Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 8.1: Browser öffnet selbstständig Werbeseiten (https://www.trojaner-board.de/167636-windows-8-1-browser-oeffnet-selbststaendig-werbeseiten.html)

Alex1996 05.06.2015 23:56
Windows 8.1: Browser öffnet selbstständig Werbeseiten
 
Hallo,

mein Chrome öffnet seit mehreren Wochen immer selbstständig Werbeseiten.

Die Seite die am meisten geöffnet wird heißt: PTP24.com.

Die anderen Seiten leiten ein meistens entweder auf Youtube Videos oder zu Adf.ly.

AntiVir hat bisher auch leider nichts gefunden.

Bitte um Hilfe.

Gruß Alex

deeprybka 06.06.2015 07:31
:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.



Los geht's:

Schritt 1
http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://deeprybka.trojaner-board.de/tdss/codetags.gif

Alex1996 06.06.2015 12:58
Logfiles
 
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-06-2015
Ran by Alex (administrator) on ALEX-MACBOOK on 06-06-2015 13:10:11
Running from C:\Users\Alex\Desktop
Loaded Profiles: Alex (Available Profiles: Alex)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Alex\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Spotify Ltd) C:\Users\Alex\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Alex\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Alex\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Alex\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [746816 2014-02-06] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1144709705-1760910624-3481591003-1001\...\Run: [Spotify Web Helper] => C:\Users\Alex\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-05] (Spotify Ltd)
HKU\S-1-5-21-1144709705-1760910624-3481591003-1001\...\Run: [Spotify] => C:\Users\Alex\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-06-05] (Spotify Ltd)
HKU\S-1-5-21-1144709705-1760910624-3481591003-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-1144709705-1760910624-3481591003-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-1144709705-1760910624-3481591003-1001\...\Run: [GoogleChromeAutoLaunch_AD2529C7DB5B63D28C23362385276129] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\S-1-5-21-1144709705-1760910624-3481591003-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1144709705-1760910624-3481591003-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-1144709705-1760910624-3481591003-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1144709705-1760910624-3481591003-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-05] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-05] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\kgs7OrqP.default
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-05] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-05] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\kgs7OrqP.default\Extensions\abs@avira.com [2015-03-22]

Chrome:
=======
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2015-04-26]
CHR Extension: (Google Slides) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-05]
CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-05]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-05]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-05]
CHR Extension: (Adblock Plus) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-26]
CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-05]
CHR Extension: (Tampermonkey) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-04-26]
CHR Extension: (Google Sheets) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-05]
CHR Extension: (AdBlock) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-26]
CHR Extension: (Bookmark Manager) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-05]
CHR Extension: (Avira SafeSearch) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmiahjidflgnbiadknkmaimfpjkelng [2015-04-26]
CHR Extension: (Google Wallet) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-05]
CHR Extension: (Simple Startup Password) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojoalkffommhmdmbohjphohoejjmgepc [2015-04-26]
CHR Extension: (Battlefield 4) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pecgmdpcolnkkmjanbjmpblniokfddgf [2015-04-26]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [226112 2014-02-06] ()
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-20] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-03-21] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AppleCamera; C:\Windows\system32\DRIVERS\AppleCamera.sys [1793664 2013-12-04] (Apple Inc.)
R3 applemtm; C:\Windows\system32\DRIVERS\applemtm.sys [12288 2013-09-06] (Apple Inc.)
R3 applemtp; C:\Windows\system32\DRIVERS\applemtp.sys [39424 2013-09-06] (Apple Inc.)
R3 AppleSDR; C:\Windows\system32\DRIVERS\AppleSDR.sys [12800 2013-09-03] (Apple Inc.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8497840 2014-01-10] (Broadcom Corporation)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFD.sys [56720 2013-10-17] (Cirrus Logic Inc.)
R3 CirrusUFD; C:\Windows\system32\DRIVERS\CSUFD.sys [11928 2013-10-17] (Cirrus Logic Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-01-31] (Intel Corporation)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-09-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 13:10 - 2015-06-06 13:10 - 00013934 _____ C:\Users\Alex\Desktop\FRST.txt
2015-06-06 13:09 - 2015-06-06 13:10 - 00000000 ____D C:\FRST
2015-06-06 13:08 - 2015-06-06 13:08 - 02108928 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2015-06-06 13:06 - 2015-06-06 13:06 - 00000602 _____ C:\Windows\PFRO.log
2015-06-06 13:06 - 2015-06-06 13:06 - 00000232 _____ C:\Windows\setupact.log
2015-06-06 13:06 - 2015-06-06 13:06 - 00000000 _____ C:\Windows\setuperr.log
2015-06-06 02:47 - 2015-06-06 02:47 - 00056744 _____ C:\Users\Alex\Documents\cc_20150606_024749.reg
2015-06-06 02:38 - 2015-06-06 02:39 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-06 02:38 - 2015-06-06 02:38 - 00001126 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-06 02:38 - 2015-06-06 02:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-06 02:38 - 2015-06-06 02:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-06 02:38 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-06 02:38 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-06 02:38 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-06 02:37 - 2015-06-06 02:37 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-06 02:33 - 2015-06-06 02:33 - 02231296 _____ C:\Users\Alex\Downloads\adwcleaner_4.206.exe
2015-06-06 02:28 - 2015-06-06 02:28 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-06-06 02:20 - 2015-06-06 02:20 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Alex\Downloads\tdsskiller.exe
2015-06-05 22:12 - 2015-06-05 22:12 - 00000000 ____D C:\Users\Alex\AppData\Local\GWX
2015-06-05 17:29 - 2015-06-05 17:29 - 00000000 ____D C:\TempDump
2015-06-05 16:48 - 2015-06-05 16:48 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-05 16:42 - 2015-06-05 16:42 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-05 16:42 - 2015-06-05 16:42 - 00000000 ____D C:\ProgramData\Sun
2015-06-05 16:42 - 2015-06-05 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-05 16:41 - 2015-06-05 16:41 - 00562272 _____ (Oracle Corporation) C:\Users\Alex\Downloads\chromeinstall-8u45.exe
2015-06-05 16:41 - 2015-06-05 16:41 - 00000000 ____D C:\ProgramData\Oracle
2015-06-05 16:41 - 2015-06-05 16:41 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-05 16:37 - 2015-06-05 16:37 - 00119249 _____ C:\Users\Alex\Downloads\vR_BR120EL_Sc01_DE_EN.rwp
2015-06-05 16:36 - 2015-06-05 16:36 - 00233557 _____ C:\Users\Alex\Downloads\vR_BR111_Dosto_Sc05_DE_EN.rwp
2015-06-05 16:36 - 2015-06-05 16:36 - 00216070 _____ C:\Users\Alex\Downloads\vR_BR111_Dosto_Sc01_DE_EN.rwp
2015-06-05 16:36 - 2015-06-05 16:36 - 00161016 _____ C:\Users\Alex\Downloads\vR_BR111_Dosto_Sc03_DE_EN.rwp
2015-06-05 16:36 - 2015-06-05 16:36 - 00117455 _____ C:\Users\Alex\Downloads\vR_BR111_Dosto_Sc06_DE_EN.rwp
2015-06-05 16:36 - 2015-06-05 16:36 - 00105503 _____ C:\Users\Alex\Downloads\vR_BR111_Dosto_Sc02_DE_EN.rwp
2015-06-05 16:36 - 2015-06-05 16:36 - 00102899 _____ C:\Users\Alex\Downloads\vR_BR111_Dosto_Sc07_DE_EN.rwp
2015-06-05 16:34 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-05 16:34 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-05 16:32 - 2015-06-05 16:32 - 00001198 _____ C:\Users\Public\Desktop\Microsoft-Maus- und Tastatur-Center installieren.lnk
2015-06-05 16:26 - 2015-06-05 16:34 - 152430272 _____ () C:\Users\Alex\Downloads\vr_db_br120_ic_el_en_de_v2.exe
2015-06-05 16:23 - 2015-06-05 16:31 - 119113307 _____ C:\Users\Alex\Downloads\vr_br111_dosto_v3.rwp
2015-06-05 16:21 - 2015-06-05 16:21 - 00053181 _____ C:\Users\Alex\Downloads\installer.zip
2015-06-05 16:11 - 2015-06-05 16:11 - 00000221 _____ C:\Users\Alex\Desktop\Train Simulator 2015.url
2015-06-05 16:10 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-05 16:10 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-05 16:10 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-05 16:10 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-05 16:10 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-05 16:10 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-05 16:10 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-05 16:10 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-05 16:10 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-05 16:10 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-05 16:10 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-05 16:10 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-05 16:10 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-05 16:10 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-05 16:10 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-05 16:10 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-05 16:10 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-05 16:10 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-06-05 16:10 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-05 16:10 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-05 16:10 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-05 16:10 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-05 16:10 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-05 16:10 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-05 16:10 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-05 16:10 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-05 16:10 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-05 16:10 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-05 16:10 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-05 16:10 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-05 16:10 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-05 16:10 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-05 16:10 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-05 16:10 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-05 16:10 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-05 16:10 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-05 16:10 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-05 16:10 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-06-05 16:10 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-05 16:10 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-05 16:10 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-05 16:10 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-05 16:10 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-05 16:10 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-05 16:10 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-05 16:10 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-05 16:10 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-05 16:10 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-05 16:10 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-05 16:10 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-05 16:10 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-05 16:10 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-05 16:10 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-06-05 16:10 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-05 16:10 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-06-05 16:10 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-05 16:10 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-06-05 16:10 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-06-05 16:10 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-06-05 16:10 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-06-05 16:10 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-06-05 16:10 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-06-05 16:10 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-06-05 16:10 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-06-05 16:10 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-06-05 16:10 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-05 16:10 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-06-05 16:10 - 2015-03-17 19:26 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-06-05 16:10 - 2015-03-13 06:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-06-05 16:10 - 2015-03-13 06:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-06-05 16:10 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-06-05 16:10 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-06-05 16:10 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-06-05 16:10 - 2015-03-13 02:29 - 00410017 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-05 16:10 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-06-05 16:10 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-06-05 16:10 - 2015-03-09 04:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-06-05 16:10 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-05 16:10 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-06-05 16:10 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-06-05 16:10 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-06-05 16:10 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-06-05 16:10 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-06-05 16:10 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-06-05 16:10 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-12 23:08 - 2015-05-12 23:08 - 00000000 ____D C:\Users\Alex\AppData\Roaming\WindSolutions
2015-05-12 23:07 - 2015-05-12 23:07 - 10388158 _____ C:\Users\Alex\Downloads\CopyTransManagerDEv1.015.zip
2015-05-12 23:07 - 2015-05-12 23:07 - 00000000 ____D C:\ProgramData\WindSolutions
2015-05-12 23:04 - 2015-05-12 23:04 - 00001773 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-05-12 23:04 - 2015-05-12 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-12 23:04 - 2015-05-12 23:04 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-12 23:04 - 2015-05-12 23:04 - 00000000 ____D C:\Program Files\iTunes
2015-05-12 23:04 - 2015-05-12 23:04 - 00000000 ____D C:\Program Files\iPod
2015-05-12 23:04 - 2015-05-12 23:04 - 00000000 ____D C:\Program Files (x86)\iTunes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 13:08 - 2015-02-16 04:16 - 01331326 _____ C:\Windows\WindowsUpdate.log
2015-06-06 13:06 - 2015-04-05 19:05 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-06 13:06 - 2015-04-05 18:03 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-06 13:06 - 2015-02-16 05:28 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Spotify
2015-06-06 13:06 - 2015-02-16 05:28 - 00000000 ____D C:\Users\Alex\AppData\Local\Spotify
2015-06-06 13:06 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-06 02:53 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-06 02:52 - 2015-04-26 16:36 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1144709705-1760910624-3481591003-1001
2015-06-06 02:47 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-06 02:45 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-06 02:44 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Branding
2015-06-06 02:43 - 2014-09-24 08:16 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-06 02:43 - 2014-09-24 07:43 - 00765582 _____ C:\Windows\system32\perfh007.dat
2015-06-06 02:43 - 2014-09-24 07:43 - 00159366 _____ C:\Windows\system32\perfc007.dat
2015-06-06 02:36 - 2015-04-05 18:11 - 00000000 ____D C:\AdwCleaner
2015-06-06 02:35 - 2015-04-26 15:18 - 00000000 ____D C:\Windows\system32\log
2015-06-06 02:31 - 2013-08-22 16:44 - 00338016 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-06 02:30 - 2015-03-08 20:00 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-06 02:30 - 2014-09-24 09:41 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-06 02:30 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-06-06 02:30 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-06 02:29 - 2015-02-16 04:16 - 00000000 ____D C:\Users\Alex
2015-06-06 02:18 - 2015-04-05 19:05 - 00001144 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-05 22:29 - 2015-02-16 05:23 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BC1C0BF7-B9AA-4FE2-B387-005F9482FF0A}
2015-06-05 19:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-06-05 16:38 - 2015-04-05 19:18 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-05 16:34 - 2015-03-21 17:36 - 00000000 ____D C:\Windows\system32\MRT
2015-06-05 16:34 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-05 16:32 - 2015-04-05 18:38 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-05 16:32 - 2015-04-05 18:38 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-05 16:32 - 2015-03-21 17:36 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-05 16:31 - 2014-09-24 08:00 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-05 16:13 - 2015-04-05 19:05 - 00004116 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-05 16:13 - 2015-04-05 19:05 - 00003880 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-12 23:04 - 2015-03-21 18:01 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-05-12 23:04 - 2015-03-21 18:01 - 00000000 ____D C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2015-03-21 01:08 - 2015-03-21 01:08 - 0000600 _____ () C:\Users\Alex\AppData\Local\PUTTY.RND

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-05 16:30

==================== End of log ============================
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:06-06-2015
Ran by Alex at 2015-06-06 13:10:42
Running from C:\Users\Alex\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1144709705-1760910624-3481591003-500 - Administrator - Disabled)
Alex (S-1-5-21-1144709705-1760910624-3481591003-1001 - Administrator - Enabled) => C:\Users\Alex
Gast (S-1-5-21-1144709705-1760910624-3481591003-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boot Camp-Dienste (HKLM\...\{FA2B2C2A-EA41-495A-9308-60726125D562}) (Version: 5.1.5640 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
Spotify (HKU\S-1-5-21-1144709705-1760910624-3481591003-1001\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{1BB8F10E-6512-4F07-B676-497659DCE4CD}) (Version: 6.1.4.0 - Husdawg, LLC)
Train Simulator 2015 (HKLM-x32\...\Steam App 24010) (Version:  - Dovetail Games)
TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
Windows-Treiberpaket - AMD (amdkmafd) System  (09/22/2012 9.002.0.0000) (HKLM\...\203795FBE6DF8F5E5F7AFFD457E83797A053787C) (Version: 09/22/2012 9.002.0.0000 - AMD)
Windows-Treiberpaket - Apple Inc. (AppleCamera) Image  (11/21/2013 5.0.22.0) (HKLM\...\1FCF3C93707C46D648F0B00E216A55E96DEB5A17) (Version: 11/21/2013 5.0.22.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net  (02/01/2008 3.10.3.10) (HKLM\...\D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5) (Version: 02/01/2008 3.10.3.10 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\EA3C044F6FD39CEC8F4F596836BF4197E97E1D39) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\E0EAD0CEA9119B77350ED4DE28D9A82E57014D94) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Keyboard (01/10/2014 5.0.8.0) (HKLM\...\ABCCA6C3F97A148D7C69114CB55DFA9D46053BEA) (Version: 01/10/2014 5.0.8.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Multitouch (09/04/2013 5.0.2.0) (HKLM\...\277F15E06E6EEB458048F41BCB8FB843B3241E95) (Version: 09/04/2013 5.0.2.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (09/11/2012 4.0.3.0) (HKLM\...\742CB1BDA52EA9F1BBE482DA6DAA17944652B476) (Version: 09/11/2012 4.0.3.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple SD Card Reader (07/22/2013 1.0.0.1) (HKLM\...\D323E2C0C5E4948B07EE346CF62161281B0A8578) (Version: 07/22/2013 1.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple System Device (05/20/2013 5.0.2.0) (HKLM\...\1A9F109A8ACEE4CA1F898708DBB0FBA6EF0587FC) (Version: 05/20/2013 5.0.2.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (10/29/2011 5.0.0.0) (HKLM\...\551732BB0872DA97E26385C221B172A5BD4DE93C) (Version: 10/29/2011 5.0.0.0 - Apple Inc.)
Windows-Treiberpaket - Atheros Communications Inc. (athr) Net  (11/13/2010 9.2.0.113) (HKLM\...\F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)
Windows-Treiberpaket - Broadcom (b57nd60a) Net  (09/04/2012 15.4.0.17) (HKLM\...\75E64992A03EC5E73D33586790CC506561DCC5DB) (Version: 09/04/2012 15.4.0.17 - Broadcom)
Windows-Treiberpaket - Broadcom (B57ports) Net  (06/16/2009 1.0.0.1) (HKLM\...\FC2077892425ED71A137B1CB6D99A9CA7475435D) (Version: 06/16/2009 1.0.0.1 - Broadcom)
Windows-Treiberpaket - Broadcom (BCM43XX) Net  (11/13/2012 5.106.199.1) (HKLM\...\3D6DDDCF8961C8C866F6660579A59B5B6CFA281F) (Version: 11/13/2012 5.106.199.1 - Broadcom)
Windows-Treiberpaket - Broadcom (BCM43XX) Net  (12/13/2013 6.30.223.215) (HKLM\...\59EE3461B77229A4F846543766A6EFF2F2BAFC6B) (Version: 12/13/2013 6.30.223.215 - Broadcom)
Windows-Treiberpaket - Broadcom Corporation (bScsiSDa) SDHost  (08/14/2012 1.0.0.243) (HKLM\...\ADF3AD5C5705E56E7DEA1447D58EFF216BA1223D) (Version: 08/14/2012 1.0.0.243 - Broadcom Corporation)
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (02/19/2013 6.6001.1.40) (HKLM\...\969EFE1D5E95B01D3C42B9D0363FA64AF9E336E7) (Version: 02/19/2013 6.6001.1.40 - Cirrus Logic, Inc.)
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusLFD) MEDIA  (10/03/2013 6.6001.3.13) (HKLM\...\9EBC96DD99F2C854D540FBF6A16A557BADDBC228) (Version: 10/03/2013 6.6001.3.13 - Cirrus Logic, Inc.)
Windows-Treiberpaket - Intel (e1express) Net  (03/26/2010 9.13.41.0) (HKLM\...\159439476E3A00F9FAE49DD6C1A78F2F6288A5B9) (Version: 03/26/2010 9.13.41.0 - Intel)
Windows-Treiberpaket - Intel (e1kexpress) Net  (04/12/2010 11.6.92.0) (HKLM\...\5BEF08C10896D86DC13394FFA75874564B700368) (Version: 04/12/2010 11.6.92.0 - Intel)
Windows-Treiberpaket - Intel (e1qexpress) Net  (12/04/2009 11.4.7.0) (HKLM\...\57AFA39B22ADEC4E383572E9331167546EB3C9C7) (Version: 12/04/2009 11.4.7.0 - Intel)
Windows-Treiberpaket - Intel (e1rexpress) Net  (01/07/2010 11.4.16.0) (HKLM\...\F71DB41300D30088C8D3716343D1429488E605C1) (Version: 01/07/2010 11.4.16.0 - Intel)
Windows-Treiberpaket - Intel (e1yexpress) Net  (04/07/2010 10.1.9.0) (HKLM\...\CB599752301BCA080D135697FDD05900F5A5CF4C) (Version: 04/07/2010 10.1.9.0 - Intel)
Windows-Treiberpaket - Intel System  (07/20/2007 1.2.76.0) (HKLM\...\E2708073906571A0B56F17FD825EF19281ECE29B) (Version: 07/20/2007 1.2.76.0 - Intel)
Windows-Treiberpaket - Marvell (yukonx64) Net  (12/06/2007 10.51.1.3) (HKLM\...\CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A) (Version: 12/06/2007 10.51.1.3 - Marvell)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

02-05-2015 03:11:53 Entfernt Grand Theft Auto V
05-06-2015 16:30:19 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-04-05 19:25 - 2015-04-05 19:25 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10F538CB-1F8B-4C05-92E1-2661184E69F7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {2433C162-E20C-4976-95A7-CA6E4EFB61B0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {261EF52B-50FE-4447-835F-426227F073B8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {52628DFD-97A5-422C-A180-E94E37044FB4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5689339C-1D9E-4C7E-B9C1-CCC4462784E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-05] (Microsoft Corporation)
Task: {A8AF5B33-9585-4174-9BC0-F2B0181B3585} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {C4974F8F-E503-4B93-A097-B4E50CAE7F72} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {C939A09F-48EF-4709-B308-39530C93656E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-05] (Google Inc.)
Task: {F0DCF074-FD49-4823-BA0E-E4D250525AEB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {F3D2BC8D-8DC3-4478-949E-2B761030B019} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {FE915B36-ED3E-48AF-81EF-7C18D43271FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-05] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-06 13:36 - 2014-02-06 13:36 - 00226112 _____ () C:\Windows\system32\AppleOSSMgr.exe
2015-03-21 13:18 - 2015-03-21 13:18 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-19 23:40 - 2015-02-19 23:40 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-03-21 01:02 - 2015-06-05 21:47 - 41287224 _____ () C:\Users\Alex\AppData\Roaming\Spotify\libcef.dll
2015-03-21 01:02 - 2015-06-05 21:47 - 01488440 _____ () C:\Users\Alex\AppData\Roaming\Spotify\libglesv2.dll
2015-03-21 01:02 - 2015-06-05 21:47 - 00079928 _____ () C:\Users\Alex\AppData\Roaming\Spotify\libegl.dll
2015-03-21 01:02 - 2015-03-21 01:02 - 09305656 _____ () C:\Users\Alex\AppData\Roaming\Spotify\pdf.dll
2015-06-05 16:38 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-06-05 16:38 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2015-02-16 04:19 - 2014-01-31 18:54 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\.apdisk:com.apple.quarantine
AlternateDataStreams: C:\.apdisk:Mac_Metadata
AlternateDataStreams: C:\.fseventsd:Mac_Metadata
AlternateDataStreams: C:\.TemporaryItems:AFP_AfpInfo
AlternateDataStreams: C:\.TemporaryItems:com.apple.quarantine
AlternateDataStreams: C:\.TemporaryItems:Mac_Metadata
AlternateDataStreams: C:\.Trashes:AFP_AfpInfo
AlternateDataStreams: C:\.Trashes:Mac_Metadata

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\87347620.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\87347620.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1144709705-1760910624-3481591003-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [TCP Query User{7D22109F-FE5A-49B1-991C-CFCCA85EF9E4}C:\users\alex\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alex\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{37122F4B-320D-481F-B34B-0AEF312E8F58}C:\users\alex\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alex\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{33613165-00F3-44E2-8488-3F1562294AAD}C:\users\alex\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alex\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{127B22BE-240F-46EE-AA69-B67B9319A443}C:\users\alex\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alex\appdata\roaming\spotify\spotify.exe
FirewallRules: [{97ADBC36-3E15-4C3E-B537-69A03ED7155E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B884E974-81FD-4B0F-BF01-011D06CA754D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3CC872EF-DB8A-47A9-91E1-725E746DBDE1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C1D8C9CA-53F3-4D8B-BD66-FED4741311F7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{91778AC2-CAAD-4AD8-8112-D0F8E38E37AE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{192A93D4-ED32-41C4-B477-A25AD37CFB05}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6E1FE0A6-A1CD-45E0-AEAB-1E63FE0CC89F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B1519D71-F69C-41A5-A62E-8C9E1AA6C209}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F74B579B-7C45-4CDD-96D5-7144400A5BB9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{393041D7-A578-44BA-B206-21E966E101C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C28ED514-E043-4594-8293-88B589D45F93}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6E1E6F92-B6CE-4B09-B0A5-07B89BEF2402}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{26416B90-60F5-4A1F-BA24-E66C08FB00B9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{ADA76F2F-19E4-4140-9813-80C32BA17D83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks.exe
FirewallRules: [{FAC15B39-EC94-4D9A-97D3-D231CE23165C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks.exe
FirewallRules: [{EF34F450-CF51-4CB9-8CD8-553076DA1934}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (06/06/2015 01:06:19 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (06/06/2015 01:06:12 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-06-05 16:41:36.306
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-05 16:41:36.181
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4278U CPU @ 2.60GHz
Percentage of memory in use: 24%
Total physical RAM: 8100.26 MB
Available physical RAM: 6145.86 MB
Total Pagefile: 9380.26 MB
Available Pagefile: 7405.52 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (BOOTCAMP) (Fixed) (Total:84.58 GB) (Free:45.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================

deeprybka 06.06.2015 13:32
Bitte folgende Scans wiederholen:

Schritt 1
  • Schließe alle offenen Programme und Browser.
  • Starte bitte http://filepony.de/icon/adwcleaner.png Adwcleaner.
  • Klicke auf Suchen und warte, bis der Suchlauf abgeschlossen ist.
  • Klicke nun auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
    Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Sx].txt. (x = fortlaufende Nummer).

Schritt 2

http://deeprybka.trojaner-board.de/m...mbamlogo4a.pnghttp://deeprybka.trojaner-board.de/m...mbamlogo4b.png
  • Download und Anleitung
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Gehe zurück zum Armaturenbrett und klicke auf "Jetzt scannen".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben und poste mir das Log.

Alex1996 06.06.2015 14:08
Logs
 
Code:
# AdwCleaner v4.206 - Bericht erstellt 06/06/2015 um 14:56:29
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-05.1 [Server]
# Betriebssystem : Windows 8.1 Pro  (x64)
# Benutzername : Alex - ALEX-MACBOOK
# Gestarted von : C:\Users\Alex\Desktop\adwcleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v43.0.2357.81


*************************

AdwCleaner[R0].txt - [1184 Bytes] - [05/04/2015 18:11:05]
AdwCleaner[R1].txt - [1773 Bytes] - [06/06/2015 02:34:02]
AdwCleaner[R2].txt - [1033 Bytes] - [06/06/2015 02:36:38]
AdwCleaner[R3].txt - [1091 Bytes] - [06/06/2015 14:56:01]
AdwCleaner[S0].txt - [1251 Bytes] - [05/04/2015 18:11:54]
AdwCleaner[S1].txt - [1832 Bytes] - [06/06/2015 02:35:09]
AdwCleaner[S2].txt - [1012 Bytes] - [06/06/2015 14:56:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1071  Bytes] ##########
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 06.06.2015
Suchlauf-Zeit: 14:59:17
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.06.02
Rootkit Datenbank: v2015.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Alex

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 345479
Verstrichene Zeit: 5 Min, 42 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

deeprybka 06.06.2015 17:22
Hi,

Schritt 1
Download von https://sites.google.com/site/canned...b27e2-Zoek.png ZOEK (by Smeenk)
  • Speichere die zoek.exe auf dem Desktop.
  • Bitte deaktiviere während der Verwendung von Zoek Deinen Virenscanner, da dieser Zoek stören könnte.
  • Starte die zoek.exe mit einem Doppelklick und warte bis die Programmoberfläche erscheint (ca. 30 Sekunden)
  • Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
    Code:
    systemspecs;
    filesrcm;
    emptyfolderscheck;delete
    iedefaults;
    CHRdefaults;
    shortcutfix;
    autoclean;
    emptyclsid;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
    Zitat:
    Zoek.exe is running now.
    Do not start any browser windows, they may get closed automatically.
    Please wait! This window will close when finished.
    A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter C:\
  • Bitte poste mir das zoek-results.log.

Alex1996 06.06.2015 21:25
Code:
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Alex on 06.06.2015 at 22:08:41,62.
Microsoft Windows 8.1 Pro 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Alex\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-04-26-143641.log        995 bytes

==== Empty Folders Check ======================

C:\Users\Alex\AppData\Roaming\TaiG deleted successfully
C:\Users\Alex\AppData\Local\Rockstar Games deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\Alex\AppData\Roaming\DVDVideoSoft deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\kgs7OrqP.default\extensions\abs@avira.com deleted

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8101 MB
CPU Info: Intel(R) Core(TM) i5-4278U CPU @ 2.60GHz
CPU Speed: 2600,6 MHz
Sound Card: Kopfhörer (Cirrus Logic CS4208  |
Lautsprecher (Cirrus Logic CS42 |
Digitalaudio (S/PDIF) (Cirrus L |
Display Adapters: Intel(R) Iris(TM) Graphics 5100 | Intel(R) Iris(TM) Graphics 5100 | Intel(R) Iris(TM) Graphics 5100
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1280 X 800 - 32 bit
Network: Network Present
Network Adapters: Virtueller Microsoft-Adapter für direktes WiFi | Broadcom 802.11ac Network Adapter | Bluetooth-Gerät (PAN)
CD / DVD Drives: No optical drives found.
Ports: COM3 | COM4 LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  84,6GB
Hard Disks - Free: C:  45,3GB
Manufacturer *: Apple Inc.
BIOS Info: AT/AT COMPATIBLE |  | APPLE  - 0
Time Zone: Mitteleuropäische Zeit
Motherboard *: Apple Inc. Mac-189A3D4F975D5FFC
Country: Deutschland
Language: DEU

==== System Specs (Software) ======================

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome        43.0.2357.81
Internet Explorer Version: 11.0.9600.17801
Google Chrome version: 43.0.2357.81
Sun Java version: 1.8.0_45 (32-bit)
Sun Java version: 1.8.0_45 (64-bit)

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Alex\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-06-05 14:42:11        E99049F129B1DE728BE33BA4AF1F353B        97888        ----a-w-        C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-05 14:34:21        A8B72561E67739D416C4BB3A62EC7331        102608        ----a-w-        C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-05 14:10:55        3250046189DF6429ECD93D9B483C62C7        1943040        ----a-w-        C:\Windows\SysWOW64\dwmcore.dll
2015-06-05 14:10:37        CB07788DF1639ED547F645403BECD759        141824        ----a-w-        C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-06-05 14:10:37        7C29FBB11679B9B4F08D5AA771DABD90        358912        ----a-w-        C:\Windows\SysWOW64\schannel.dll
2015-06-05 14:10:32        F601DD8702FB90928A4069AAF3329D2D        1560576        ----a-w-        C:\Windows\SysWOW64\DWrite.dll
2015-06-05 14:10:32        697177C5242095DBDB3A3B52DD27C400        1207296        ----a-w-        C:\Windows\SysWOW64\dbghelp.dll
2015-06-05 14:10:32        69304975B8DF00BDC9567AAAF97791F2        1812992        ----a-w-        C:\Windows\SysWOW64\SRH.dll
2015-06-05 14:10:32        3C2B9089839D283DD6F91CF5F0748D1D        2985984        ----a-w-        C:\Windows\SysWOW64\dbgeng.dll
2015-06-05 14:10:26        95AB9B30166221ED22E43290D47198CD        364544        ----a-w-        C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-06-05 14:10:25        D74445161E58644309F858342F5E265C        19691008        ----a-w-        C:\Windows\SysWOW64\mshtml.dll
2015-06-05 14:10:24        6E2B4875B968324E5844F35A37A79260        4305920        ----a-w-        C:\Windows\SysWOW64\jscript9.dll
2015-06-05 14:10:24        0E22CD36FC3292CB812CC46CBCFD8444        12828672        ----a-w-        C:\Windows\SysWOW64\ieframe.dll
2015-06-05 14:10:23        F7F090E8B59FEFC50BE6F2A1ABB1ED5D        230400        ----a-w-        C:\Windows\SysWOW64\webcheck.dll
2015-06-05 14:10:23        F2DB87F164BC13AB8EF90FBF5D866B65        664576        ----a-w-        C:\Windows\SysWOW64\jscript.dll
2015-06-05 14:10:23        D8CAF4753CD2456C761E6761F2C713EE        128000        ----a-w-        C:\Windows\SysWOW64\iepeers.dll
2015-06-05 14:10:23        CFCB89C0FE8EF502A7934C0D20E5DBD6        76288        ----a-w-        C:\Windows\SysWOW64\mshtmled.dll
2015-06-05 14:10:23        CB5F450D21B9D76B7F01D006E4AEDB40        1882112        ----a-w-        C:\Windows\SysWOW64\wininet.dll
2015-06-05 14:10:23        C525258A00ECFB4CE089F54C163268C3        2278400        ----a-w-        C:\Windows\SysWOW64\iertutil.dll
2015-06-05 14:10:23        C2EB0AA5570CF8BC881B36EE55A59337        688640        ----a-w-        C:\Windows\SysWOW64\msfeeds.dll
2015-06-05 14:10:23        C1A32612710492D0C3339E46EC15E333        504320        ----a-w-        C:\Windows\SysWOW64\vbscript.dll
2015-06-05 14:10:23        AA2F2D55DEF98007839D0189D721D70B        1310208        ----a-w-        C:\Windows\SysWOW64\urlmon.dll
2015-06-05 14:10:23        8004E2E3D4DFEE81D6E102C537568AEC        327168        ----a-w-        C:\Windows\SysWOW64\iedkcs32.dll
2015-06-05 14:10:23        7B4FA4B41FBDBB12C5038FCB6E6652AA        285696        ----a-w-        C:\Windows\SysWOW64\dxtrans.dll
2015-06-05 14:10:23        63A2E3E9C771B1D4D7D84942D6FCB661        710144        ----a-w-        C:\Windows\SysWOW64\ieapfltr.dll
2015-06-05 14:10:23        48143005C6FCE6D252162EE371532063        880128        ----a-w-        C:\Windows\SysWOW64\inetcomm.dll
2015-06-05 14:10:23        136687227F11CE928CB05F4FD90319AC        2052608        ----a-w-        C:\Windows\SysWOW64\inetcpl.cpl
2015-06-05 14:10:23        07E82A31808C8BC053D1DE547082C58F        341504        ----a-w-        C:\Windows\SysWOW64\html.iec
2015-06-05 14:10:22        96111DD5552A2A1DC02FC090EF80AF2D        324096        ----a-w-        C:\Windows\SysWOW64\certcli.dll
2015-06-05 14:10:21        0FDCB0931B57280D59942556A6706372        21504        ----a-w-        C:\Windows\SysWOW64\sdbinst.exe
2015-06-05 14:10:21        032D9982B72E4F9A9B62A43B4CEDB072        1969664        ----a-w-        C:\Windows\SysWOW64\wpdshext.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-06-05 14:34:21        5461373AB510F4C22CE61EB7965BE8F2        124112        ----a-w-        C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll
2015-06-05 14:10:59        F0CACB26E37A19A8049F7C4448ECC2F5        1119232        ----a-w-        C:\Windows\Sysnative\aeinv.dll
2015-06-05 14:10:59        E87D4371B24BC9E5BAE95AEA60FFD959        193536        ----a-w-        C:\Windows\Sysnative\aepic.dll
2015-06-05 14:10:59        16D44C27EE81892ED918DA21544665DC        1020928        ----a-w-        C:\Windows\Sysnative\appraiser.dll
2015-06-05 14:10:59        009FD5658121B32791D55D0F34B63883        700416        ----a-w-        C:\Windows\Sysnative\generaltel.dll
2015-06-05 14:10:58        FC504D3310BBDABA4449C598C3F8113B        45568        ----a-w-        C:\Windows\Sysnative\acmigration.dll
2015-06-05 14:10:58        ACDA86BD8FE54376586173BD55F678F9        756736        ----a-w-        C:\Windows\Sysnative\invagent.dll
2015-06-05 14:10:58        2C14C7A76B728DF9F2A0425166FDEE8F        422912        ----a-w-        C:\Windows\Sysnative\devinv.dll
2015-06-05 14:10:56        90BFB92CF2AB75A01BF40D22BD1670A8        227328        ----a-w-        C:\Windows\Sysnative\aepdu.dll
2015-06-05 14:10:55        3DB29814EA5A2091425200B58E25BA15        2256896        ----a-w-        C:\Windows\Sysnative\dwmcore.dll
2015-06-05 14:10:37        A709D50BD3125B53283220BA44B78690        116736        ----a-w-        C:\Windows\Sysnative\SystemSettingsDatabase.dll
2015-06-05 14:10:37        7E36F0698777668A09DD316E59807E0E        172544        ----a-w-        C:\Windows\Sysnative\Windows.UI.Input.Inking.dll
2015-06-05 14:10:37        62E3FCC2789CA52AA8A59122FDFCE26E        429568        ----a-w-        C:\Windows\Sysnative\schannel.dll
2015-06-05 14:10:37        4658D596725A71521971054D3AF1DCD0        2819584        ----a-w-        C:\Windows\Sysnative\SettingsHandlers.dll
2015-06-05 14:10:32        8442CC9A31FC381255B98D615E49EF82        2162176        ----a-w-        C:\Windows\Sysnative\SRH.dll
2015-06-05 14:10:32        7719BBE3BDA2171FF0955171D9460D26        4180480        ----a-w-        C:\Windows\Sysnative\win32k.sys
2015-06-05 14:10:32        6C068E7207F183FF3647E45D2599E80C        1387008        ----a-w-        C:\Windows\Sysnative\FntCache.dll
2015-06-05 14:10:32        48CC2698381AA1F6FBE0D78507281B40        4417536        ----a-w-        C:\Windows\Sysnative\dbgeng.dll
2015-06-05 14:10:32        4829F2EFACF23F63D6D85B7F1084FB70        1996800        ----a-w-        C:\Windows\Sysnative\DWrite.dll
2015-06-05 14:10:32        161156327265FB02A820506B98DA7A07        1491456        ----a-w-        C:\Windows\Sysnative\dbghelp.dll
2015-06-05 14:10:26        B023C38663271E79FC2A9B63F6FE6417        445440        ----a-w-        C:\Windows\Sysnative\PhotoMetadataHandler.dll
2015-06-05 14:10:25        C31D57F7A58FACDA2671075CEBA75199        24971776        ----a-w-        C:\Windows\Sysnative\mshtml.dll
2015-06-05 14:10:24        E061B5A1D0F9BBACA41149201ADF4A3B        14401536        ----a-w-        C:\Windows\Sysnative\ieframe.dll
2015-06-05 14:10:24        79A4C71CD8B610DE9F66B72B5654C450        6025728        ----a-w-        C:\Windows\Sysnative\jscript9.dll
2015-06-05 14:10:23        F918BE3C5ACA0B6485D725CC1A5348DC        2125824        ----a-w-        C:\Windows\Sysnative\inetcpl.cpl
2015-06-05 14:10:23        F0289B3A341429117696F0279DA977B6        2352128        ----a-w-        C:\Windows\Sysnative\wininet.dll
2015-06-05 14:10:23        ED4EB5A0CDD251A17B946C515CB94D70        1547264        ----a-w-        C:\Windows\Sysnative\urlmon.dll
2015-06-05 14:10:23        EB9FCD39D65E23380CB2C2F0E6F2ED53        316928        ----a-w-        C:\Windows\Sysnative\dxtrans.dll
2015-06-05 14:10:23        E20B5098C8707B2CF0858024568234FF        801280        ----a-w-        C:\Windows\Sysnative\msfeeds.dll
2015-06-05 14:10:23        C1D6BD834E69E8F77C8B4DDFCEE073F6        417792        ----a-w-        C:\Windows\Sysnative\html.iec
2015-06-05 14:10:23        B85ECB91C88F6E74045061B7F7DDEFA2        584192        ----a-w-        C:\Windows\Sysnative\vbscript.dll
2015-06-05 14:10:23        AB8DF81AC1BF4546C3102469B840009E        145408        ----a-w-        C:\Windows\Sysnative\iepeers.dll
2015-06-05 14:10:23        8541124139D68239B1EDE3E490367A6C        107520        ----a-w-        C:\Windows\Sysnative\inseng.dll
2015-06-05 14:10:23        843D063E75B19188759CBEC82828BCB1        2885120        ----a-w-        C:\Windows\Sysnative\iertutil.dll
2015-06-05 14:10:23        673582881DAC4B27E9368BC8834507DD        374272        ----a-w-        C:\Windows\Sysnative\iedkcs32.dll
2015-06-05 14:10:23        63061A0826839DE8F5B4713976C99F1B        816640        ----a-w-        C:\Windows\Sysnative\jscript.dll
2015-06-05 14:10:23        5EDC6AF7589B65C89CB1154B3377D0C4        720384        ----a-w-        C:\Windows\Sysnative\ie4uinit.exe
2015-06-05 14:10:23        49B1935F131A44CD29857D6900CB643F        800768        ----a-w-        C:\Windows\Sysnative\ieapfltr.dll
2015-06-05 14:10:23        1D610F215769E4FF56C7B1847DE4B86D        633856        ----a-w-        C:\Windows\Sysnative\ieui.dll
2015-06-05 14:10:23        1921A72BF1273BED72E569EF1F1A0611        92160        ----a-w-        C:\Windows\Sysnative\mshtmled.dll
2015-06-05 14:10:23        14673D16D433373898FE3006C5A01157        1032704        ----a-w-        C:\Windows\Sysnative\inetcomm.dll
2015-06-05 14:10:23        0D2B130C7B5BCEC85D7A789A4338F9B7        262144        ----a-w-        C:\Windows\Sysnative\webcheck.dll
2015-06-05 14:10:22        CBB2FE432D81825C174A65DCE538A610        1441792        ----a-w-        C:\Windows\Sysnative\lsasrv.dll
2015-06-05 14:10:22        9D17F78BB04A3EF67426AFD087660188        410017        ----a-w-        C:\Windows\Sysnative\ApnDatabase.xml
2015-06-05 14:10:22        2DDC7AE2C753033E5EC95F3358358043        445440        ----a-w-        C:\Windows\Sysnative\certcli.dll
2015-06-05 14:10:21        E0C7813A97CA7947FF5C18A8F3B61A45        410128        ----a-w-        C:\Windows\Sysnative\services.exe
2015-06-05 14:10:21        952D277678FC177CA8549B92A01C4C2C        24576        ----a-w-        C:\Windows\Sysnative\sdbinst.exe
2015-06-05 14:10:21        0F5DF8F08C138D9E1DE88984FEAA1B96        1696256        ----a-w-        C:\Windows\Sysnative\wevtsvc.dll
2015-06-05 14:10:21        0BB6089A1AEE468209FE22E29E6B87BD        2067968        ----a-w-        C:\Windows\Sysnative\wpdshext.dll
2015-06-05 14:10:21        053EF531F55B508343BB3CA91386C1C7        186368        ----a-w-        C:\Windows\Sysnative\dpapisrv.dll
====== C:\Windows\Sysnative\drivers =====
2015-06-06 00:38:24        E9CD058C79EA15B4AA93E259FA713B07        136408        ----a-w-        C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-06-06 00:38:15        54D70409DE6932E9EFA117779611E7A9        107736        ----a-w-        C:\Windows\Sysnative\drivers\mbamchameleon.sys
2015-06-06 00:38:15        28B597A61C9AC9B59BC0573D70A62CBF        64216        ----a-w-        C:\Windows\Sysnative\drivers\mwac.sys
2015-06-06 00:38:15        1E9E32AEC3E1EB1B31B8169F33168B56        25816        ----a-w-        C:\Windows\Sysnative\drivers\mbam.sys
2015-06-05 14:10:54        95B0179BDA907252025DEEA183699FB3        467776        ----a-w-        C:\Windows\Sysnative\drivers\USBHUB3.SYS
2015-06-05 14:10:53        272A62B660A48AEF366F8A1836CED19F        57856        ----a-w-        C:\Windows\Sysnative\drivers\bthhfenum.sys
2015-06-05 14:10:37        FE14D249D39368CA62D8DA6BC94AC694        80384        ----a-w-        C:\Windows\Sysnative\drivers\ahcache.sys
2015-06-05 14:10:26        C61EAF8E1E4B2F62BA4FDF457440B2C6        316416        ----a-w-        C:\Windows\Sysnative\drivers\udfs.sys
2015-06-05 14:10:22        5E5AB950693F2C6D6ACBEE3A74697ED7        561928        ----a-w-        C:\Windows\Sysnative\drivers\cng.sys
2015-06-05 14:10:21        C54B6B2170BF628FD42F799A66956D75        239424        ----a-w-        C:\Windows\Sysnative\drivers\sdbus.sys
2015-06-05 14:10:21        95E295FD19F80B3AD33629B5AEFEC9C7        154432        ----a-w-        C:\Windows\Sysnative\drivers\dumpsd.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-05-12 21:04:14        --------        d-----w-        C:\Program Files\iTunes
2015-05-12 21:04:14        --------        d-----w-        C:\Program Files\iPod
======= C:\PROGRA~2 =====
2015-06-05 14:48:37        --------        d-----w-        C:\PROGRA~2\NVIDIA Corporation
2015-06-05 14:48:34        --------        d-----w-        C:\PROGRA~2\COMMON~1\Wise Installation Wizard
2015-06-05 14:42:12        --------        d-----w-        C:\PROGRA~2\COMMON~1\Java
2015-06-05 14:41:58        --------        d-----w-        C:\PROGRA~2\Java
2015-05-12 21:04:14        --------        d-----w-        C:\PROGRA~2\iTunes
======= C: =====
====== C:\Users\Alex\AppData\Roaming ======
2015-06-05 20:12:43        --------        d-----w-        C:\Users\Alex\AppData\Local\GWX
2015-06-05 14:41:31        --------        d-----w-        C:\Users\Alex\AppData\Locallow\Sun
2015-05-12 21:08:27        --------        d-----w-        C:\Users\Alex\AppData\Roaming\WindSolutions
====== C:\Users\Alex ======
2015-06-06 11:08:51        B5A2C2A16026104DF285A0E5176E0217        2108928        ----a-w-        C:\Users\Alex\Desktop\FRST64.exe
2015-06-06 00:37:35        6CDEAC78E5677E304477FB36351C3195        21546080        ----a-w-        C:\Users\Alex\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-06 00:33:34        D56605A4F5CE2DBEBA1540304827B394        2231296        ----a-w-        C:\Users\Alex\Desktop\adwcleaner_4.206.exe
2015-06-06 00:20:23        9C5DAAED3B3C06DBC95228CC407B8B70        4197016        ----a-w-        C:\Users\Alex\Downloads\tdsskiller.exe
2015-06-05 14:42:12        --------        d-----w-        C:\ProgramData\Sun
2015-06-05 14:42:05        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-05 14:41:59        --------        d-----w-        C:\ProgramData\Oracle
2015-06-05 14:41:27        EE001F0D8A06518EB2A133741F265BEC        562272        ----a-w-        C:\Users\Alex\Downloads\chromeinstall-8u45.exe
2015-06-05 14:26:09        F0EFBEDB53BB85A8EB0314B72FEE6461        152430272        ----a-w-        C:\Users\Alex\Downloads\vr_db_br120_ic_el_en_de_v2.exe
2015-05-12 21:07:52        --------        d-----w-        C:\ProgramData\WindSolutions
2015-05-12 21:04:22        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-12 21:04:14        --------        d-----w-        C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

====== C: exe-files ==
2015-06-06 11:28:08        B1798BC27E40983B12FEFD0D85C05B3F        873800        ----a-w-        C:\Users\Alex\AppData\Local\Google\Chrome\User Data\SwReporter\3.21.0\software_reporter_tool.exe
2015-06-06 11:08:51        B5A2C2A16026104DF285A0E5176E0217        2108928        ----a-w-        C:\Users\Alex\Desktop\FRST64.exe
2015-06-06 00:37:35        6CDEAC78E5677E304477FB36351C3195        21546080        ----a-w-        C:\Users\Alex\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-06 00:33:34        D56605A4F5CE2DBEBA1540304827B394        2231296        ----a-w-        C:\Users\Alex\Desktop\adwcleaner_4.206.exe
2015-06-06 00:20:23        9C5DAAED3B3C06DBC95228CC407B8B70        4197016        ----a-w-        C:\Users\Alex\Downloads\tdsskiller.exe
2015-06-05 14:42:05        EED888394AC81A663F12C6EC43AB2838        0        ----a-we        C:\ProgramData\Oracle\Java\javapath\javaw.exe
2015-06-05 14:42:05        4586CD8F1C929EF184098A22FE31A857        0        ----a-we        C:\ProgramData\Oracle\Java\javapath\javaws.exe
2015-06-05 14:42:05        1E2E159D0621A466CFA7CE06E4DA9CAE        0        ----a-we        C:\ProgramData\Oracle\Java\javapath\java.exe
2015-06-05 14:42:02        FF589C55E0CB6A0A1BD9570217BB1A42        15968        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\tnameserv.exe
2015-06-05 14:42:02        FD8978875A992C876AF430B35DF9CFA7        15456        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\pack200.exe
2015-06-05 14:42:02        EF66D96BC42BCE52686A7635AB11D8DD        68192        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe
2015-06-05 14:42:02        EED888394AC81A663F12C6EC43AB2838        191072        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaw.exe
2015-06-05 14:42:02        D3DA34876B7F6D06D26D29CA77BD25A2        15456        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\ktab.exe
2015-06-05 14:42:02        CF683290B3369A1491A5B8B4D19F79B3        15456        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\jjs.exe
2015-06-05 14:42:02        C57CA849D13177E1F43CFEF51374F1EE        159328        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\unpack200.exe
2015-06-05 14:42:02        B66ED84383EA6C6218CA47BC49C15615        50784        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssvagent.exe
2015-06-05 14:42:02        A1A1BC927541346D840BBB511F557848        15968        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\policytool.exe
2015-06-05 14:42:02        98903A3C01AA820E7FCC19A0A60126C0        15456        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\klist.exe
2015-06-05 14:42:02        5DF39BE82C777B7EDAD34E3A7A7EADB7        15456        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\rmid.exe
2015-06-05 14:42:02        4EA6A4DD2EB584C4C2BF39A9A7D0D580        15456        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\keytool.exe
2015-06-05 14:42:02        4586CD8F1C929EF184098A22FE31A857        271968        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaws.exe
2015-06-05 14:42:02        3C0A1F0D13A8998E9A1825A853FF3B39        15456        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\kinit.exe
2015-06-05 14:42:02        2682BB5D60C30DCB5A2BC414D01D6764        15968        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\rmiregistry.exe
2015-06-05 14:42:02        1F29E31C6B9A487FF32006C4E223BA4F        15968        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\orbd.exe
2015-06-05 14:42:02        1E2E159D0621A466CFA7CE06E4DA9CAE        190560        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.exe
2015-06-05 14:42:02        1CCD26E1E9FC582ABAA5D5FD1FA47A6B        76384        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe
2015-06-05 14:42:02        134D4B0A753808F8F8645DCF3FA00173        15968        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\servertool.exe
2015-06-05 14:42:01        F16868F20E4701142FAEF8C9FA847D27        30304        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\jabswitch.exe
2015-06-05 14:42:01        88FFC43B0E3BB3E30F70CB7B08D499B4        15456        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\bin\java-rmi.exe
2015-06-05 14:41:27        EE001F0D8A06518EB2A133741F265BEC        562272        ----a-w-        C:\Users\Alex\Downloads\chromeinstall-8u45.exe
2015-06-05 14:40:44        2B44803FDA1C3C49D682F43498CF4EF8        70577        ----a-w-        C:\Users\Alex\Downloads\installer\installer.exe
2015-06-05 14:38:21        50789BAB9D44E5AA4E87977D5B3DD309        6779984        ----a-w-        C:\Program Files (x86)\Google\Update\Install\{0DD2C743-50D6-4A98-A1D4-98F96EED4957}\43.0.2357.81_42.0.2311.135_chrome_updater.exe
2015-06-05 14:38:21        50789BAB9D44E5AA4E87977D5B3DD309        6779984        ----a-w-        C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\43.0.2357.81\43.0.2357.81_42.0.2311.135_chrome_updater.exe
2015-06-05 14:37:54        4BC94AB5B17F097B4378D7472C04AF33        95744        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RWAceTool.exe
2015-06-05 14:37:52        720F77418592C86E24116BBA2310AF85        24576        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\xls2lan.exe
2015-06-05 14:37:50        2E5A2491F1565D250415E3E9A7FE395A        114688        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\luac.exe
2015-06-05 14:37:43        19A9F1FFB9929397352B3D510062F9A6        186880        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\serz.exe
2015-06-05 14:37:31        B9F6EBE8D65EBAADFC56297E914CFE67        23040        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\NameMyRoute.exe
2015-06-05 14:37:30        3C1C42CA92A28D7EA1EB097A775DEC06        41032        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\SerzMaster.exe
2015-06-05 14:37:30        2F77970A03957DE498921A0CA0BCCFE4        77824        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\WiperMotion.exe
2015-06-05 14:37:30        0041DA6F52282603CC800688E88589E3        38912        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\StringExtractor.exe
2015-06-05 14:37:14        22668F428F7C1464FF3741AA384276DB        31232        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\IAOptimiser.exe
2015-06-05 14:36:54        E84C9CF1B71D6C6CA5145B5850BB039C        64512        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\LogMate.exe
2015-06-05 14:36:09        69875E1E0E719F0EF96B266AC12B9A86        80896        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\ConvertToTG.exe
2015-06-05 14:36:09        1A05D75E32B59FEBA66833AC50150AAC        41984        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\ConvertToDav.exe
2015-06-05 14:36:00        52E2C6EEDA7F2225037CDEC2103FCDD0        20552        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\ApplyXSL.exe
2015-06-05 14:26:09        F0EFBEDB53BB85A8EB0314B72FEE6461        152430272        ----a-w-        C:\Users\Alex\Downloads\vr_db_br120_ic_el_en_de_v2.exe
2015-06-05 14:13:39        F6EEE6848E933962E12E7B3F25C73C88        88392        ----atw-        C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateBroker.exe
2015-06-05 14:13:39        C990A8EAD57DA59FA8156CC02D3B7DA5        931408        ----a-w-        C:\Program Files (x86)\Google\Update\Install\{BCDA4E17-E4F7-4706-A162-72BEB7960BC0}\GoogleUpdateSetup.exe
2015-06-05 14:13:39        C990A8EAD57DA59FA8156CC02D3B7DA5        931408        ----a-w-        C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.27.5\GoogleUpdateSetup.exe
2015-06-05 14:13:39        C990A8EAD57DA59FA8156CC02D3B7DA5        931408        ----a-w-        C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateSetup.exe
2015-06-05 14:13:39        BB3045B399D898061B926B447C446E05        127816        ----atw-        C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateComRegisterShell64.exe
2015-06-05 14:13:39        8715A0D10CFFC8DEE923957F07DAA042        244040        ----atw-        C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
2015-06-05 14:13:39        6732C4A894855042FD3618406B6BBD48        88392        ----atw-        C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe
2015-06-05 14:13:39        6509A96DAE25340772B51AC020CB1094        304968        ----atw-        C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
2015-06-05 14:13:39        0C03FB91E17987EED93F60007B08DAA0        144200        ----atw-        C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdate.exe
2015-06-05 14:13:39        0894890F30B5F6510DF953BC50B5504F        88392        ----atw-        C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateWebPlugin.exe
2015-06-05 14:11:10        CEDE02D7AF62449A2C38C49ABECC0CD3        4995416        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\Install\vcredist_x86.exe
2015-06-05 14:11:10        C0FCE9D7D1B502B8B6C2C7D5A8FB2B07        716800        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\Utilities.exe
2015-06-05 14:11:10        BF3F290275C21BDD3951955C9C3CF32C        517976        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\Install\DirectX9\DXSETUP.exe
2015-06-05 14:11:10        A91DC17D650098CD3273B78DC1F36932        34013024        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\Install\PhysX_9.10.0513_SystemSoftware.exe
2015-06-05 14:11:10        536881F116B3B74DB9A89BB353DE67FC        852480        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\ConvertToGEO.exe
2015-06-05 14:11:10        421246EF525A0207A914018DF8B773AD        815616        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\BlueprintEditor2.exe
2015-06-05 14:11:10        31736F588499FC44E12A4E3E3613D609        379392        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks.exe
2015-06-05 14:11:10        251743DFD3FDA414570524BAC9E55381        50449456        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\Install\dotNetFx40_Full_x86_x64.exe
2015-06-05 14:10:52        57ABF04B01CBA20B76F3EE89C18C6612        474624        ----a-w-        C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
2015-06-05 14:10:37        E022185998E5BC0F2EBD8F5875747D3E        87296        ----a-w-        C:\Windows\ImmersiveControlPanel\SystemSettings.exe
2015-06-05 14:10:23        5EDC6AF7589B65C89CB1154B3377D0C4        720384        ----a-w-        C:\Windows\System32\ie4uinit.exe
2015-06-05 14:10:21        E0C7813A97CA7947FF5C18A8F3B61A45        410128        ----a-w-        C:\Windows\System32\services.exe
2015-06-05 14:10:21        952D277678FC177CA8549B92A01C4C2C        24576        ----a-w-        C:\Windows\System32\sdbinst.exe
2015-06-05 14:10:21        0FDCB0931B57280D59942556A6706372        21504        ----a-w-        C:\Windows\SysWOW64\sdbinst.exe
2015-06-05 14:10:20        F4E3D5003DE8FB0D6C4EC11B4DFC5F77        406528        ----a-w-        C:\Windows\SysWOW64\GWX\GWX.exe
2015-06-05 14:10:20        B94C770978AD994F419D92FE24FD3F0F        360240        ----a-w-        C:\Windows\System32\GWX\GWXUXWorker.exe
2015-06-05 14:10:20        9FCD33F6C4765C8EAEEA7E152D1E2E75        401408        ----a-w-        C:\Windows\System32\GWX\GWXUX.exe
2015-06-05 14:10:20        2B0C2B239CE5603F7F7FD57F54E841C8        666624        ----a-w-        C:\Windows\System32\GWX\GWXConfigManager.exe
2015-06-05 14:10:20        0AD060F08BC0008DA1B0FECA0015F270        475648        ----a-w-        C:\Windows\System32\GWX\GWX.exe
2015-06-05 14:10:06        3E4D0668C6E0AFD10AFF52C134AC3CC8        2138112        ----a-w-        C:\Program Files\Windows Journal\Journal.exe
=== C: other files ==
2015-06-06 13:01:06        192045D93E08CFF92230B744D06176DE        4115944        ----a-w-        C:\Users\Alex\Downloads\rcsetup1.5.2_slim.zip
2015-06-06 00:38:24        E9CD058C79EA15B4AA93E259FA713B07        136408        ----a-w-        C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-06-06 00:38:15        54D70409DE6932E9EFA117779611E7A9        107736        ----a-w-        C:\Windows\System32\drivers\mbamchameleon.sys
2015-06-06 00:38:15        28B597A61C9AC9B59BC0573D70A62CBF        64216        ----a-w-        C:\Windows\System32\drivers\mwac.sys
2015-06-06 00:38:15        1E9E32AEC3E1EB1B31B8169F33168B56        25816        ----a-w-        C:\Windows\System32\drivers\mbam.sys
2015-06-05 14:42:02        5DDC15149346900F16B38C65502BACA9        14130        ----a-w-        C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\ffjcext.zip
2015-06-05 14:37:48        0F0810841FF01007659FEB4DA9EF9B00        5222        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\dev\Shaders\Compile.bat
2015-06-05 14:37:19        5A100F72D3747C027F0D48E69F82A2AE        281        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\luac.bat
2015-06-05 14:37:11        B388096B818351F6767D6C58C0AF2D56        287        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\dev\Shaders\CompileAllDebug.bat
2015-06-05 14:37:11        399C2BE777CFD2F5EEBE6F530D856BCE        281        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\dev\Shaders\CompileAllOptimized.bat
2015-06-05 14:36:46        C4FC36815FB9FB8B89ECA3D9D738C6CD        59        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\dev\Shaders\CompileOneDebug.bat
2015-06-05 14:36:44        B1B2190DAD4FB0ACFB4F3C1910F0CE89        51        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\dev\Shaders\CompileOneOptimized.bat
2015-06-05 14:36:10        5FE7C5A46BB440257F67BF9715E2CF15        298        ----a-w-        C:\Program Files (x86)\Steam\steamapps\common\RailWorks\ConvertDDSToTG.bat
2015-06-05 14:21:43        7FCD704429A1D7353622345FBA4B0ACC        53181        ----a-w-        C:\Users\Alex\Downloads\installer.zip
2015-06-05 14:10:54        95B0179BDA907252025DEEA183699FB3        467776        ----a-w-        C:\Windows\System32\drivers\USBHUB3.SYS
2015-06-05 14:10:53        272A62B660A48AEF366F8A1836CED19F        57856        ----a-w-        C:\Windows\System32\drivers\bthhfenum.sys
2015-06-05 14:10:37        FE14D249D39368CA62D8DA6BC94AC694        80384        ----a-w-        C:\Windows\System32\drivers\ahcache.sys
2015-06-05 14:10:32        7719BBE3BDA2171FF0955171D9460D26        4180480        ----a-w-        C:\Windows\System32\win32k.sys
2015-06-05 14:10:26        C61EAF8E1E4B2F62BA4FDF457440B2C6        316416        ----a-w-        C:\Windows\System32\drivers\udfs.sys
2015-06-05 14:10:22        5E5AB950693F2C6D6ACBEE3A74697ED7        561928        ----a-w-        C:\Windows\System32\drivers\cng.sys
2015-06-05 14:10:21        C54B6B2170BF628FD42F799A66956D75        239424        ----a-w-        C:\Windows\System32\drivers\sdbus.sys
2015-06-05 14:10:21        95E295FD19F80B3AD33629B5AEFEC9C7        154432        ----a-w-        C:\Windows\System32\drivers\dumpsd.sys

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.81

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

Tampermonkey - Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
AdBlock - Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Bookmark Manager - Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Chrome Hotword Shared Module - Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Simple Startup Password - Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojoalkffommhmdmbohjphohoejjmgepc
Battlefield 4 - Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pecgmdpcolnkkmjanbjmpblniokfddgf

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="hxxp://www.google.com/search?q={searchTerms}"
{0191A6B0-1154-4C22-9182-23A95BBE92D9} Google  Url="hxxp://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Alex\Desktop\GTA Online.lnk - C:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe -StraightIntoFreemode
C:\Users\Alex\Desktop\Spotify.lnk - C:\Users\Alex\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Alex\Desktop\TreeSize Free.lnk - C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Aerosoft Launcher.lnk - C:\Program Files (x86)\Aerosoft\Launcher\aeroSOFTLauncher.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Intel(R) Iris(TM) Graphics Control Panel.lnk - C:\Windows\system32\igfxstarter.exe Desktop
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Microsoft-Maus- und Tastatur-Center installieren.lnk - 
C:\Users\Public\Desktop\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Public\Desktop\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\Alex\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk - 
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Über iTunes.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Auf Updates prüfen.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Besuchen Sie Java.com.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Hilfe aufrufen.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Info zu Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Java konfigurieren.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware entfernen.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies3\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies3\Uninstall Kies 3.lnk - C:\Program Files (x86)\InstallShield Installation Information\{88547073-C566-4895-9005-EBE98EA3F7C7}\setup.exe /removeonly
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk - 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in Quick Launch ======================

C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 
C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - 
C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - 
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - 

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Alex\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Alex\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Alex\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Alex\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=126 folders=42 16617469 bytes)

==== Empty Temp Folders ======================

C:\Users\Alex\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Alex\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on 06.06.2015 at 22:19:06,02 ======================

deeprybka 07.06.2015 16:05
Hi,

Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Alle Zeitangaben in WEZ +1. Es ist jetzt 19:09 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131