youradexchange popup virus/malware

bigfish18 · 20.05.2015, 07:43

Hallo Leute,

mein PC leidet unter diesen nervigen PopupVirus. Ich komme einfach direkt zur Beschreibung.
Manche Seiten kann ich nicht laden, so wie z.b. Youtube geht überhaupt nicht mehr, andere hingegen ohne Probleme, wie Facebook. Allgemein ist das Internet langsamer, aber nur in Browser, in Steam ( Videospiele ) werden downloads mit normaler Geschwindigkeit ausgeführt. Betroffen sind alle Browser von meinen PC, und alle Browser von meines Opas PC. Opa hat den PC jetzt schon zum Fachmann gebracht, er konnte nicht länger warten, da ich ihm gesagt hatte, dass dieser Virus ein wenig hartnäckiger ist als andere. Ich sage das hier, weil ich nicht der normale Joe bin, der für alles sofort immer Hilfe holt, bisher konnte ich alles mit Google Anleitungen alleine regeln. Leider aber nicht in diesem Fall.

Ich habe ein riesen Arsenal an Antivirus/Antimalware/Scan Programmen, und auch schon alle mindestens einmal ausgeführt. Ich versuche soweit es geht die Logdateinen hier einzufügen.

edit: nochmal zur Verdeutlichung

, mein Opa hat seinen PC weggebracht, meiner ist noch im Haus und mit dem schreibe ich euch gerade!

Das Arsenal umfasst, Rkill, Adwcleaner, Combofix, Malewarebytes, ESET, JRT, Rougekiller, FRST ... nichts hat wirklich geholfen.

Zumindest nicht einer Leie wie mir, deshalb hier mal kurz die Logs dieser Scan/Anti Viren Programme:

schrauber · 20.05.2015, 07:53

hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Addition.txt von FRST fehlt noch

bigfish18 · 21.05.2015, 09:12

Hallo Herr Schrauber,

ja der Virus lässt mich gerade nicht editieren, da Seiten oftmals, so ca. 30% nicht aufrufbar sind, und es Glück abhängig ist, ob der Edit durchkommt oder nicht. Habe den "code" stuff erst später gelesen ...

Ich poste alles nochmal neu, wenn sie ein Moderator dieses Forums sind, können sie die Codes da oben löschen, da ich sie jetzt richtig, neu posten werde!

rkill

Code:

ATTFilter

Rkill 2.7.0 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 hxxp://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/19/2015 07:38:50 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity: 

 * No issues found.

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * No issues found.

Program finished at: 05/19/2015 07:38:58 PM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.2 (05.15.2015:1)
OS: Windows 7 Home Premium x64
Ran by Besitzer on 19.05.2015 at  8:25:43,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\2inl486l.default-1431945839184\user.js
Emptied folder: C:\Users\Besitzer\AppData\Roaming\mozilla\firefox\profiles\2inl486l.default-1431945839184\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.05.2015 at  8:29:13,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

Code:

ATTFilter

can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Besitzer (administrator) on DB-GAMER on 20-05-2015 07:38:39
Running from C:\Users\Besitzer\Downloads
Loaded Profiles: Besitzer &  (Available profiles: Besitzer & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\Besitzer\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Besitzer\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Spotify Ltd) C:\Users\Besitzer\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Besitzer\AppData\Roaming\Spotify\Spotify.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Besitzer\AppData\Roaming\Spotify\Spotify.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-206598528-2362900283-2492162193-1000\...\Run: [Spotify] => C:\Users\Besitzer\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-04-24] (Spotify Ltd)
HKU\S-1-5-21-206598528-2362900283-2492162193-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-206598528-2362900283-2492162193-1000\...\Run: [Spotify Web Helper] => C:\Users\Besitzer\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-24] (Spotify Ltd)
HKU\S-1-5-21-206598528-2362900283-2492162193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Besitzer\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-04-24] (Spotify Ltd)
HKU\S-1-5-21-206598528-2362900283-2492162193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-206598528-2362900283-2492162193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Besitzer\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-24] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-206598528-2362900283-2492162193-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-206598528-2362900283-2492162193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-206598528-2362900283-2492162193-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-206598528-2362900283-2492162193-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-206598528-2362900283-2492162193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-206598528-2362900283-2492162193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\..\Interfaces\{B4692A10-EC11-4BF7-9213-6B3B2543A3B1}: [NameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\2inl486l.default-1431945839184
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)
FF Plugin HKU\S-1-5-21-206598528-2362900283-2492162193-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Besitzer\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1401100-0-npoctoshape.dll [2014-01-10] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-206598528-2362900283-2492162193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Besitzer\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1401100-0-npoctoshape.dll [2014-01-10] (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Besitzer\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-03-13] (Octoshape ApS)
FF Extension: Adblock Plus - C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\2inl486l.default-1431945839184\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-19]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [Not Found]

Chrome: 
=======
CHR Profile: C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-28]
CHR Extension: (Google Docs) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-28]
CHR Extension: (Google Drive) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-28]
CHR Extension: (YouTube) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-28]
CHR Extension: (Adblock Plus) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-11]
CHR Extension: (Google Search) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-28]
CHR Extension: (Google Sheets) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-28]
CHR Extension: (Bookmark Manager) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-14]
CHR Extension: (Gmail) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0068.sys [28640 2015-02-09] (SoftEther VPN Project at University of Tsukuba, Japan.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-19] ()
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 07:39 - 2015-05-20 07:39 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Besitzer\Desktop\revosetup95.exe
2015-05-20 07:38 - 2015-05-20 07:39 - 00015237 _____ () C:\Users\Besitzer\Downloads\FRST.txt
2015-05-20 07:38 - 2015-05-20 07:38 - 00000000 ____D () C:\FRST
2015-05-20 07:37 - 2015-05-20 07:37 - 02107904 _____ (Farbar) C:\Users\Besitzer\Desktop\FRST64.exe
2015-05-19 19:52 - 2015-05-19 19:52 - 01637718 _____ () C:\Users\Besitzer\Downloads\tdsskiller44 (2).exe.opdownload
2015-05-19 19:52 - 2015-05-19 19:52 - 00192918 _____ () C:\Users\Besitzer\Downloads\tdsskiller44 (3).exe.opdownload
2015-05-19 19:51 - 2015-05-19 19:51 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-05-19 19:51 - 2015-05-19 19:51 - 00000000 ____D () C:\ProgramData\Sophos
2015-05-19 19:51 - 2015-05-19 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-19 19:51 - 2015-05-19 19:51 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-05-19 19:45 - 2015-05-19 19:49 - 121189656 _____ (Sophos Limited) C:\Users\Besitzer\Downloads\Sophos Virus Removal Tool.exe
2015-05-19 19:40 - 2015-05-19 19:40 - 06202480 _____ () C:\Users\Besitzer\Downloads\AdwareMedic.dmg
2015-05-19 19:32 - 2015-05-19 19:32 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Besitzer\Downloads\tdsskiller44.exe
2015-05-19 19:32 - 2015-05-19 19:32 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Besitzer\Downloads\tdsskiller44 (1).exe
2015-05-19 19:25 - 2015-05-19 19:25 - 00003848 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1432056332
2015-05-19 19:25 - 2015-05-19 19:25 - 00001135 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-05-19 19:25 - 2015-05-19 19:25 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-05-19 19:25 - 2015-05-19 19:25 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Opera Software
2015-05-19 19:25 - 2015-05-19 19:25 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\Opera Software
2015-05-19 19:24 - 2015-05-20 07:36 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-19 18:23 - 2015-05-19 18:23 - 00017128 _____ () C:\ComboFix.txt
2015-05-19 18:06 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-19 18:06 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-19 18:06 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-19 18:06 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-19 18:06 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-19 18:06 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-19 18:06 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-19 18:06 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-19 18:05 - 2015-05-19 18:23 - 00000000 ____D () C:\Qoobox
2015-05-19 18:05 - 2015-05-19 18:21 - 00000000 ____D () C:\Windows\erdnt
2015-05-19 18:04 - 2015-05-19 18:04 - 05623645 ____R (Swearware) C:\Users\Besitzer\Downloads\ComboFix.exe
2015-05-19 08:29 - 2015-05-19 08:29 - 00001013 _____ () C:\Users\Besitzer\Desktop\JRT.txt
2015-05-19 07:48 - 2015-05-19 07:48 - 00064024 _____ () C:\Users\Besitzer\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-19 07:47 - 2015-05-19 07:48 - 02091520 _____ (Conner Bernhard) C:\Users\Besitzer\Desktop\NetAdapterRepair1.2.exe
2015-05-19 07:41 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-19 07:41 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 17:11 - 2015-05-19 08:15 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-18 17:11 - 2015-05-18 17:25 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-18 17:11 - 2015-05-18 17:11 - 02719698 _____ (Thisisu) C:\Users\Besitzer\Desktop\JRT.exe
2015-05-18 17:10 - 2015-05-18 17:11 - 16980568 _____ () C:\Users\Besitzer\Desktop\RogueKiller.exe
2015-05-18 17:09 - 2015-05-18 17:09 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Besitzer\Downloads\rkill64-27285.exe
2015-05-18 17:08 - 2015-05-19 19:38 - 00002336 _____ () C:\Users\Besitzer\Desktop\Rkill.txt
2015-05-18 17:08 - 2015-05-18 17:08 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Besitzer\Downloads\rkill64.exe
2015-05-18 17:07 - 2015-05-18 17:07 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Besitzer\Desktop\rkill.exe
2015-05-18 16:10 - 2015-05-18 16:12 - 67321856 _____ () C:\Users\Besitzer\Downloads\eav_nt32_enu.msi
2015-05-18 16:04 - 2015-05-18 16:05 - 01761992 _____ (ESET) C:\Users\Besitzer\Downloads\eset_nod32_antivirus_live_installer.exe
2015-05-18 13:29 - 2015-05-20 07:31 - 00000890 _____ () C:\Windows\PFRO.log
2015-05-18 13:29 - 2015-05-20 07:31 - 00000560 _____ () C:\Windows\setupact.log
2015-05-18 13:29 - 2015-05-19 07:57 - 04958488 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-18 13:29 - 2015-05-18 13:29 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-18 13:09 - 2015-05-18 13:09 - 00207434 _____ () C:\Users\Besitzer\Documents\cc_20150518_130903.reg
2015-05-18 13:08 - 2015-05-18 13:08 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-05-18 13:08 - 2015-05-18 13:08 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-18 13:07 - 2015-05-18 13:08 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-18 13:07 - 2015-05-18 13:07 - 06484352 _____ (Piriform Ltd) C:\Users\Besitzer\Downloads\ccsetup505.exe
2015-05-18 12:42 - 2015-05-18 12:42 - 02209792 _____ () C:\Users\Besitzer\Desktop\adwcleaner_4.204.exe
2015-05-18 12:41 - 2015-05-18 12:41 - 02953520 _____ (AVAST Software) C:\Users\Besitzer\Downloads\avast-browser-cleanup.exe
2015-05-18 10:59 - 2015-05-18 10:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DB-GAMER-Windows-7-Home-Premium-(64-bit).dat
2015-05-18 10:59 - 2015-05-18 10:59 - 00000000 ____D () C:\RegBackup
2015-05-18 10:54 - 2015-05-18 10:58 - 196434040 _____ (Kaspersky Lab) C:\Users\Besitzer\Downloads\kts15.0.2.361en.exe
2015-05-18 10:39 - 2015-05-19 14:43 - 00000000 ____D () C:\AdwCleaner
2015-05-18 10:22 - 2015-05-20 07:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 10:22 - 2015-05-18 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-18 10:22 - 2015-05-18 10:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-18 10:22 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-18 10:22 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-18 09:52 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-18 09:52 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-18 09:52 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-18 09:52 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-18 09:52 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-18 09:52 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-18 09:52 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-18 09:52 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-18 09:52 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-18 09:52 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-18 09:52 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-18 09:52 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-18 09:52 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-18 09:52 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-18 09:52 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-18 09:52 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-18 09:52 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-18 09:52 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-18 09:52 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-18 09:52 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-18 09:52 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-18 09:52 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-18 09:52 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-18 09:52 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-18 09:52 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-18 09:52 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-18 09:52 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-18 09:52 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-18 09:52 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-18 09:52 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-18 09:52 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-18 09:52 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-18 09:52 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-18 09:52 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-18 09:52 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-18 09:52 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-18 09:52 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-18 09:52 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-18 09:52 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-18 09:52 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-18 09:52 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-18 09:52 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-18 09:52 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-18 09:52 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-18 09:52 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-18 09:52 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-18 09:52 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-18 09:52 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-18 09:52 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-18 09:52 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-18 09:52 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-18 09:52 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-18 09:52 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-18 09:52 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-18 09:52 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-18 09:52 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-18 09:52 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-18 09:52 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-18 09:52 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-18 09:52 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-18 09:52 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-18 09:52 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-18 09:52 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-18 09:52 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-18 09:51 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-18 09:51 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-18 09:51 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-18 09:51 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-18 09:51 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-18 09:51 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-18 09:51 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-18 09:51 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-18 09:51 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-18 09:51 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-18 09:51 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-18 09:51 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-18 09:51 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-18 09:51 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-18 09:51 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-18 09:51 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-18 09:51 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-18 09:51 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-18 09:51 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-18 09:51 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-18 09:51 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-18 09:51 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-18 09:51 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-18 09:51 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-18 09:51 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-18 09:51 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-18 09:51 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-18 09:51 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-18 09:51 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-18 09:51 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-18 09:51 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-18 09:51 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-18 09:50 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-18 09:50 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-18 09:50 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-18 09:50 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-18 09:50 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-18 09:50 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-18 09:50 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-18 09:50 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-18 09:50 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-18 09:50 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-18 09:50 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-18 09:50 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-18 09:50 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-18 09:50 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-18 09:50 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-18 09:50 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-18 09:50 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-18 09:50 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-18 09:50 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-18 09:50 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-18 09:50 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-18 09:50 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-18 09:50 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-18 09:50 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-18 09:50 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-18 09:50 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-18 09:50 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-18 09:50 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-18 09:50 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-18 09:50 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-18 09:50 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-18 09:50 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-18 09:50 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-18 09:50 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-18 09:50 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-18 09:50 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-18 09:50 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-18 09:50 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-18 09:50 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-18 09:50 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-18 09:50 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-18 09:50 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-18 09:50 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-18 09:50 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-18 09:50 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-18 09:43 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-18 09:43 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-18 09:43 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-18 09:43 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-18 09:43 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-18 09:43 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-18 09:43 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-18 09:43 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-18 09:43 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-18 09:43 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-18 09:43 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 09:14 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 09:14 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 09:14 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-03 21:38 - 2015-05-18 10:11 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\uTorrent
2015-05-03 16:05 - 2015-05-05 13:48 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-04-26 22:39 - 2015-04-28 10:26 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\hudworker
2015-04-26 22:39 - 2015-04-26 22:39 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Jivaro ehf
2015-04-26 22:39 - 2015-04-26 22:39 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\Jivaro ehf
2015-04-26 22:38 - 2015-04-26 22:38 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Jivaro
2015-04-26 22:38 - 2015-04-26 22:38 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\Jivaro
2015-04-22 20:23 - 2015-04-22 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Classic
2015-04-22 20:19 - 2015-05-03 19:45 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Classic
2015-04-21 23:30 - 2015-05-19 19:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 07:39 - 2013-10-30 18:08 - 01679347 _____ () C:\Windows\WindowsUpdate.log
2015-05-20 07:37 - 2013-10-31 19:30 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\Adobe
2015-05-20 07:37 - 2013-10-31 10:09 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C5251734-AF3D-4D09-BCE5-C49E8ED9A9E9}
2015-05-20 07:33 - 2013-10-31 17:00 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Spotify
2015-05-20 07:32 - 2013-10-31 17:09 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\Spotify
2015-05-20 07:31 - 2015-02-28 02:42 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-20 07:31 - 2013-10-31 10:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-20 07:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-20 00:16 - 2015-02-28 02:42 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-20 00:14 - 2013-10-31 19:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-19 23:39 - 2014-01-31 00:27 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-19 23:32 - 2013-11-03 15:36 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\TS3Client
2015-05-19 20:45 - 2015-03-10 15:30 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\Battle.net
2015-05-19 19:43 - 2009-07-14 06:45 - 00028320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-19 19:43 - 2009-07-14 06:45 - 00028320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-19 18:23 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-19 18:16 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-19 14:20 - 2014-09-22 17:35 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\PokerStars.EU
2015-05-19 13:11 - 2015-02-28 02:42 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-19 13:11 - 2015-02-28 02:42 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-19 11:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-19 09:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-19 08:03 - 2011-04-12 09:43 - 01222928 _____ () C:\Windows\system32\perfh007.dat
2015-05-19 08:03 - 2011-04-12 09:43 - 00312204 _____ () C:\Windows\system32\perfc007.dat
2015-05-19 08:03 - 2009-07-14 07:13 - 00006256 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-19 07:57 - 2014-06-18 21:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-19 07:57 - 2014-06-18 21:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-19 07:55 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-19 07:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-19 07:51 - 2013-10-31 11:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-19 07:48 - 2013-10-31 11:17 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-19 07:41 - 2014-06-18 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-18 13:14 - 2014-08-11 15:17 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\TeamViewer
2015-05-18 13:14 - 2014-02-24 20:52 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\DAEMON Tools Pro
2015-05-18 13:13 - 2014-11-28 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerTracker 4
2015-05-18 13:13 - 2014-09-13 15:43 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
2015-05-18 13:13 - 2014-08-04 12:26 - 00000000 ____D () C:\Windows\Minidump
2015-05-18 13:13 - 2014-04-12 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-05-18 13:13 - 2014-02-24 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cossacks - Back To War
2015-05-18 13:13 - 2013-10-30 18:03 - 00000000 ____D () C:\Windows\Panther
2015-05-18 10:15 - 2014-11-28 20:57 - 00000000 ____D () C:\Users\postgres
2015-05-18 10:14 - 2015-03-27 17:07 - 00000000 ____D () C:\Users\Besitzer\Desktop\bewervungen
2015-05-18 10:12 - 2014-07-17 07:10 - 00000000 ____D () C:\Users\Besitzer\Desktop\DOTA2BOOST.com
2015-05-18 10:10 - 2015-03-18 21:54 - 00000000 ____D () C:\Users\Besitzer\Desktop\musikkkkk
2015-05-18 10:08 - 2014-08-25 19:02 - 00000000 ____D () C:\Users\Besitzer\Desktop\lake sublime
2015-05-18 10:07 - 2014-12-01 21:53 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\PokerStars.NET
2015-05-18 10:05 - 2014-10-10 00:38 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-18 10:00 - 2014-06-30 16:05 - 00000000 ____D () C:\ProgramData\Skype
2015-05-18 09:56 - 2014-07-31 17:36 - 00000000 ____D () C:\Program Files\Adobe
2015-05-18 09:56 - 2014-07-31 17:32 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-05-18 09:56 - 2013-10-31 12:51 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Adobe
2015-05-18 09:48 - 2014-01-22 14:20 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-18 09:31 - 2013-10-30 18:21 - 00000000 ___HD () C:\Users\Besitzer
2015-05-18 09:29 - 2011-04-12 09:54 - 00000000 ____D () C:\Windows\ShellNew
2015-05-18 09:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-18 09:28 - 2015-04-11 08:19 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-18 09:28 - 2015-02-28 02:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-18 09:28 - 2013-10-31 13:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-18 09:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2015-05-18 09:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-18 09:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-05-05 17:24 - 2014-09-22 17:34 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2015-05-03 19:35 - 2015-03-10 15:30 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Battle.net
2015-04-23 09:40 - 2014-12-28 22:18 - 00000000 ____D () C:\Users\Besitzer\Desktop\ausland
2015-04-22 20:23 - 2014-02-24 20:54 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

==================== Files in the root of some directories =======

2014-11-28 20:49 - 2014-11-28 20:49 - 0004913 _____ () C:\ProgramData\flwjycbm.bab

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-19 08:55

==================== End Of Log ============================

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by Besitzer at 2015-05-20 07:40:33
Running from C:\Users\Besitzer\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-206598528-2362900283-2492162193-500 - Administrator - Disabled)
Besitzer (S-1-5-21-206598528-2362900283-2492162193-1000 - Administrator - Enabled) => C:\Users\Besitzer
Gast (S-1-5-21-206598528-2362900283-2492162193-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-206598528-2362900283-2492162193-1003 - Limited - Enabled)
postgres (S-1-5-21-206598528-2362900283-2492162193-1004 - Limited - Enabled) => C:\Users\postgres

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.33 - GIGABYTE)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Evolve [Closed Beta] (HKLM-x32\...\Steam App 203190) (Version:  - Turtle Rock Studios)
FINAL FANTASY XIII (HKLM-x32\...\Steam App 292120) (Version:  - SQUARE ENIX)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Infinite HD™ App (HKU\S-1-5-21-206598528-2362900283-2492162193-1000\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Infinite HD™ App (HKU\S-1-5-21-206598528-2362900283-2492162193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Jivaro (HKLM-x32\...\{95CF931D-DDEB-4B15-B52C-80096CB5275E}) (Version: 0.0.1 - Jivaro)
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version:  - DONTNOD Entertainment)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version:  - CyberConnect 2)
NVIDIA 3D Vision Controller-Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 29.0.1795.47 (HKLM-x32\...\Opera 29.0.1795.47) (Version: 29.0.1795.47 - Opera Software ASA)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Spotify (HKU\S-1-5-21-206598528-2362900283-2492162193-1000\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Spotify (HKU\S-1-5-21-206598528-2362900283-2492162193-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Vanishing of Ethan Carter (HKLM-x32\...\Steam App 258520) (Version:  - The Astronauts)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Vegas Pro 13.0 (64-bit) (HKLM\...\{CE92F061-BFBC-11E3-8FF3-F04DA23A5C58}) (Version: 13.0.290 - Sony)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WinRAR 5.00 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
World of Warcraft Classic (HKLM-x32\...\{D55ED80F-FAFD-40E1-99FC-89AF8614A9B5}_is1) (Version: 1.12.1.5875 - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-05-2015 07:37:35 Windows Update
19-05-2015 19:51:05 Installed Sophos Virus Removal Tool.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {13F41710-50EF-488D-A7E6-EDB90CD60408} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {2BE977E9-C3D9-401B-B87D-73E0869648B7} - System32\Tasks\Opera scheduled Autoupdate 1432056332 => C:\Program Files (x86)\Opera\launcher.exe [2015-04-17] (Opera Software)
Task: {399B7C6B-E397-4C89-87ED-1DCCB251AC74} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6EE94A68-DE41-4AF4-A4D7-B0B640E80AE3} - System32\Tasks\{997169C2-2516-4C8A-82FC-55B9855CFD6D} => C:\Users\Besitzer\Cossacks - Back To War\dmcr.exe
Task: {8098B997-E17D-4154-84BF-A891FB6241B2} - System32\Tasks\AdobeAAMUpdater-1.0-db-Gamer-Besitzer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {81DB054B-962A-48E2-B1EF-749D041B847D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {953370DC-3195-4C26-BF02-164A0B1948A1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {AF96F182-FE4B-4FFA-B111-B574ADB80B91} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {B769E489-2700-4391-9928-E660F7EA13C4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B7EC7994-948D-4B6B-A2F6-727112C1442E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-28] (Google Inc.)
Task: {D5DF442D-CCDD-44BF-8E93-16159239F9F2} - System32\Tasks\{AEEDDA16-C762-41C1-9B0E-E8716C3CAE5B} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {E7F3271F-DCE0-4356-B275-E3ED5B460705} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-28] (Google Inc.)
Task: {EAC8891D-E2AE-4EA3-92A0-EC8C8B5ED609} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F8DD350E-2922-4343-BDDC-172673E370CC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-10-31 10:28 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-07-16 11:05 - 2014-07-16 11:05 - 05558432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-206598528-2362900283-2492162193-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AVG-Secure-Search-Update_0414c => "C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe" /PROMPT /CMPID=0414c 
MSCONFIG\startupreg: AVG-Secure-Search-Update_0814tb => "C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe" /PROMPT /CMPID=0814tb 
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: ESL Wire => "C:\Program Files\EslWire\wire.exe" --tray
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Besitzer\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [TCP Query User{82A14D33-4D97-4F77-A0AA-46FFCA6562D7}C:\users\besitzer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\besitzer\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{83EB2606-2D13-45C3-9181-844AF0788BD1}C:\users\besitzer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\besitzer\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A65BBD9C-D73E-4AB8-9D04-A81C471FF2B1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9872AF14-A565-4656-8C48-65D545ECAEDE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AE2B6E81-52EC-4B00-A94C-F2E6CA6C1653}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{DFECAF8B-C4E8-48FC-8489-5401CC65C805}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe

==================== Faulty Device Manager Devices =============

Name: VPN Client Adapter - VPN
Description: VPN Client Adapter - VPN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SoftEther VPN Project
Service: Neo_VPN
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2015 07:32:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 06:02:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 03:06:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.1.0.0, Zeitstempel: 0x552d3c4a
Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.1.0.0, Zeitstempel: 0x552d3c4a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000bfbd
ID des fehlerhaften Prozesses: 0x7b0
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3

Error: (05/19/2015 02:46:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 11:06:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 11:02:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 08:56:48 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.

Error: (05/19/2015 08:03:49 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (05/19/2015 08:03:49 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (05/19/2015 08:03:49 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (05/20/2015 07:31:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT-AUTORITÄT)
Description: Die Energieverwaltungsfeatures für Leistung des Prozessors "7" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware.

Error: (05/20/2015 07:31:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT-AUTORITÄT)
Description: Die Energieverwaltungsfeatures für Leistung des Prozessors "6" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware.

Error: (05/20/2015 07:31:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT-AUTORITÄT)
Description: Die Energieverwaltungsfeatures für Leistung des Prozessors "5" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware.

Error: (05/20/2015 07:31:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT-AUTORITÄT)
Description: Die Energieverwaltungsfeatures für Leistung des Prozessors "4" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware.

Error: (05/20/2015 07:31:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT-AUTORITÄT)
Description: Die Energieverwaltungsfeatures für Leistung des Prozessors "3" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware.

Error: (05/20/2015 07:31:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT-AUTORITÄT)
Description: Die Energieverwaltungsfeatures für Leistung des Prozessors "2" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware.

Error: (05/20/2015 07:31:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT-AUTORITÄT)
Description: Die Energieverwaltungsfeatures für Leistung des Prozessors "1" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware.

Error: (05/20/2015 07:31:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT-AUTORITÄT)
Description: Die Energieverwaltungsfeatures für Leistung des Prozessors "0" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware.

Error: (05/20/2015 07:31:14 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎20.‎05.‎2015 um 00:31:28 unerwartet heruntergefahren.

Error: (05/19/2015 06:16:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================
Error: (05/20/2015 07:32:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 06:02:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 03:06:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.1.0.0552d3c4ambamservice.exe3.1.0.0552d3c4ac00000050000bfbd7b001d092319dc72bffC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exece45691c-fe27-11e4-a84a-94de807532c5

Error: (05/19/2015 02:46:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 11:06:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 11:02:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 08:56:48 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

Error: (05/19/2015 08:03:49 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/19/2015 08:03:49 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (05/19/2015 08:03:49 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000


==================== Memory info =========================== 

Processor: AMD FX(tm)-8320 Eight-Core Processor 
Percentage of memory in use: 39%
Total physical RAM: 8189.54 MB
Available physical RAM: 4932.04 MB
Total Pagefile: 16377.29 MB
Available Pagefile: 12865.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:277.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 75A617F5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

combofix
Combofix Logfile:

Code:

ATTFilter

ComboFix 15-05-13.01 - Besitzer 20.05.2015   7:55.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8190.6132 [GMT 2:00]
ausgeführt von:: c:\users\Besitzer\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-20 bis 2015-05-20  ))))))))))))))))))))))))))))))
.
.
2015-05-20 06:04 . 2015-05-20 06:04	--------	d-----w-	c:\users\postgres\AppData\Local\temp
2015-05-20 06:04 . 2015-05-20 06:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-05-20 05:51 . 2015-05-20 05:51	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2214B7AB-EDBF-4CC8-9A37-01062AEDE7D2}\offreg.2024.dll
2015-05-20 05:41 . 2015-05-20 05:41	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-05-20 05:38 . 2015-05-20 05:40	--------	d-----w-	C:\FRST
2015-05-19 17:51 . 2015-05-19 17:51	--------	d-----w-	c:\programdata\Sophos
2015-05-19 17:51 . 2015-05-19 17:51	--------	d-----w-	c:\program files (x86)\Sophos
2015-05-19 17:25 . 2015-05-19 17:25	--------	d-----w-	c:\users\Besitzer\AppData\Local\Opera Software
2015-05-19 17:25 . 2015-05-19 17:25	--------	d-----w-	c:\users\Besitzer\AppData\Roaming\Opera Software
2015-05-19 17:24 . 2015-05-20 05:36	--------	d-----w-	c:\program files (x86)\Opera
2015-05-19 16:13 . 2015-05-19 16:13	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2214B7AB-EDBF-4CC8-9A37-01062AEDE7D2}\offreg.4036.dll
2015-05-19 06:02 . 2015-05-03 03:16	12214312	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2214B7AB-EDBF-4CC8-9A37-01062AEDE7D2}\mpengine.dll
2015-05-19 05:41 . 2015-05-01 13:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-19 05:41 . 2015-05-01 13:16	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 15:11 . 2015-05-19 06:15	35064	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2015-05-18 15:11 . 2015-05-18 15:25	--------	d-----w-	c:\programdata\RogueKiller
2015-05-18 11:07 . 2015-05-18 11:08	--------	d-----w-	c:\program files\CCleaner
2015-05-18 08:59 . 2015-05-18 08:59	--------	d-----w-	C:\RegBackup
2015-05-18 08:39 . 2015-05-19 12:43	--------	d-----w-	C:\AdwCleaner
2015-05-18 08:22 . 2015-05-20 05:32	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-18 08:22 . 2015-05-18 08:22	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-05-18 08:22 . 2015-04-14 07:37	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-05-18 08:22 . 2015-04-14 07:37	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-05-18 07:51 . 2015-04-13 03:28	328704	----a-w-	c:\windows\system32\services.exe
2015-05-18 07:50 . 2015-04-27 19:23	362496	----a-w-	c:\windows\system32\wow64win.dll
2015-05-18 07:43 . 2015-01-29 03:19	2543104	----a-w-	c:\windows\system32\wpdshext.dll
2015-05-18 07:43 . 2015-01-29 03:02	2311168	----a-w-	c:\windows\SysWow64\wpdshext.dll
2015-05-18 07:43 . 2015-01-29 03:19	1195008	----a-w-	c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2015-05-18 07:43 . 2015-02-18 07:06	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
2015-05-18 07:43 . 2015-02-18 07:04	142336	----a-w-	c:\windows\system32\poqexec.exe
2015-05-18 07:43 . 2015-03-04 04:41	6656	----a-w-	c:\windows\system32\shimeng.dll
2015-05-18 07:43 . 2015-03-04 04:41	72192	----a-w-	c:\windows\system32\aelupsvc.dll
2015-05-18 07:43 . 2015-03-04 04:41	342016	----a-w-	c:\windows\system32\apphelp.dll
2015-05-18 07:43 . 2015-03-04 04:41	23552	----a-w-	c:\windows\system32\sdbinst.exe
2015-05-18 07:43 . 2015-03-04 04:11	5120	----a-w-	c:\windows\SysWow64\shimeng.dll
2015-05-18 07:43 . 2015-03-04 04:10	295936	----a-w-	c:\windows\SysWow64\apphelp.dll
2015-05-18 07:43 . 2015-03-04 04:10	20992	----a-w-	c:\windows\SysWow64\sdbinst.exe
2015-05-13 07:14 . 2015-04-27 19:22	404992	----a-w-	c:\windows\system32\tracerpt.exe
2015-05-13 07:14 . 2015-04-27 18:59	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 07:14 . 2015-04-27 17:57	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2015-05-03 19:38 . 2015-05-18 08:11	--------	d-----w-	c:\users\Besitzer\AppData\Roaming\uTorrent
2015-05-03 14:05 . 2015-05-05 11:48	--------	d-----w-	c:\program files (x86)\World of Warcraft
2015-04-26 20:39 . 2015-04-28 08:26	--------	d-----w-	c:\users\Besitzer\AppData\Local\hudworker
2015-04-26 20:39 . 2015-04-26 20:39	--------	d-----w-	c:\users\Besitzer\AppData\Roaming\Jivaro ehf
2015-04-26 20:39 . 2015-04-26 20:39	--------	d-----w-	c:\users\Besitzer\AppData\Local\Jivaro ehf
2015-04-26 20:38 . 2015-04-26 20:38	--------	d-----w-	c:\users\Besitzer\AppData\Roaming\Jivaro
2015-04-26 20:38 . 2015-04-26 20:38	--------	d-----w-	c:\users\Besitzer\AppData\Local\Jivaro
2015-04-22 18:19 . 2015-05-03 17:45	--------	d-----w-	c:\program files (x86)\World of Warcraft Classic
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-19 05:48 . 2013-10-31 09:17	140425016	----a-w-	c:\windows\system32\MRT.exe
2015-04-27 19:04 . 2015-05-18 07:50	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-04-14 18:14 . 2013-10-31 17:33	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-14 18:14 . 2013-10-31 17:33	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 07:37 . 2014-12-05 13:37	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-03-25 03:24 . 2015-04-15 05:40	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 05:40	37376	----a-w-	c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 05:40	35328	----a-w-	c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 05:40	3298816	----a-w-	c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 05:40	2553856	----a-w-	c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 05:40	191488	----a-w-	c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 05:40	696320	----a-w-	c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 05:40	60416	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 05:40	12288	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 05:40	36864	----a-w-	c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 05:40	135168	----a-w-	c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 05:40	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 05:40	566784	----a-w-	c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 05:40	29696	----a-w-	c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 05:40	173056	----a-w-	c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 05:40	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 05:40	726528	----a-w-	c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 05:40	769536	----a-w-	c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 05:40	419840	----a-w-	c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 05:40	957952	----a-w-	c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 05:40	30720	----a-w-	c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 05:40	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 05:40	192000	----a-w-	c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 05:40	1111552	----a-w-	c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-15 05:40	1882624	----a-w-	c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 05:40	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 05:40	1237504	----a-w-	c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 05:40	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 05:40	404480	----a-w-	c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 05:40	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-15 05:38	367552	----a-w-	c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 05:38	79360	----a-w-	c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-18 07:43	309248	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-18 07:43	103424	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-15 05:38	58880	----a-w-	c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-18 07:43	470528	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-18 07:43	2178560	----a-w-	c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-18 07:43	2560	----a-w-	c:\windows\apppatch\AcRes.dll
2015-02-25 03:18 . 2015-04-15 05:40	754688	----a-w-	c:\windows\system32\drivers\http.sys
2015-02-24 02:17 . 2010-11-21 03:27	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-20 04:41 . 2015-03-11 09:30	41984	----a-w-	c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 09:30	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 09:30	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 09:30	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 09:30	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 09:30	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 09:30	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 09:30	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 09:30	372224	----a-w-	c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 09:30	299008	----a-w-	c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Besitzer\AppData\Roaming\Spotify\Spotify.exe" [2015-04-24 7168568]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-04-23 8204056]
"Spotify Web Helper"="c:\users\Besitzer\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-04-24 2020920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-07-22 2694040]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0068.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_0068.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-18 20:54	988488	----a-w-	c:\program files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-31 18:14]
.
2015-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-28 00:42]
.
2015-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-28 00:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-07-16 09:06	672416	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-07-16 09:06	672416	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-07-16 09:06	672416	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-10-26 13213840]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
mStart Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
TCP: Interfaces\{B4692A10-EC11-4BF7-9213-6B3B2543A3B1}: NameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Mozilla Firefox 37.0.2 (x86 de) - c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-206598528-2362900283-2492162193-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-206598528-2362900283-2492162193-1000)
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-206598528-2362900283-2492162193-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-206598528-2362900283-2492162193-1000)
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-206598528-2362900283-2492162193-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-206598528-2362900283-2492162193-1000)
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-206598528-2362900283-2492162193-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-206598528-2362900283-2492162193-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-206598528-2362900283-2492162193-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-206598528-2362900283-2492162193-1000)
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-206598528-2362900283-2492162193-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-206598528-2362900283-2492162193-1000)
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-206598528-2362900283-2492162193-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-05-20  08:12:48
ComboFix-quarantined-files.txt  2015-05-20 06:12
ComboFix2.txt  2015-05-19 16:23
.
Vor Suchlauf: 12 Verzeichnis(se), 297.614.135.296 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 297.543.413.760 Bytes frei
.
- - End Of File - - 046DD8942EE642F0CD63A9CE5D1A1327

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

malewarebytes

Code:

ATTFilter

Suchlauf Datum: 19.05.2015
Suchlauf-Zeit: 12:02:05
Logdatei: fdgfdg.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.19.02
Rootkit Datenbank: v2015.05.16.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Besitzer

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 394965
Verstrichene Zeit: 16 Min, 7 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Sophos Antivir / ESET haben beim Scan nichts gefunden. ESET habe ich schon deinstalliert, weiß also nicht ob ich die Logfiles noch bekomme ... selbe mit Sophos.

Hier noch der Rougekiller log!

Code:

ATTFilter

RogueKiller V10.6.4.0 [May 18 2015] by Adlice Software
Mail : hxxp://www.adlice.com/contact/
Feedback : hxxp://forum.adlice.com
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : hxxp://www.adlice.com

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
gestarted in : normaler Modus
User : Besitzer [Administrator]
Started from : C:\Users\Besitzer\Desktop\RogueKiller.exe
Modus : Löschen -- Datum : 05/20/2015  09:09:38

¤¤¤ Prozesse : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Aufgaben : 0 ¤¤¤

¤¤¤ Dateien : 0 ¤¤¤

¤¤¤ Host Dateien : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: nicht geladen [0xc000036b]) ¤¤¤

¤¤¤ Web Browser : 1 ¤¤¤
[FIREFX:Addon] 2inl486l.default-1431945839184 : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> gelöscht

¤¤¤ MBR Überprüfung : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA DT01ACA050 ATA Device +++++
--- User ---
[MBR] 7c977135485f60c7b2ef60b7c8d5283f
[BSP] 65314e373aa4d49f8a9d264d4bb1cebf : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_05182015_172200.log - RKreport_DEL_05182015_172433.log - RKreport_DEL_05182015_172434.log - RKreport_DEL_05182015_172437.log
RKreport_DEL_05182015_172503.log - RKreport_DEL_05182015_172521.log - RKreport_SCN_05192015_081953.log - RKreport_SCN_05202015_090844.log

EDIT

mein opa kam gerade vom "pc fachmann". dieser hat wohl alles bereinigt, dass wollte ich dann mit eigenen augen kurz sehen, und naja ... das selbe problem besteht bei opa immernoch, auch nachdem er 60€ bezahlt hat.

ich sage nicht, dass der mann ein betrüger ist. kann es sein, dass mein PC und der pc von meinem opa beide virenfrei / malware frei sind, aber unser öffentliches netzwerk irgendwas damit zu tun hat? denn anders macht es für mich keinen sinn.

fakten :

- ich habe viel arbeit investiert, mit vielen verschiedenen antivir programmen, und alle sagen mir, dass mein PC einwandfrei ist.

- pc fachmann sagte, der pc hat ohne probleme bei ihm funktioniert.

- ich und opa benutzen das gleiche öffentliche heim netzwerk.

passt ziemlich gut zusammen, oder nicht? findet man hier vielleicht die lösung des problems?

Niemand eine Idee?

UPDATE

ich habe mein Iphone einmal als Router benutzt, quasi unser Internet abgeschlossen, und mein Iphone dran gemacht als alternativ Modem, um die "netzwerk infektions theorie" zu bestätigen. Und siehe da, das Popup virus war weg.

Update 2

Problem gelöst, Router resettet und Problem ist beseitigt. War mir nicht bekannt, dass Viren/Malware auch in den Router gehen können.

schrauber · 22.05.2015, 06:42

Genau das wäre auch der nächste Schritt gewesen, Router resetten. Trotzdem nochmal alle Browser auf den REchnern einmal zurücksetzen

22.05.2015, 06:42	#4
schrauber /// the machine /// TB-Ausbilder	youradexchange popup virus/malware Genau das wäre auch der nächste Schritt gewesen, Router resetten. Trotzdem nochmal alle Browser auf den REchnern einmal zurücksetzen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

youradexchange popup virus/malware

Log-Analyse und Auswertung: youradexchange popup virus/malware