Datei Gelöscht : C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
Datei Gelöscht : C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : LaunchSignup

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Easy Speed Check
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v39.0.2171.95

[C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDTt8PVUCrSqw53TFaKi3th2S_1CatulP3Asf0BQAWFagtQ9ywlrG4mU0JtEKhSAYIMo8RQ_ARF_95gWYAnaKP8_7_E3IpH15leAys0gwQP-6_uPUq7M_Urz0bBMrGcFYH-cBcuHB43MvkRlCnaA6zVXJp3mfTwuO9iYL1Kl45wibzRsDg,,&q={searchTerms}
[C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDTt8PVUCrSqw53TFaKi3th2S_1CatulP3Asf0BQAWFagtQ9ywlrG4mU0JtEKhSAYIMo8RQ_ARF_95gWYAnaKP8_7_E3IpH15leAys0gwQP-6_uPUq7M_Urz0bBMrGcFYH-cBcuHB43MvkRlCnaA6zVXJp3mfTwuO9iYL1Kl45wibzRsDg,,&q={searchTerms}
[C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323745&octid=EB_ORIGINAL_CTID&ISID=M12AB0390-73CA-4264-B8AF-CF58ADBF14CE&SearchSource=58&CUI=&UM=6&UP=SPEA4CF5F9-281A-4164-84B4-A5E627DAF63B&q={searchTerms}&SSPV=
[C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323745&octid=EB_ORIGINAL_CTID&ISID=M12AB0390-73CA-4264-B8AF-CF58ADBF14CE&SearchSource=58&CUI=&UM=6&UP=SPEA4CF5F9-281A-4164-84B4-A5E627DAF63B&q={searchTerms}&SSPV=

-\\ Chromium v

[C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDTt8PVUCrSqw53TFaKi3th2S_1CatulP3Asf0BQAWFagtQ9ywlrG4mU0JtEKhSAYIMo8RQ_ARF_95gWYAnaKP8_7_E3IpH15leAys0gwQP-6_uPUq7M_Urz0bBMrGcFYH-cBcuHB43MvkRlCnaA6zVXJp3mfTwuO9iYL1Kl45wibzRsDg,,&q={searchTerms}
[C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDTt8PVUCrSqw53TFaKi3th2S_1CatulP3Asf0BQAWFagtQ9ywlrG4mU0JtEKhSAYIMo8RQ_ARF_95gWYAnaKP8_7_E3IpH15leAys0gwQP-6_uPUq7M_Urz0bBMrGcFYH-cBcuHB43MvkRlCnaA6zVXJp3mfTwuO9iYL1Kl45wibzRsDg,,&q={searchTerms}
[C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323745&octid=EB_ORIGINAL_CTID&ISID=M12AB0390-73CA-4264-B8AF-CF58ADBF14CE&SearchSource=58&CUI=&UM=6&UP=SPEA4CF5F9-281A-4164-84B4-A5E627DAF63B&q={searchTerms}&SSPV=
[C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323745&octid=EB_ORIGINAL_CTID&ISID=M12AB0390-73CA-4264-B8AF-CF58ADBF14CE&SearchSource=58&CUI=&UM=6&UP=SPEA4CF5F9-281A-4164-84B4-A5E627DAF63B&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [4935 octets] - [28/12/2014 23:34:03]
AdwCleaner[S0].txt - [6105 octets] - [28/12/2014 23:35:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6165 octets] ##########
JRT.txt
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Michel on 28.12.2014 at 23:37:30,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.12.2014 at 23:39:59,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber 29.12.2014 20:02

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Shattro 30.12.2014 04:10
FRST.txt

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Michel (administrator) on SHATTRO-PC on 30-12-2014 02:33:16
Running from C:\Users\Michel\Downloads
Loaded Profile: Michel (Available profiles: Michel)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Spotify Ltd) C:\Users\Michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Michel\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2404296 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [51456 2014-07-22] (Acer Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1473415466-3613894533-4282407392-1001\...\Run: [Spotify Web Helper] => C:\Users\Michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-14] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1473415466-3613894533-4282407392-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51097;https=127.0.0.1:51097
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1473415466-3613894533-4282407392-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1473415466-3613894533-4282407392-1001 -> {6FB73551-6C1D-4E9E-9AA0-9BAA3881DC83} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-31]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (Adblock Pro) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhifeddjphjgoeajnekfceoifcigbhlb [2014-08-04]
CHR Extension: (Adblock Plus) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-04]
CHR Extension: (Google Wallet) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-04]
CHR Extension: (Google Mail) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [610688 2014-11-04] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [3058944 2014-07-22] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-05-28] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-05-28] (Creative Labs) [File not signed]
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107792 2013-07-03] (Condusiv Technologies)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18974152 2014-08-09] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2013-06-26] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25872 2013-07-03] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112912 2013-07-03] (Condusiv Technologies)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [21448 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2012-09-12] (Creative Technology Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 02:33 - 2014-12-30 02:33 - 00000000 ____D () C:\Users\Michel\Downloads\FRST-OlderVersion
2014-12-30 02:31 - 2014-12-30 02:31 - 00852505 _____ () C:\Users\Michel\Downloads\SecurityCheck.exe
2014-12-29 23:37 - 2014-12-29 23:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-29 22:14 - 2014-12-29 22:15 - 02347384 _____ (ESET) C:\Users\Michel\Downloads\esetsmartinstaller_deu.exe
2014-12-29 02:24 - 2014-12-29 02:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-12-29 02:24 - 2014-12-29 02:24 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-12-29 00:06 - 2014-12-29 00:06 - 00000000 ___SH () C:\DkHyperbootSync
2014-12-28 23:39 - 2014-12-28 23:39 - 00000615 _____ () C:\Users\Michel\Desktop\JRT.txt
2014-12-28 23:37 - 2014-12-28 23:37 - 01707939 _____ (Thisisu) C:\Users\Michel\Downloads\JRT.exe
2014-12-28 23:36 - 2014-12-28 23:36 - 00006269 _____ () C:\Users\Michel\Desktop\AdwCleaner[S0].txt
2014-12-28 23:26 - 2014-12-28 23:35 - 00000000 ____D () C:\AdwCleaner
2014-12-28 23:22 - 2014-12-28 23:22 - 02173952 _____ () C:\Users\Michel\Downloads\AdwCleaner_4.106.exe
2014-12-28 23:15 - 2014-12-28 23:15 - 00002405 _____ () C:\Users\Michel\Desktop\MBAM.txt
2014-12-28 21:50 - 2014-12-28 21:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Michel\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-27 22:50 - 2014-12-27 22:50 - 00034915 _____ () C:\Users\Michel\Downloads\Addition.txt
2014-12-27 22:49 - 2014-12-30 02:33 - 02123264 _____ (Farbar) C:\Users\Michel\Downloads\FRST64.exe
2014-12-27 22:49 - 2014-12-30 02:33 - 00020915 _____ () C:\Users\Michel\Downloads\FRST.txt
2014-12-27 22:49 - 2014-12-30 02:33 - 00000000 ____D () C:\FRST
2014-12-24 21:45 - 2014-12-24 21:45 - 00000123 _____ () C:\Users\Public\Desktop\FarCry 4.url
2014-12-22 02:24 - 2014-12-30 01:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-22 02:24 - 2014-12-29 02:24 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-22 02:24 - 2014-12-28 01:10 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2014-12-22 02:24 - 2014-12-22 02:24 - 00003862 _____ () C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2014-12-22 02:24 - 2014-12-22 02:24 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-20 01:44 - 2014-12-20 01:44 - 00000000 ____D () C:\Users\Michel\AppData\Local\Chromium
2014-12-19 23:23 - 2014-12-19 23:23 - 00000222 _____ () C:\Users\Michel\Desktop\The Binding of Isaac Rebirth.url
2014-12-19 19:45 - 2014-12-20 17:37 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Might & Magic Heroes VI
2014-12-19 19:45 - 2014-12-20 01:48 - 00000000 ____D () C:\Users\Michel\Documents\Might & Magic Heroes VI
2014-12-15 10:01 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-15 10:01 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-13 15:46 - 2014-12-13 15:46 - 00000219 _____ () C:\Users\Michel\Desktop\Counter-Strike Global Offensive.url
2014-12-10 22:28 - 2014-12-10 22:28 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 14:49 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 14:49 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 14:49 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 14:49 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 14:48 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 14:48 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 14:48 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 14:48 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 14:48 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 14:48 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 14:48 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 14:48 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 14:48 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 14:48 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 14:48 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 14:48 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 14:48 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 14:48 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 14:48 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 14:48 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 14:48 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 14:48 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 14:48 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 14:48 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 14:48 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 14:48 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 14:48 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 14:48 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 14:48 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 14:48 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 14:48 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 14:48 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 14:48 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 14:48 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 14:48 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 14:48 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 14:48 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 14:48 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 14:48 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 14:48 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 14:48 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 14:48 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 14:48 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 14:48 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 14:48 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 14:48 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 14:48 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 14:48 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 14:48 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 14:48 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 14:48 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 14:48 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 14:48 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-07 13:58 - 2014-12-07 14:20 - 00000000 ____D () C:\Users\Michel\Documents\DayZ
2014-12-07 13:58 - 2014-12-07 14:20 - 00000000 ____D () C:\Users\Michel\AppData\Local\DayZ
2014-12-06 16:44 - 2014-12-07 19:09 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Tropico 5
2014-12-06 16:42 - 2014-12-06 16:42 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Kalypso Media
2014-12-06 15:38 - 2014-12-06 15:38 - 00000222 _____ () C:\Users\Michel\Desktop\Tropico 5.url
2014-12-06 14:44 - 2014-12-06 14:44 - 00000222 _____ () C:\Users\Michel\Desktop\Warframe.url
2014-12-04 17:46 - 2014-12-04 17:46 - 00007618 _____ () C:\Users\Michel\AppData\Local\Resmon.ResmonCfg
2014-12-03 19:49 - 2014-12-03 19:49 - 01510302 _____ () C:\Users\Michel\Downloads\DBM_Beta_r11664.zip
2014-12-03 19:49 - 2014-12-03 19:49 - 01510302 _____ () C:\Users\Michel\Downloads\DBM_Beta_r11664 (1).zip
2014-12-01 19:18 - 2014-12-01 19:18 - 00000233 _____ () C:\Users\Michel\Desktop\Watch Dogs.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 02:24 - 2014-08-24 15:29 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\TS3Client
2014-12-30 02:12 - 2014-08-04 19:50 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-30 02:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-30 01:56 - 2014-08-04 19:36 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-30 00:20 - 2014-08-04 23:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-30 00:13 - 2014-08-04 20:26 - 00000000 ____D () C:\Users\Michel\AppData\Local\Battle.net
2014-12-29 23:05 - 2014-08-04 19:35 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8B871452-4DB6-4A2A-B4EB-4FABBABFEBA4}
2014-12-29 21:56 - 2014-08-04 19:36 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 21:07 - 2014-05-28 15:58 - 02086239 _____ () C:\Windows\WindowsUpdate.log
2014-12-29 16:35 - 2014-08-04 20:44 - 00000000 __RDO () C:\Users\Michel\SkyDrive
2014-12-29 02:31 - 2014-08-04 19:23 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1473415466-3613894533-4282407392-1001
2014-12-28 23:42 - 2014-05-24 15:46 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2014-12-28 23:42 - 2014-05-24 15:46 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2014-12-28 23:42 - 2013-10-31 04:21 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-28 23:35 - 2014-05-28 16:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-28 23:35 - 2013-10-31 04:04 - 00410482 _____ () C:\Windows\PFRO.log
2014-12-28 23:35 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-28 23:35 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-28 23:17 - 2013-08-22 15:46 - 00017537 _____ () C:\Windows\setupact.log
2014-12-28 21:58 - 2014-08-12 19:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-28 21:54 - 2014-08-12 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-28 21:54 - 2014-08-12 19:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-28 05:24 - 2014-08-12 22:01 - 00000000 ____D () C:\ProgramData\Origin
2014-12-28 02:18 - 2014-08-12 22:01 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-25 17:05 - 2014-09-25 19:04 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\OBS
2014-12-25 14:42 - 2014-08-23 17:59 - 00000000 ____D () C:\Users\Michel\Documents\My Games
2014-12-25 14:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-24 21:47 - 2014-08-09 21:17 - 00256576 _____ () C:\Windows\DirectX.log
2014-12-24 20:45 - 2014-10-11 17:07 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-12-24 02:45 - 2014-08-13 19:15 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-12-23 14:45 - 2014-08-26 16:52 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-22 02:25 - 2014-09-08 16:49 - 00000000 ____D () C:\Users\Michel\AppData\Local\Adobe
2014-12-22 02:24 - 2013-10-31 04:30 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-21 23:33 - 2014-08-13 02:26 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Spotify
2014-12-21 22:51 - 2014-08-13 02:26 - 00000000 ____D () C:\Users\Michel\AppData\Local\Spotify
2014-12-21 19:17 - 2014-08-09 21:19 - 00000000 ____D () C:\Users\Michel\AppData\Local\ArmA 2 OA
2014-12-21 19:17 - 2014-08-04 20:49 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Skype
2014-12-21 18:58 - 2014-08-04 20:49 - 00000000 ____D () C:\ProgramData\Skype
2014-12-21 00:32 - 2014-03-18 02:09 - 00000000 ____D () C:\Users\Michel\Desktop\YGOPro DevPro
2014-12-20 19:22 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-20 13:43 - 2014-08-04 22:57 - 00000000 ____D () C:\Users\Michel\AppData\Local\CrashDumps
2014-12-19 18:38 - 2014-05-28 16:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-17 14:46 - 2014-08-04 20:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-17 14:43 - 2014-08-04 20:42 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-12 14:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-10 22:28 - 2014-08-16 16:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 22:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 22:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 19:38 - 2014-08-04 20:26 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-10 16:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-10 16:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-11-30 01:09 - 2014-09-25 19:04 - 00000000 ____D () C:\Program Files\OBS

Some content of TEMP:
====================
C:\Users\Michel\AppData\Local\Temp\2uhtcgvs.dll
C:\Users\Michel\AppData\Local\Temp\4_9iwmnh.dll
C:\Users\Michel\AppData\Local\Temp\agu2xiai.dll
C:\Users\Michel\AppData\Local\Temp\ai1ylvsn.dll
C:\Users\Michel\AppData\Local\Temp\airA2BA.exe
C:\Users\Michel\AppData\Local\Temp\avgnt.exe
C:\Users\Michel\AppData\Local\Temp\awrd7so9.dll
C:\Users\Michel\AppData\Local\Temp\drc814sd.dll
C:\Users\Michel\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Michel\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Michel\AppData\Local\Temp\en2mp3gt.dll
C:\Users\Michel\AppData\Local\Temp\fjwfpsaj.dll
C:\Users\Michel\AppData\Local\Temp\fnqssrdu.dll
C:\Users\Michel\AppData\Local\Temp\fov7hf59.dll
C:\Users\Michel\AppData\Local\Temp\fv_prfhe.dll
C:\Users\Michel\AppData\Local\Temp\gbthqxpa.dll
C:\Users\Michel\AppData\Local\Temp\gid5snzt.dll
C:\Users\Michel\AppData\Local\Temp\hvifanmb.dll
C:\Users\Michel\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Michel\AppData\Local\Temp\ICSW_0L1L2X1P.exe
C:\Users\Michel\AppData\Local\Temp\j0njdcxs.dll
C:\Users\Michel\AppData\Local\Temp\m_t2l2ke.dll
C:\Users\Michel\AppData\Local\Temp\nrquipug.dll
C:\Users\Michel\AppData\Local\Temp\nsfE2E9.tmp.exe
C:\Users\Michel\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Michel\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Michel\AppData\Local\Temp\nvStInst.exe
C:\Users\Michel\AppData\Local\Temp\oct37A6.tmp.exe
C:\Users\Michel\AppData\Local\Temp\okfxjngc.dll
C:\Users\Michel\AppData\Local\Temp\p36bkte9.dll
C:\Users\Michel\AppData\Local\Temp\p877vken.dll
C:\Users\Michel\AppData\Local\Temp\Quarantine.exe
C:\Users\Michel\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Michel\AppData\Local\Temp\rej8_wyi.dll
C:\Users\Michel\AppData\Local\Temp\s-dh09yj.dll
C:\Users\Michel\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Michel\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Michel\AppData\Local\Temp\shutdown1411493986.exe
C:\Users\Michel\AppData\Local\Temp\sqlite3.dll
C:\Users\Michel\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Michel\AppData\Local\Temp\u_dfb4yf.dll
C:\Users\Michel\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Michel\AppData\Local\Temp\xqr3sg18.dll
C:\Users\Michel\AppData\Local\Temp\y20citqj.dll
C:\Users\Michel\AppData\Local\Temp\YgoUpdater.exe
C:\Users\Michel\AppData\Local\Temp\yklzzg0h.dll
C:\Users\Michel\AppData\Local\Temp\_ehiquuj.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-27 19:45

==================== End Of Log ============================
--- --- ---

--- --- ---


checkup.txt
Code:
Results of screen317's Security Check version 0.99.93 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop     
Windows Defender 
avast! Antivirus 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Google Chrome (39.0.2171.71)
 Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
Danke für die Hilfe und ich habe eigentlich keine Probleme mehr :)

schrauber 30.12.2014 19:01
ESET Log?

Shattro 30.12.2014 20:34
Sorry das hatte ich übersehen
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6515a4b360c1944bb58f3b44589434fc
# engine=21749
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-30 01:25:00
# local_time=2014-12-30 02:25:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 94 8323190 12724500 0 0
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 17296 11811297 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2968752 44783993 0 0
# scanned=284308
# found=10
# cleaned=0
# scan_time=9007
sh=6D2CF68F0985AF8537108809C981A1E2D7E81884 ft=1 fh=fe72414cd28c1f8b vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michel\AppData\Local\nsbF26C.tmp"
sh=D9493F0E35914C002630FE46D7FE24FD329A9B1E ft=1 fh=08ccc7b8b695b7cc vn="Win32/MyPCBackup.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michel\AppData\Local\Microsoft\Windows\INetCache\IE\0W6UMBOY\aff_setup[1].exe"
sh=7DFCE1617F6067BB9C14C0BEE30884F1949BACC9 ft=0 fh=0000000000000000 vn="Win32/AztecMedia.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michel\AppData\Local\Temp\20EA.tmp"
sh=D9493F0E35914C002630FE46D7FE24FD329A9B1E ft=1 fh=08ccc7b8b695b7cc vn="Win32/MyPCBackup.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michel\AppData\Local\Temp\airA2BA.exe"
sh=E52031C33DD8BCA2217850DD16E21D853702C978 ft=1 fh=437be05cd5ebff36 vn="Variante von Win32/InstallCore.QL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michel\AppData\Local\Temp\ICSW_0L1L2X1P.exe"
sh=9C9FE6968B4B25FD3D8B0448CCF915D8F4D4E593 ft=1 fh=27f07dcac750d5f3 vn="Variante von Win32/ReImageRepair.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michel\AppData\Local\Temp\ReimagePackage.exe"
sh=30457F7CFBCDA8749B9CD92F573741C817F1503F ft=1 fh=28278fd3183d6da2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michel\AppData\Local\Temp\DMR\dmr_72.exe"
sh=1C66ECE429856CEC28C79DF47F63D7F905352C81 ft=1 fh=509a80bf5f906b8c vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\Users\Michel\AppData\Local\Temp\is45637729\1003299_stp.EXE"
sh=1C66ECE429856CEC28C79DF47F63D7F905352C81 ft=1 fh=509a80bf5f906b8c vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\Users\Michel\AppData\Local\Temp\is45637729\2347982_stp.EXE"
sh=032E8C1F65A542ADC145C22B669276A91450AF01 ft=1 fh=5b9febcc26284fed vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michel\Downloads\Paint NET - CHIP-Installer.exe"

schrauber 31.12.2014 15:39
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\Michel\AppData\Local\nsbF26C.tmp

C:\Users\Michel\AppData\Local\Microsoft\Windows\INetCache\IE\0W6UMBOY\aff_setup[1].exe

C:\Users\Michel\AppData\Local\Temp\20EA.tmp

C:\Users\Michel\AppData\Local\Temp\airA2BA.exe

C:\Users\Michel\AppData\Local\Temp\ICSW_0L1L2X1P.exe

C:\Users\Michel\AppData\Local\Temp\ReimagePackage.exe

C:\Users\Michel\AppData\Local\Temp\DMR\dmr_72.exe

C:\Users\Michel\AppData\Local\Temp\is45637729\1003299_stp.EXE

C:\Users\Michel\AppData\Local\Temp\is45637729\2347982_stp.EXE

C:\Users\Michel\Downloads\Paint NET - CHIP-Installer.exe
HKU\S-1-5-21-1473415466-3613894533-4282407392-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51097;https=127.0.0.1:51097
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Shattro 31.12.2014 16:15
Fixlog.txt
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by Michel at 2014-12-31 16:12:37 Run:1
Running from C:\Users\Michel\Desktop
Loaded Profile: Michel (Available profiles: Michel)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Michel\AppData\Local\nsbF26C.tmp

C:\Users\Michel\AppData\Local\Microsoft\Windows\INetCache\IE\0W6UMBOY\aff_setup[1].exe

C:\Users\Michel\AppData\Local\Temp\20EA.tmp

C:\Users\Michel\AppData\Local\Temp\airA2BA.exe

C:\Users\Michel\AppData\Local\Temp\ICSW_0L1L2X1P.exe

C:\Users\Michel\AppData\Local\Temp\ReimagePackage.exe

C:\Users\Michel\AppData\Local\Temp\DMR\dmr_72.exe

C:\Users\Michel\AppData\Local\Temp\is45637729\1003299_stp.EXE

C:\Users\Michel\AppData\Local\Temp\is45637729\2347982_stp.EXE

C:\Users\Michel\Downloads\Paint NET - CHIP-Installer.exe
HKU\S-1-5-21-1473415466-3613894533-4282407392-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51097;https=127.0.0.1:51097
Emptytemp:
*****************

C:\Users\Michel\AppData\Local\nsbF26C.tmp => Moved successfully.
C:\Users\Michel\AppData\Local\Microsoft\Windows\INetCache\IE\0W6UMBOY\aff_setup[1].exe => Moved successfully.
C:\Users\Michel\AppData\Local\Temp\20EA.tmp => Moved successfully.
C:\Users\Michel\AppData\Local\Temp\airA2BA.exe => Moved successfully.
C:\Users\Michel\AppData\Local\Temp\ICSW_0L1L2X1P.exe => Moved successfully.
C:\Users\Michel\AppData\Local\Temp\ReimagePackage.exe => Moved successfully.
C:\Users\Michel\AppData\Local\Temp\DMR\dmr_72.exe => Moved successfully.
C:\Users\Michel\AppData\Local\Temp\is45637729\1003299_stp.EXE => Moved successfully.
C:\Users\Michel\AppData\Local\Temp\is45637729\2347982_stp.EXE => Moved successfully.
C:\Users\Michel\Downloads\Paint NET - CHIP-Installer.exe => Moved successfully.
"HKU\S-1-5-21-1473415466-3613894533-4282407392-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
EmptyTemp: => Removed 4 GB temporary data.


The system needed a reboot.

==== End of Fixlog 16:13:20 ====

schrauber 31.12.2014 18:36
Frisches FRST log bitte. Noch Probleme?

Shattro 31.12.2014 20:06
Probleme hab ich keine mehr :)

FRST.txt

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Michel (administrator) on SHATTRO-PC on 31-12-2014 20:05:36
Running from C:\Users\Michel\Desktop
Loaded Profile: Michel (Available profiles: Michel)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5383\Battle.net.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Hirez Studios, Inc.) C:\Program Files (x86)\Hi-Rez Studios\HiRezGames\smite\Binaries\Win32\Smite.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hi-Rez Studios\HirezGameNotifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Hi-Rez Studios\HiRezGames\smite\Binaries\Win32\awesomium_process.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2404296 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [51456 2014-07-22] (Acer Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1473415466-3613894533-4282407392-1001\...\Run: [Spotify Web Helper] => C:\Users\Michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-14] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51097;https=127.0.0.1:51097
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1473415466-3613894533-4282407392-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1473415466-3613894533-4282407392-1001 -> {6FB73551-6C1D-4E9E-9AA0-9BAA3881DC83} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-31]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (Adblock Pro) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhifeddjphjgoeajnekfceoifcigbhlb [2014-08-04]
CHR Extension: (Adblock Plus) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-04]
CHR Extension: (Google Wallet) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-04]
CHR Extension: (Google Mail) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [610688 2014-11-04] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [3058944 2014-07-22] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-05-28] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-05-28] (Creative Labs) [File not signed]
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107792 2013-07-03] (Condusiv Technologies)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-12-15] (Hi-Rez Studios) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18974152 2014-08-09] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2013-06-26] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25872 2013-07-03] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112912 2013-07-03] (Condusiv Technologies)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [21448 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2012-09-12] (Creative Technology Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 20:05 - 2014-12-31 20:05 - 00021617 _____ () C:\Users\Michel\Desktop\FRST.txt
2014-12-31 18:57 - 2014-12-31 18:57 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Awesomium
2014-12-31 18:56 - 2014-12-31 18:56 - 00002013 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2014-12-31 18:56 - 2014-12-31 18:56 - 00002004 _____ () C:\Users\Public\Desktop\Smite.lnk
2014-12-31 18:56 - 2014-12-31 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2014-12-31 18:56 - 2014-12-31 18:56 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-12-31 18:56 - 2014-12-31 18:56 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-12-31 18:55 - 2014-12-31 18:56 - 46655528 _____ (Hi-Rez Studios) C:\Users\Michel\Downloads\InstallSmite.exe
2014-12-31 16:46 - 2014-12-31 16:46 - 00000000 ___SH () C:\DkHyperbootSync
2014-12-30 02:33 - 2014-12-30 02:33 - 00000000 ____D () C:\Users\Michel\Downloads\FRST-OlderVersion
2014-12-30 02:31 - 2014-12-30 02:31 - 00852505 _____ () C:\Users\Michel\Downloads\SecurityCheck.exe
2014-12-29 22:14 - 2014-12-29 22:15 - 02347384 _____ (ESET) C:\Users\Michel\Downloads\esetsmartinstaller_deu.exe
2014-12-29 02:24 - 2014-12-29 02:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-12-29 02:24 - 2014-12-29 02:24 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-12-28 23:39 - 2014-12-28 23:39 - 00000615 _____ () C:\Users\Michel\Desktop\JRT.txt
2014-12-28 23:37 - 2014-12-28 23:37 - 01707939 _____ (Thisisu) C:\Users\Michel\Downloads\JRT.exe
2014-12-28 23:36 - 2014-12-28 23:36 - 00006269 _____ () C:\Users\Michel\Desktop\AdwCleaner[S0].txt
2014-12-28 23:26 - 2014-12-28 23:35 - 00000000 ____D () C:\AdwCleaner
2014-12-28 23:22 - 2014-12-28 23:22 - 02173952 _____ () C:\Users\Michel\Downloads\AdwCleaner_4.106.exe
2014-12-28 23:15 - 2014-12-28 23:15 - 00002405 _____ () C:\Users\Michel\Desktop\MBAM.txt
2014-12-28 21:50 - 2014-12-28 21:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Michel\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-27 22:50 - 2014-12-27 22:50 - 00034915 _____ () C:\Users\Michel\Downloads\Addition.txt
2014-12-27 22:49 - 2014-12-31 20:05 - 00000000 ____D () C:\FRST
2014-12-27 22:49 - 2014-12-30 02:34 - 00040216 _____ () C:\Users\Michel\Downloads\FRST.txt
2014-12-27 22:49 - 2014-12-30 02:33 - 02123264 _____ (Farbar) C:\Users\Michel\Desktop\FRST64.exe
2014-12-24 21:45 - 2014-12-24 21:45 - 00000123 _____ () C:\Users\Public\Desktop\FarCry 4.url
2014-12-22 02:24 - 2014-12-31 19:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-22 02:24 - 2014-12-29 02:24 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-22 02:24 - 2014-12-28 01:10 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2014-12-22 02:24 - 2014-12-22 02:24 - 00003862 _____ () C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2014-12-22 02:24 - 2014-12-22 02:24 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-20 01:44 - 2014-12-20 01:44 - 00000000 ____D () C:\Users\Michel\AppData\Local\Chromium
2014-12-19 23:23 - 2014-12-19 23:23 - 00000222 _____ () C:\Users\Michel\Desktop\The Binding of Isaac Rebirth.url
2014-12-19 19:45 - 2014-12-20 17:37 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Might & Magic Heroes VI
2014-12-19 19:45 - 2014-12-20 01:48 - 00000000 ____D () C:\Users\Michel\Documents\Might & Magic Heroes VI
2014-12-15 10:01 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-15 10:01 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-13 15:46 - 2014-12-13 15:46 - 00000219 _____ () C:\Users\Michel\Desktop\Counter-Strike Global Offensive.url
2014-12-10 22:28 - 2014-12-10 22:28 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 14:49 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 14:49 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 14:49 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 14:49 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 14:48 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 14:48 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 14:48 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 14:48 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 14:48 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 14:48 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 14:48 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 14:48 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 14:48 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 14:48 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 14:48 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 14:48 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 14:48 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 14:48 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 14:48 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 14:48 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 14:48 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 14:48 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 14:48 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 14:48 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 14:48 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 14:48 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 14:48 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 14:48 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 14:48 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 14:48 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 14:48 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 14:48 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 14:48 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 14:48 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 14:48 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 14:48 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 14:48 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 14:48 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 14:48 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 14:48 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 14:48 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 14:48 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 14:48 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 14:48 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 14:48 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 14:48 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 14:48 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 14:48 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 14:48 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 14:48 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 14:48 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 14:48 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 14:48 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-07 13:58 - 2014-12-07 14:20 - 00000000 ____D () C:\Users\Michel\Documents\DayZ
2014-12-07 13:58 - 2014-12-07 14:20 - 00000000 ____D () C:\Users\Michel\AppData\Local\DayZ
2014-12-06 16:44 - 2014-12-07 19:09 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Tropico 5
2014-12-06 16:42 - 2014-12-06 16:42 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Kalypso Media
2014-12-06 15:38 - 2014-12-06 15:38 - 00000222 _____ () C:\Users\Michel\Desktop\Tropico 5.url
2014-12-06 14:44 - 2014-12-06 14:44 - 00000222 _____ () C:\Users\Michel\Desktop\Warframe.url
2014-12-04 17:46 - 2014-12-04 17:46 - 00007618 _____ () C:\Users\Michel\AppData\Local\Resmon.ResmonCfg
2014-12-03 19:49 - 2014-12-03 19:49 - 01510302 _____ () C:\Users\Michel\Downloads\DBM_Beta_r11664.zip
2014-12-03 19:49 - 2014-12-03 19:49 - 01510302 _____ () C:\Users\Michel\Downloads\DBM_Beta_r11664 (1).zip
2014-12-01 19:18 - 2014-12-01 19:18 - 00000233 _____ () C:\Users\Michel\Desktop\Watch Dogs.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 20:04 - 2014-08-23 17:59 - 00000000 ____D () C:\Users\Michel\Documents\My Games
2014-12-31 20:04 - 2014-08-09 21:17 - 00256940 _____ () C:\Windows\DirectX.log
2014-12-31 20:04 - 2013-08-22 16:38 - 00405360 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-31 20:03 - 2014-08-04 20:26 - 00000000 ____D () C:\Users\Michel\AppData\Local\Battle.net
2014-12-31 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-31 19:56 - 2014-08-04 19:36 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-31 19:42 - 2014-08-04 19:50 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-31 19:28 - 2014-08-04 19:35 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8B871452-4DB6-4A2A-B4EB-4FABBABFEBA4}
2014-12-31 19:02 - 2014-08-24 15:29 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\TS3Client
2014-12-31 18:56 - 2014-05-28 16:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-31 16:29 - 2014-05-28 15:58 - 01145578 _____ () C:\Windows\WindowsUpdate.log
2014-12-31 16:23 - 2014-08-04 23:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-31 16:20 - 2014-05-24 15:46 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2014-12-31 16:20 - 2014-05-24 15:46 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2014-12-31 16:20 - 2013-10-31 04:21 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 16:15 - 2014-08-04 20:44 - 00000000 __RDO () C:\Users\Michel\SkyDrive
2014-12-31 16:15 - 2014-08-04 19:36 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 16:14 - 2014-05-28 16:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-31 16:14 - 2013-10-31 04:04 - 00412422 _____ () C:\Windows\PFRO.log
2014-12-31 16:14 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-31 01:26 - 2014-03-18 02:09 - 00000000 ____D () C:\Users\Michel\Desktop\YGOPro DevPro
2014-12-29 02:31 - 2014-08-04 19:23 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1473415466-3613894533-4282407392-1001
2014-12-28 23:35 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-28 23:17 - 2013-08-22 15:46 - 00017537 _____ () C:\Windows\setupact.log
2014-12-28 21:58 - 2014-08-12 19:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-28 21:54 - 2014-08-12 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-28 21:54 - 2014-08-12 19:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-28 05:24 - 2014-08-12 22:01 - 00000000 ____D () C:\ProgramData\Origin
2014-12-28 02:18 - 2014-08-12 22:01 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-25 17:05 - 2014-09-25 19:04 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\OBS
2014-12-25 14:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-24 20:45 - 2014-10-11 17:07 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-12-24 02:45 - 2014-08-13 19:15 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-12-23 14:45 - 2014-08-26 16:52 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-22 02:25 - 2014-09-08 16:49 - 00000000 ____D () C:\Users\Michel\AppData\Local\Adobe
2014-12-22 02:24 - 2013-10-31 04:30 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-21 23:33 - 2014-08-13 02:26 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Spotify
2014-12-21 22:51 - 2014-08-13 02:26 - 00000000 ____D () C:\Users\Michel\AppData\Local\Spotify
2014-12-21 19:17 - 2014-08-09 21:19 - 00000000 ____D () C:\Users\Michel\AppData\Local\ArmA 2 OA
2014-12-21 19:17 - 2014-08-04 20:49 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Skype
2014-12-21 18:58 - 2014-08-04 20:49 - 00000000 ____D () C:\ProgramData\Skype
2014-12-20 19:22 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-20 13:43 - 2014-08-04 22:57 - 00000000 ____D () C:\Users\Michel\AppData\Local\CrashDumps
2014-12-17 14:46 - 2014-08-04 20:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-17 14:43 - 2014-08-04 20:42 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-12 14:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-10 22:28 - 2014-08-16 16:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 22:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 22:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 19:38 - 2014-08-04 20:26 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-10 16:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-10 16:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS

Some content of TEMP:
====================
C:\Users\Michel\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-27 19:45

==================== End Of Log ============================
--- --- ---

schrauber 31.12.2014 22:19
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51097;https=127.0.0.1:51097
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST Log bitte.

Shattro 01.01.2015 00:22
Fixlist.txt
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by Michel at 2015-01-01 00:20:35 Run:2
Running from C:\Users\Michel\Desktop
Loaded Profile: Michel (Available profiles: Michel)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51097;https=127.0.0.1:51097
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.

==== End of Fixlog 00:20:35 ====
Frst.txt

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Michel (administrator) on SHATTRO-PC on 01-01-2015 00:21:37
Running from C:\Users\Michel\Desktop
Loaded Profile: Michel (Available profiles: Michel)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\Michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2404296 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [51456 2014-07-22] (Acer Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1473415466-3613894533-4282407392-1001\...\Run: [Spotify Web Helper] => C:\Users\Michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-14] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1473415466-3613894533-4282407392-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1473415466-3613894533-4282407392-1001 -> {6FB73551-6C1D-4E9E-9AA0-9BAA3881DC83} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-31]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (Adblock Pro) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhifeddjphjgoeajnekfceoifcigbhlb [2014-08-04]
CHR Extension: (Adblock Plus) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-04]
CHR Extension: (Google Wallet) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-04]
CHR Extension: (Google Mail) - C:\Users\Michel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [610688 2014-11-04] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [3058944 2014-07-22] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-05-28] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-05-28] (Creative Labs) [File not signed]
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107792 2013-07-03] (Condusiv Technologies)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-12-15] (Hi-Rez Studios) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18974152 2014-08-09] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2013-06-26] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25872 2013-07-03] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112912 2013-07-03] (Condusiv Technologies)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [21448 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2012-09-12] (Creative Technology Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 00:21 - 2015-01-01 00:21 - 00020664 _____ () C:\Users\Michel\Desktop\FRST.txt
2014-12-31 22:04 - 2014-12-31 22:04 - 00000000 ___SH () C:\DkHyperbootSync
2014-12-31 18:57 - 2014-12-31 18:57 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Awesomium
2014-12-31 18:56 - 2014-12-31 18:56 - 00002004 _____ () C:\Users\Public\Desktop\Smite.lnk
2014-12-31 18:56 - 2014-12-31 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2014-12-31 18:56 - 2014-12-31 18:56 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-12-31 18:56 - 2014-12-31 18:56 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-12-31 18:55 - 2014-12-31 18:56 - 46655528 _____ (Hi-Rez Studios) C:\Users\Michel\Downloads\InstallSmite.exe
2014-12-30 02:33 - 2014-12-30 02:33 - 00000000 ____D () C:\Users\Michel\Downloads\FRST-OlderVersion
2014-12-30 02:31 - 2014-12-30 02:31 - 00852505 _____ () C:\Users\Michel\Downloads\SecurityCheck.exe
2014-12-29 22:14 - 2014-12-29 22:15 - 02347384 _____ (ESET) C:\Users\Michel\Downloads\esetsmartinstaller_deu.exe
2014-12-29 02:24 - 2014-12-29 02:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-12-29 02:24 - 2014-12-29 02:24 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-12-28 23:37 - 2014-12-28 23:37 - 01707939 _____ (Thisisu) C:\Users\Michel\Downloads\JRT.exe
2014-12-28 23:26 - 2014-12-28 23:35 - 00000000 ____D () C:\AdwCleaner
2014-12-28 23:22 - 2014-12-28 23:22 - 02173952 _____ () C:\Users\Michel\Downloads\AdwCleaner_4.106.exe
2014-12-28 21:50 - 2014-12-28 21:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Michel\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-27 22:50 - 2014-12-27 22:50 - 00034915 _____ () C:\Users\Michel\Downloads\Addition.txt
2014-12-27 22:49 - 2015-01-01 00:21 - 00000000 ____D () C:\FRST
2014-12-27 22:49 - 2014-12-30 02:34 - 00040216 _____ () C:\Users\Michel\Downloads\FRST.txt
2014-12-27 22:49 - 2014-12-30 02:33 - 02123264 _____ (Farbar) C:\Users\Michel\Desktop\FRST64.exe
2014-12-24 21:45 - 2014-12-24 21:45 - 00000123 _____ () C:\Users\Public\Desktop\FarCry 4.url
2014-12-22 02:24 - 2014-12-31 23:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-22 02:24 - 2014-12-31 20:37 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-22 02:24 - 2014-12-29 02:24 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-22 02:24 - 2014-12-28 01:10 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2014-12-22 02:24 - 2014-12-22 02:24 - 00003862 _____ () C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2014-12-20 01:44 - 2014-12-20 01:44 - 00000000 ____D () C:\Users\Michel\AppData\Local\Chromium
2014-12-19 23:23 - 2014-12-19 23:23 - 00000222 _____ () C:\Users\Michel\Desktop\The Binding of Isaac Rebirth.url
2014-12-19 19:45 - 2014-12-20 17:37 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Might & Magic Heroes VI
2014-12-19 19:45 - 2014-12-20 01:48 - 00000000 ____D () C:\Users\Michel\Documents\Might & Magic Heroes VI
2014-12-15 10:01 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-15 10:01 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-13 15:46 - 2014-12-13 15:46 - 00000219 _____ () C:\Users\Michel\Desktop\Counter-Strike Global Offensive.url
2014-12-10 22:28 - 2014-12-10 22:28 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 14:49 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 14:49 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 14:49 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 14:49 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 14:48 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 14:48 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 14:48 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 14:48 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 14:48 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 14:48 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 14:48 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 14:48 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 14:48 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 14:48 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 14:48 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 14:48 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 14:48 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 14:48 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 14:48 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 14:48 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 14:48 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 14:48 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 14:48 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 14:48 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 14:48 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 14:48 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 14:48 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 14:48 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 14:48 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 14:48 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 14:48 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 14:48 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 14:48 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 14:48 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 14:48 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 14:48 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 14:48 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 14:48 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 14:48 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 14:48 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 14:48 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 14:48 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 14:48 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 14:48 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 14:48 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 14:48 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 14:48 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 14:48 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 14:48 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 14:48 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 14:48 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 14:48 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 14:48 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 14:48 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-07 13:58 - 2014-12-07 14:20 - 00000000 ____D () C:\Users\Michel\Documents\DayZ
2014-12-07 13:58 - 2014-12-07 14:20 - 00000000 ____D () C:\Users\Michel\AppData\Local\DayZ
2014-12-06 16:44 - 2014-12-07 19:09 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Tropico 5
2014-12-06 16:42 - 2014-12-06 16:42 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Kalypso Media
2014-12-06 15:38 - 2014-12-06 15:38 - 00000222 _____ () C:\Users\Michel\Desktop\Tropico 5.url
2014-12-06 14:44 - 2014-12-06 14:44 - 00000222 _____ () C:\Users\Michel\Desktop\Warframe.url
2014-12-04 17:46 - 2014-12-04 17:46 - 00007618 _____ () C:\Users\Michel\AppData\Local\Resmon.ResmonCfg
2014-12-03 19:49 - 2014-12-03 19:49 - 01510302 _____ () C:\Users\Michel\Downloads\DBM_Beta_r11664.zip
2014-12-03 19:49 - 2014-12-03 19:49 - 01510302 _____ () C:\Users\Michel\Downloads\DBM_Beta_r11664 (1).zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 00:18 - 2014-08-24 15:29 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\TS3Client
2015-01-01 00:12 - 2014-08-04 19:50 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-01 00:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-31 23:56 - 2014-08-04 19:36 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-31 23:04 - 2014-08-04 19:35 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8B871452-4DB6-4A2A-B4EB-4FABBABFEBA4}
2014-12-31 22:32 - 2014-08-04 23:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-31 21:56 - 2014-08-04 19:36 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 21:47 - 2014-08-04 20:26 - 00000000 ____D () C:\Users\Michel\AppData\Local\Battle.net
2014-12-31 20:44 - 2014-05-28 15:58 - 01151111 _____ () C:\Windows\WindowsUpdate.log
2014-12-31 20:04 - 2014-08-23 17:59 - 00000000 ____D () C:\Users\Michel\Documents\My Games
2014-12-31 20:04 - 2014-08-09 21:17 - 00256940 _____ () C:\Windows\DirectX.log
2014-12-31 20:04 - 2013-08-22 16:38 - 00405360 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-31 18:56 - 2014-05-28 16:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-31 16:20 - 2014-05-24 15:46 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2014-12-31 16:20 - 2014-05-24 15:46 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2014-12-31 16:20 - 2013-10-31 04:21 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 16:15 - 2014-08-04 20:44 - 00000000 __RDO () C:\Users\Michel\SkyDrive
2014-12-31 16:14 - 2014-05-28 16:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-31 16:14 - 2013-10-31 04:04 - 00412422 _____ () C:\Windows\PFRO.log
2014-12-31 16:14 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-31 01:26 - 2014-03-18 02:09 - 00000000 ____D () C:\Users\Michel\Desktop\YGOPro DevPro
2014-12-29 02:31 - 2014-08-04 19:23 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1473415466-3613894533-4282407392-1001
2014-12-28 23:35 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-28 23:17 - 2013-08-22 15:46 - 00017537 _____ () C:\Windows\setupact.log
2014-12-28 21:58 - 2014-08-12 19:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-28 21:54 - 2014-08-12 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-28 21:54 - 2014-08-12 19:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-28 05:24 - 2014-08-12 22:01 - 00000000 ____D () C:\ProgramData\Origin
2014-12-28 02:18 - 2014-08-12 22:01 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-25 17:05 - 2014-09-25 19:04 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\OBS
2014-12-25 14:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-24 20:45 - 2014-10-11 17:07 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-12-24 02:45 - 2014-08-13 19:15 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-12-23 14:45 - 2014-08-26 16:52 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-22 02:25 - 2014-09-08 16:49 - 00000000 ____D () C:\Users\Michel\AppData\Local\Adobe
2014-12-22 02:24 - 2013-10-31 04:30 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-21 23:33 - 2014-08-13 02:26 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Spotify
2014-12-21 22:51 - 2014-08-13 02:26 - 00000000 ____D () C:\Users\Michel\AppData\Local\Spotify
2014-12-21 19:17 - 2014-08-09 21:19 - 00000000 ____D () C:\Users\Michel\AppData\Local\ArmA 2 OA
2014-12-21 19:17 - 2014-08-04 20:49 - 00000000 ____D () C:\Users\Michel\AppData\Roaming\Skype
2014-12-21 18:58 - 2014-08-04 20:49 - 00000000 ____D () C:\ProgramData\Skype
2014-12-20 19:22 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-20 13:43 - 2014-08-04 22:57 - 00000000 ____D () C:\Users\Michel\AppData\Local\CrashDumps
2014-12-17 14:46 - 2014-08-04 20:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-17 14:43 - 2014-08-04 20:42 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-12 14:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-10 22:28 - 2014-08-16 16:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 22:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 22:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 19:38 - 2014-08-04 20:26 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-10 16:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-10 16:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS

Some content of TEMP:
====================
C:\Users\Michel\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-27 19:45

==================== End Of Log ============================
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:16 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27