Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Angeblich nymaim Trojaner eingefangen (https://www.trojaner-board.de/164301-angeblich-nymaim-trojaner-eingefangen.html)

DaWallace 28.02.2015 15:42
Alles erledigt:

MBam
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 28.02.2015
Suchlauf-Zeit: 15:10:38
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.28.03
Rootkit Datenbank: v2015.02.25.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Wallace

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 356362
Verstrichene Zeit: 7 Min, 39 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 3
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [9f34879c7119989e4f6cc38a1de6c43c],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [9f34879c7119989e4f6cc38a1de6c43c],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3810334735-2351705608-1866539249-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT, In Quarantäne, [b41fee35682296a0547fa34525de5aa6],

Registrierungswerte: 2
PUP.Optional.NextLive.A, HKU\S-1-5-21-3810334735-2351705608-1866539249-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NextLive, C:\Windows\SysWOW64\rundll32.exe "C:\Users\Wallace\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l, In Quarantäne, [9e35e93ab2d8f145f6f5443969983fc1]
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3810334735-2351705608-1866539249-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT|Install, 1, In Quarantäne, [b41fee35682296a0547fa34525de5aa6]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 2
PUP.Optional.NextLive.A, C:\Users\Wallace\AppData\Roaming\newnext.me, In Quarantäne, [1fb4eb3893f74ee8f9a651113dc69769],
PUP.Optional.NextLive.A, C:\Users\Wallace\AppData\Roaming\newnext.me\cache, In Quarantäne, [1fb4eb3893f74ee8f9a651113dc69769],

Dateien: 5
PUP.Optional.NextLive.A, C:\Users\Wallace\AppData\Roaming\newnext.me\nengine.dll, In Quarantäne, [9e35e93ab2d8f145f6f5443969983fc1],
PUP.Optional.NextLive.A, C:\Program Files (x86)\Mobogenie\nengine.dll, In Quarantäne, [f4df3fe4e4a6979fc5263b42a8599f61],
PUP.Optional.NextLive.A, C:\Users\Wallace\AppData\Local\genienext\nengine.dll, In Quarantäne, [528169ba711978be1bd08bf256aba65a],
PUP.Optional.NextLive.A, C:\Users\Wallace\AppData\Roaming\newnext.me\nengine.cookie, In Quarantäne, [1fb4eb3893f74ee8f9a651113dc69769],
PUP.Optional.NextLive.A, C:\Users\Wallace\AppData\Roaming\newnext.me\cache\spark.bin, In Quarantäne, [1fb4eb3893f74ee8f9a651113dc69769],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

ADWCleaner
Code:
# AdwCleaner v4.111 - Bericht erstellt 28/02/2015 um 15:28:27
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Wallace - DRAGON64
# Gestarted von : C:\Users\Wallace\Desktop\AdwCleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Users\Wallace\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Wallace\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Wallace\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Wallace\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Wallace\Documents\Mobogenie
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Wallace\daemonprocess.txt
Datei Gelöscht : C:\Users\Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\9r3ecmn6.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v36.0 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [2666 Bytes] - [28/02/2015 15:25:57]
AdwCleaner[S0].txt - [2479 Bytes] - [28/02/2015 15:28:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2538  Bytes] ##########

JRT
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Wallace on 28.02.2015 at 15:34:15,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Emptied folder: C:\Users\Wallace\AppData\Roaming\mozilla\firefox\profiles\9r3ecmn6.default\minidumps [132 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.02.2015 at 15:36:54,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Wallace (administrator) on DRAGON64 on 28-02-2015 15:38:05
Running from C:\Users\Wallace\Desktop
Loaded Profiles: Wallace (Available profiles: Wallace)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(ASUSTeK Computer Inc.) C:\ProgramData\ASUS\AsSysCtrlService\2.00.00\AsSysCtrlService.exe
(M-Audio) C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe
(Ideazon, Inc.) C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA)
HKLM-x32\...\Run: [Cpu Level Up help] => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [887936 2009-12-28] ()
HKLM-x32\...\Run: [Turbo Key] => C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe [1874432 2009-11-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Zboard] => C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe [182784 2011-02-22] (Ideazon, Inc.)
HKLM-x32\...\Run: [BF2Hub Client] => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe [1521664 2014-07-17] (BF2Hub Systems)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3631448 2015-02-27] (Electronic Arts)
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
Startup: C:\Users\Wallace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Wallace\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\9r3ecmn6.default
FF Homepage: https://www.google.de/
FF NetworkProxy: "ftp", "182.239.95.137"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "182.239.95.137"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "182.239.95.137"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "182.239.95.137"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3810334735-2351705608-1866539249-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Wallace\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Stealthy - C:\Users\Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\9r3ecmn6.default\Extensions\stealthyextension@gmail.com.xpi [2013-12-15]
FF Extension: Adblock Plus - C:\Users\Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\9r3ecmn6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-15]

Chrome:
=======
CHR Profile: C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-02]
CHR Extension: (Docs) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-02]
CHR Extension: (Google Drive) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-02]
CHR Extension: (YouTube) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-02]
CHR Extension: (Google Search) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-02]
CHR Extension: (Google Sheets) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-02]
CHR Extension: (Google Wallet) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-02]
CHR Extension: (Gmail) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 AsSysCtrlService; C:\ProgramData\ASUS\AsSysCtrlService\2.00.00\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [96184 2013-12-09] (Overwolf)
R2 OxygenAudioDevMon; C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe [1632776 2010-03-04] (M-Audio)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-10-02] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-04] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-23] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2014-06-21] (Advanced Micro Devices) [File not signed]
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 MADFULEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [28680 2010-02-09] (M-Audio)
S3 MAUSBLEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard.sys [196616 2010-02-09] (M-Audio)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-12-28] (Duplex Secure Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-06-16] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-28 15:38 - 2015-02-28 15:38 - 00021692 _____ () C:\Users\Wallace\Desktop\FRST.txt
2015-02-28 15:37 - 2015-02-28 15:37 - 00000000 ____D () C:\Users\Wallace\Desktop\FRST-OlderVersion
2015-02-28 15:36 - 2015-02-28 15:37 - 00000834 _____ () C:\Users\Wallace\Desktop\JRT.txt
2015-02-28 15:31 - 2015-02-28 15:31 - 00002626 _____ () C:\Users\Wallace\Desktop\AdwCleaner[S0].txt
2015-02-28 15:25 - 2015-02-28 15:28 - 00000000 ____D () C:\AdwCleaner
2015-02-28 15:24 - 2015-02-28 15:24 - 00003017 _____ () C:\Users\Wallace\Desktop\mbam.txt
2015-02-28 15:09 - 2015-02-28 15:09 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-28 15:09 - 2015-02-28 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-28 15:09 - 2015-02-28 15:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-28 15:09 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-28 15:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-28 14:57 - 2015-02-28 14:57 - 01388274 _____ (Thisisu) C:\Users\Wallace\Desktop\JRT.exe
2015-02-28 14:56 - 2015-02-28 14:56 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Wallace\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-28 14:56 - 2015-02-28 14:56 - 02126848 _____ () C:\Users\Wallace\Desktop\AdwCleaner_4.111.exe
2015-02-27 22:21 - 2015-02-27 22:21 - 00094454 _____ () C:\Users\Wallace\Downloads\Uninstal.exe
2015-02-27 22:21 - 2015-02-27 22:21 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yardley McLaren M23 v1.01
2015-02-27 22:18 - 2015-02-27 22:20 - 206699576 _____ () C:\Users\Wallace\Downloads\Mod_SaReNi_Camaro_Gt3_GtRaceCar_ByACM_V1.0.rar
2015-02-27 22:18 - 2015-02-27 22:18 - 55260537 _____ () C:\Users\Wallace\Downloads\McLaren_M23_V1.01.rar
2015-02-27 22:14 - 2015-02-27 22:16 - 160323109 _____ () C:\Users\Wallace\Downloads\longford_67_0.8.8.rar
2015-02-27 21:32 - 2015-02-27 21:34 - 53880603 _____ () C:\Users\Wallace\Downloads\AC-Karelia_Cross-TTM.rar
2015-02-27 21:28 - 2015-02-27 21:29 - 21591213 _____ () C:\Users\Wallace\Downloads\simtraxx_rpsg_0.4_AC.rar
2015-02-27 21:23 - 2015-02-27 21:35 - 316503409 _____ () C:\Users\Wallace\Downloads\simtraxx_pikes_peak_hc_v0.3_AC.rar
2015-02-27 21:03 - 2015-02-27 21:03 - 15093277 _____ () C:\Users\Wallace\Downloads\Martini_Racing.rar
2015-02-27 20:18 - 2015-02-27 20:21 - 82183898 _____ () C:\Users\Wallace\Downloads\simtraxx_magnolia_0.1.rar
2015-02-27 20:16 - 2015-02-27 20:23 - 167474031 _____ () C:\Users\Wallace\Downloads\simtraxx_peyregrosse-mandagout_0.6_AC.rar
2015-02-27 20:01 - 2015-02-27 20:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-27 17:04 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-27 17:04 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-27 17:04 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-27 17:04 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-27 17:04 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-27 17:04 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-27 17:04 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-27 17:04 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-27 17:02 - 2015-02-27 17:22 - 00000000 ____D () C:\Qoobox
2015-02-27 17:01 - 2015-02-27 17:20 - 00000000 ____D () C:\Windows\erdnt
2015-02-27 17:00 - 2015-02-27 17:00 - 05611903 ____R (Swearware) C:\Users\Wallace\Desktop\ComboFix.exe
2015-02-25 21:35 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 21:35 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-23 19:56 - 2015-02-23 20:18 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-22 19:42 - 2015-02-28 15:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-22 19:42 - 2015-02-28 15:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-22 19:42 - 2015-02-23 18:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-22 19:41 - 2015-02-22 20:12 - 00000000 ____D () C:\Users\Wallace\Desktop\mbar
2015-02-22 19:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-22 19:40 - 2015-02-22 19:40 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Wallace\Desktop\tdsskiller.exe
2015-02-22 19:39 - 2015-02-22 19:39 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Wallace\Desktop\mbar-1.09.1.1004.exe
2015-02-21 22:40 - 2015-02-21 22:40 - 00275848 _____ () C:\Windows\Minidump\022115-22308-01.dmp
2015-02-21 22:31 - 2015-02-21 22:31 - 00380416 _____ () C:\Users\Wallace\Desktop\Gmer-19357.exe
2015-02-21 22:25 - 2015-02-21 22:25 - 00048966 _____ () C:\Users\Wallace\Downloads\Addition.txt
2015-02-21 22:24 - 2015-02-28 15:38 - 00000000 ____D () C:\FRST
2015-02-21 22:24 - 2015-02-28 15:37 - 02087936 _____ (Farbar) C:\Users\Wallace\Desktop\FRST64.exe
2015-02-21 22:24 - 2015-02-21 22:25 - 00051743 _____ () C:\Users\Wallace\Downloads\FRST.txt
2015-02-21 22:07 - 2015-02-21 22:07 - 00000656 _____ () C:\Users\Wallace\Downloads\defogger_disable.log
2015-02-21 22:07 - 2015-02-21 22:07 - 00000188 _____ () C:\Users\Wallace\defogger_reenable
2015-02-21 22:06 - 2015-02-21 22:06 - 00050477 _____ () C:\Users\Wallace\Desktop\Defogger.exe
2015-02-21 21:40 - 2015-02-23 20:08 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Contest_team
2015-02-21 00:38 - 2015-02-23 20:08 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Matter-suffer
2015-02-20 10:19 - 2015-02-20 10:19 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-20 10:18 - 2015-02-20 10:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-20 10:18 - 2015-02-20 10:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-20 10:18 - 2015-02-20 10:18 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-20 10:18 - 2015-02-20 10:18 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-20 10:18 - 2015-02-20 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-20 10:18 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-20 10:17 - 2015-02-20 10:17 - 01203488 _____ () C:\Users\Wallace\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-02-20 10:16 - 2015-02-20 10:16 - 00000000 ____D () C:\Users\Wallace\AppData\Local\Steam
2015-02-18 07:54 - 2015-02-20 11:53 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Gpwzdqjjza
2015-02-16 20:01 - 2015-02-16 20:03 - 00000000 ____D () C:\Users\Wallace\Downloads\Fury.Herz.aus.Stahl
2015-02-16 18:48 - 2015-02-18 07:54 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Knkwzygm
2015-02-16 18:20 - 2015-02-23 20:08 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Pace-worried
2015-02-16 00:30 - 2015-02-23 20:08 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Opening-speed
2015-02-15 23:17 - 2015-02-15 23:20 - 107431599 _____ () C:\Users\Wallace\Downloads\fmodstudio10512win-installer.exe
2015-02-15 13:06 - 2015-02-23 20:08 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Hatinvite
2015-02-14 17:23 - 2015-02-16 18:48 - 00000000 ___HD () C:\Users\Wallace\AppData\Local\Hvxphis
2015-02-13 20:09 - 2015-02-13 20:12 - 00000000 ____D () C:\Users\Wallace\Downloads\i.roo.201drei.GE.BDR-W
2015-02-13 19:55 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 19:55 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 19:55 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 19:55 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 15:45 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 15:45 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 15:45 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 15:45 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 15:45 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 15:45 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 15:45 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 15:45 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 15:45 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 15:45 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 15:45 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 15:45 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 15:45 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 15:45 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 15:45 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 15:45 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 15:45 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 15:45 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 15:45 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 15:45 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 15:45 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 15:45 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 15:45 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 15:45 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 15:45 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 15:45 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 15:45 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 15:45 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 15:45 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 15:45 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 15:45 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 15:45 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 15:45 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 15:45 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 15:45 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 15:45 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 15:45 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 15:45 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 15:45 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 15:45 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 15:45 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 15:45 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 15:45 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 15:45 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 15:45 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 15:45 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 15:45 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 15:45 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 15:45 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 15:45 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 15:45 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 15:45 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 19:57 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 19:57 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 19:57 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 19:56 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 19:56 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 19:56 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 19:56 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 19:56 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 19:56 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 19:56 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 19:56 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 19:56 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 19:56 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 19:56 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 19:56 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 19:56 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 19:56 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 19:56 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 19:56 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 19:56 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 19:56 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 19:56 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 19:56 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 19:56 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 19:56 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 19:56 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 19:56 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 19:56 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 19:56 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 19:56 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 19:56 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 19:55 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 19:55 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 19:55 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 19:55 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 19:55 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 19:55 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 19:55 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 19:55 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 19:55 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 19:54 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 18:49 - 2015-02-11 19:42 - 00000000 ____D () C:\Users\Wallace\Downloads\Metro_Last_Light_Redux-FLT
2015-02-11 18:13 - 2015-02-22 19:36 - 00000000 ____D () C:\ProgramData\rnx
2015-02-11 15:59 - 2015-02-11 16:10 - 00001003 _____ () C:\Users\Wallace\Desktop\Neues Textdokument.txt
2015-02-04 18:06 - 2015-02-04 18:08 - 00000000 ____D () C:\Users\Wallace\Documents\BFH Beta 2

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-28 15:37 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-28 15:37 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-28 15:34 - 2013-12-15 03:32 - 01072506 _____ () C:\Windows\WindowsUpdate.log
2015-02-28 15:33 - 2013-12-15 13:15 - 00000000 ____D () C:\ProgramData\Origin
2015-02-28 15:32 - 2014-09-04 20:00 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\Raptr
2015-02-28 15:32 - 2013-12-15 13:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-28 15:31 - 2014-07-06 13:09 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-28 15:31 - 2014-07-06 13:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-28 15:30 - 2010-11-21 04:47 - 00280864 _____ () C:\Windows\PFRO.log
2015-02-28 15:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-28 15:30 - 2009-07-14 05:51 - 00083994 _____ () C:\Windows\setupact.log
2015-02-28 15:28 - 2013-12-15 03:32 - 00000000 ____D () C:\Users\Wallace
2015-02-28 15:23 - 2014-01-07 21:15 - 00000000 ___RD () C:\Users\Wallace\Dropbox
2015-02-28 15:22 - 2014-01-07 21:14 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\Dropbox
2015-02-28 15:22 - 2013-12-27 15:36 - 00000000 ____D () C:\Users\Wallace\AppData\Local\TSVNCache
2015-02-28 15:21 - 2013-12-15 01:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-28 15:05 - 2014-02-07 13:21 - 00003922 _____ () C:\Windows\System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm
2015-02-28 15:03 - 2013-12-15 17:18 - 00000000 ___RD () C:\Users\Wallace\Desktop\Shelf
2015-02-27 23:45 - 2013-12-15 02:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-27 17:22 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-27 17:18 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-27 16:58 - 2013-12-15 13:15 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-21 23:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-21 22:40 - 2013-12-15 11:36 - 680203791 _____ () C:\Windows\MEMORY.DMP
2015-02-21 22:40 - 2013-12-15 11:36 - 00000000 ____D () C:\Windows\Minidump
2015-02-16 20:03 - 2014-01-22 17:56 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\vlc
2015-02-16 19:50 - 2011-04-12 08:43 - 00710404 _____ () C:\Windows\system32\perfh007.dat
2015-02-16 19:50 - 2011-04-12 08:43 - 00154734 _____ () C:\Windows\system32\perfc007.dat
2015-02-16 19:50 - 2009-07-14 06:13 - 01651334 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 12:59 - 2013-12-15 13:17 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-02-15 12:59 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-14 19:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 15:43 - 2014-01-07 21:14 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 15:36 - 2009-07-14 05:45 - 04970104 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 15:33 - 2014-12-11 15:46 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 15:33 - 2014-09-03 19:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 20:04 - 2013-12-15 01:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:00 - 2013-12-15 01:27 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-07 19:26 - 2014-07-06 13:09 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 19:26 - 2014-07-06 13:09 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-07 13:00 - 2013-12-15 11:13 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-07 10:45 - 2013-12-15 02:02 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-07 10:45 - 2013-12-15 02:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-07 10:45 - 2013-12-15 02:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 19:44 - 2013-12-15 21:30 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-02-04 18:08 - 2013-12-27 02:10 - 00000000 ____D () C:\Users\Wallace\AppData\Local\PunkBuster
2015-02-04 18:08 - 2013-12-15 21:30 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-02-04 17:42 - 2013-12-15 21:30 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-04 17:41 - 2013-12-15 11:10 - 00588174 _____ () C:\Windows\DirectX.log
2015-02-01 11:02 - 2014-09-04 20:00 - 00000000 ____D () C:\Program Files (x86)\Raptr

==================== Files in the root of some directories =======

2014-02-12 20:22 - 2014-02-12 20:22 - 0002499 _____ () C:\Program Files (x86)\unins000.dat
2014-02-12 20:22 - 2014-02-12 20:22 - 0682266 _____ () C:\Program Files (x86)\unins000.exe
2015-02-11 04:36 - 2015-02-11 04:36 - 0039936 _____ () C:\Users\Wallace\AppData\Roaming\12 Bracelets Passed To Spanish Hands.mp3
2014-01-07 18:17 - 2014-01-07 18:17 - 0000132 _____ () C:\Users\Wallace\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2013-12-28 10:50 - 2014-11-12 09:56 - 0000132 _____ () C:\Users\Wallace\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-07-11 14:46 - 2014-07-11 14:46 - 0000091 _____ () C:\Users\Wallace\AppData\Roaming\sversion.ini
2014-01-10 20:35 - 2014-04-11 02:10 - 0001456 _____ () C:\Users\Wallace\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-12-29 12:55 - 2013-12-29 12:55 - 0000095 _____ () C:\Users\Wallace\AppData\Local\fusioncache.dat

Some content of TEMP:
====================
C:\Users\Wallace\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpac7oca.dll
C:\Users\Wallace\AppData\Local\Temp\Quarantine.exe
C:\Users\Wallace\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 19:10

==================== End Of Log ============================
--- --- ---

schrauber 28.02.2015 18:49

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

DaWallace 02.03.2015 20:09
Ok, wurde auch ausgeführt.

PC läuft schon wieder viel besser. Die Fehlermeldungen sind schon länger verschwunden und an sich fährt er auch schon wieder zügiger hoch. :daumenhoc

Hier die Logs:

ESET
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1f3f79dfba77e54e8e21c7a8a9236f5d
# engine=22701
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-02 01:29:48
# local_time=2015-03-02 02:29:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 121256 176889638 0 0
# scanned=1082910
# found=89
# cleaned=0
# scan_time=43197
sh=570EB9952C88AF1EBF1B6E444948897310CCDC6B ft=1 fh=8dd053864897c267 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=E075096D25B65981B61BA64BD595310C95BEA7B2 ft=0 fh=0000000000000000 vn="Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Wallace\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.35.zip.vir"
sh=460FAB593C52A20FF1C135BCB9045359E8D08DA4 ft=1 fh=7d490d691a4e705b vn="Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Wallace\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=A0FD1396ED2D7B79BDFB9AF24FD98AC701632E07 ft=1 fh=32cb4b5a2245d585 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Wallace\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=B3E9B985A45EF896577466209FC1FDEDB066EB70 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Wallace\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Wallace\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir"
sh=570EB9952C88AF1EBF1B6E444948897310CCDC6B ft=1 fh=8dd053864897c267 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Wallace\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=1977F2F0A49C992E60324A527A5887305D48E3D7 ft=1 fh=dc889aa2aa041916 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=A13DB2081B2A723E049DC6C097071D11DD486ED5 ft=1 fh=8736df09efa91eaf vn="Variante von Win32/Kryptik.CYMI Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\AMT\es_MX\state_of_matter\integrated_circuit.exe"
sh=55D8B4A13CCAF3A31188DACDFE50AC9609C3BC2F ft=1 fh=3ef6002ea596b563 vn="Variante von Win32/Kryptik.CYDA Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\HTMLHarness\hb_led\quantum_electrodynamics.exe"
sh=DD971ED337CA3F6AF37FDA0792ACBE8D8863CEC1 ft=1 fh=d68b3ff72054b7d1 vn="Win32/TrojanDownloader.Nymaim.AO Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\HTMLHarness\hb_led\hb_led\anode.exe"
sh=3686A135E4C887C5CD08E7FC10CDD3BD7ACED966 ft=1 fh=0f902369c27f0d20 vn="Variante von Win32/Kryptik.CZLT Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\HTMLHarness\hb_led\hb_led\buck_boost.exe"
sh=7474F4BE4FD026FB48C240BC4F952CEC7797CFC1 ft=1 fh=41a0880948134a74 vn="Variante von Win32/Injector.BUUG Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\HTMLHarness\hb_led\hb_led\dual_phase_controller.exe"
sh=3686A135E4C887C5CD08E7FC10CDD3BD7ACED966 ft=1 fh=0f902369c27f0d20 vn="Variante von Win32/Kryptik.CZLT Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\HTMLHarness\hb_led\hb_led\mosfet.exe"
sh=7474F4BE4FD026FB48C240BC4F952CEC7797CFC1 ft=1 fh=41a0880948134a74 vn="Variante von Win32/Injector.BUUG Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\HTMLHarness\hb_led\hb_led\private_mobile_radio.exe"
sh=B8F3A95B72B9843CCCA70D2312C6A2F0AB74EA75 ft=1 fh=8678bbf8c22dbed6 vn="Variante von Win32/Kryptik.CYQB Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\HTMLHarness\hb_led\hb_led\scalar_mathematics.exe"
sh=3686A135E4C887C5CD08E7FC10CDD3BD7ACED966 ft=1 fh=0f902369c27f0d20 vn="Variante von Win32/Kryptik.CZLT Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\HTMLHarness\hb_led\hb_led\system_management_bus.exe"
sh=07D1C8ED2A1A2302260D8C80A10AFF8DA860AE1A ft=1 fh=c71c00116a6fdd80 vn="Win32/TrojanDownloader.Nymaim.AO Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\HTMLHarness\hb_led\hb_led\valence_shell.exe"
sh=07D1C8ED2A1A2302260D8C80A10AFF8DA860AE1A ft=1 fh=c71c00116a6fdd80 vn="Win32/TrojanDownloader.Nymaim.AO Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\HTMLHarness\hb_led\hb_led\voltage_output.exe"
sh=FD89D8975822A33ADCF92315C6F71CAAD68CC99E ft=1 fh=adf7cb3baa77432d vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Legal\sv_SE\h_bridge\alkyne.exe"
sh=95776C54FB3CB7F19AD68B85322DCFBE8B794736 ft=1 fh=38fd4d2edc0a5087 vn="Variante von Win32/Kryptik.CZEB Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Legal\sv_SE\h_bridge\autoshutdown_plus.exe"
sh=5E92D1E22B8C347419F4540C2E26A342E58A16D2 ft=1 fh=9999f06967bbf786 vn="Variante von Win32/Kryptik.CZEB Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Legal\sv_SE\h_bridge\boiling_point_elevation.exe"
sh=0E0B5608500913D5B71AAC64EECD5D125F3C26C1 ft=1 fh=e718d5cfc93b00c9 vn="Variante von Win32/Kryptik.CZKX Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Legal\sv_SE\h_bridge\dew_point.exe"
sh=F4FB8D9236F934BAC4424F01E09525D09C705E31 ft=1 fh=64bf36a52613cf9e vn="Variante von Win32/Kryptik.CZEB Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Legal\sv_SE\h_bridge\gaas_mesfet.exe"
sh=0E0B5608500913D5B71AAC64EECD5D125F3C26C1 ft=1 fh=e718d5cfc93b00c9 vn="Variante von Win32/Kryptik.CZKX Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Legal\sv_SE\h_bridge\iec_connector.exe"
sh=D4F60115A58A0DB43C40B2FC38C176DB2817AE42 ft=1 fh=06f0820abaf7bb58 vn="Variante von Win32/Kryptik.CZEB Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Legal\sv_SE\h_bridge\max_hold_step_mv.exe"
sh=E3B628764B4D974906F3F422069328F09194CEAA ft=1 fh=d7bfe28acab1fcdb vn="Variante von Win32/Kryptik.CZEB Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Legal\sv_SE\h_bridge\pressure.exe"
sh=F90A883C790CFF24C6CE3E977E3648042AC46621 ft=1 fh=dcc5636f3f3aabbd vn="Variante von Win32/Kryptik.CYMI Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Presets\Deco\state_of_matter\bionics.exe"
sh=49BD7CCC3DC81C36F06874F65284B19804CBA3A3 ft=1 fh=a1538c0b306065f9 vn="Win32/TrojanDownloader.Nymaim.AO Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Presets\Deco\state_of_matter\cell_site.exe"
sh=C2BE46624A7CBE22EFAB365F4DD27A82516ECDB8 ft=1 fh=e2cf941d3e2bc91f vn="Variante von Win32/Kryptik.CZWG Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Presets\Deco\state_of_matter\coefficient_of_variation.exe"
sh=61323BDFBD3207109DAD304106391998B1C79E80 ft=1 fh=459c1de4f4e0419b vn="Variante von Win32/Kryptik.CYQU Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Presets\Deco\state_of_matter\murphys_law.exe"
sh=EF90D0E194AB63B1E895C89FA2E9011AEA4D5761 ft=1 fh=27db5e87f42789a4 vn="Variante von Win32/Kryptik.CZWG Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Presets\Deco\state_of_matter\nuclear_power.exe"
sh=8C8CBFAB8B6A188D8DE95F4D49524A91824F8547 ft=1 fh=66d45fe78bccddb3 vn="Variante von Win32/Kryptik.CYMI Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Presets\Deco\state_of_matter\physical_chemistry.exe"
sh=5D83B6A47265604EE923C851ACE4BFB20EB2D617 ft=1 fh=99185e6e827c3e02 vn="Variante von Win32/Kryptik.CZWG Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Presets\Deco\state_of_matter\power_supply_rejection.exe"
sh=61323BDFBD3207109DAD304106391998B1C79E80 ft=1 fh=459c1de4f4e0419b vn="Variante von Win32/Kryptik.CYQU Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Presets\Deco\state_of_matter\special_relativity.exe"
sh=053302783861C65B556700AFB0ACCCCE7B700AD8 ft=1 fh=afb227364910c562 vn="Win32/TrojanDownloader.Nymaim.AL Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Presets\Deco\state_of_matter\structural_analysis.exe"
sh=8C8CBFAB8B6A188D8DE95F4D49524A91824F8547 ft=1 fh=66d45fe78bccddb3 vn="Variante von Win32/Kryptik.CYMI Trojaner" ac=I fn="C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Presets\Deco\state_of_matter\viscoelasticity.exe"
sh=AE84C00CE80FECAA58321FEB4B33988D0862A030 ft=1 fh=b7ee9d26b5b8aa6d vn="Variante von Win32/Kryptik.CZUL Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\23.02.2015_19.54.51\uds0000\file0000\tsk0000.dta"
sh=0FC8EC04F2C74564F101BDAEB7EEC5CE5D6CAE02 ft=1 fh=779052e69b2dc535 vn="Variante von Win32/Kryptik.CYNQ Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\23.02.2015_19.54.51\uds0001\file0000\tsk0000.dta"
sh=AE84C00CE80FECAA58321FEB4B33988D0862A030 ft=1 fh=b7ee9d26b5b8aa6d vn="Variante von Win32/Kryptik.CZUL Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\23.02.2015_19.57.19\uds0000\file0000\tsk0000.dta"
sh=0FC8EC04F2C74564F101BDAEB7EEC5CE5D6CAE02 ft=1 fh=779052e69b2dc535 vn="Variante von Win32/Kryptik.CYNQ Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\23.02.2015_19.57.19\uds0001\file0000\tsk0000.dta"
sh=9230F961A3DB867E2C179EE4803EE54CDCD5E4F8 ft=1 fh=11d0d61ea4bc1d72 vn="Variante von Win32/Kryptik.CZKE Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\23.02.2015_19.57.19\uds0002\file0000\tsk0000.dta"
sh=E862D85F48FABECA11BDE48D89F3C761362CA99B ft=1 fh=ef582517c7c4fc95 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\23.02.2015_19.57.19\uds0003\file0000\tsk0000.dta"
sh=09169B08C6DBE9A57B80F03DB5571B742CACA452 ft=1 fh=8625e28f0a0bf831 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\23.02.2015_19.57.19\uds0004\file0000\tsk0000.dta"
sh=1FDAAB6AC0E34E304188A5121541F71888C977F2 ft=1 fh=e533d3777bc41b1b vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\23.02.2015_19.57.19\zbot0000\file0000\tsk0000.dta"
sh=983FC1E3D29BCF5EDD162ABF2EDE17B093B910E2 ft=1 fh=b9c78ec8d1cf3a70 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\23.02.2015_19.57.19\zbot0001\file0000\tsk0000.dta"
sh=6701CF295577B5735E926986C68A27DCCFB25B02 ft=1 fh=495afea39d043e4b vn="Variante von Win32/Kryptik.CZKE Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\23.02.2015_20.12.57\zbot0000\file0000\tsk0000.dta"
sh=2614BD85C4362B0D354CAC24E0847E42F835B58E ft=1 fh=b361aebf1eaa3b39 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Wallace\Downloads\SpyBot Search Destroy - CHIP-Installer.exe"
sh=055C523F1B019E7A1BF5B1B03C2ECA9180C216D6 ft=1 fh=d24a156c7c07390d vn="Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Wallace\Downloads\winamp5666_full_all_inst.exe"
sh=3E6BE4F4EAAA90DD30A2436CCF7A4E9CA7F3A032 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-5076.AO Trojaner" ac=I fn="O:\backup\Users\Wallace\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b56f2c6-30bc7037"
sh=D8F10BDFCF1D7203A10EDD44BFA91E63429F7509 ft=1 fh=125879de58b34aa1 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="O:\backup\Users\Wallace\AppData\Roaming\BabSolution\Shared\BabMaint.exe"
sh=97C98A20388FD894B92FD8325545966CA945BCFB ft=1 fh=6121d07ea56d1649 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="O:\backup\Users\Wallace\AppData\Roaming\OpenCandy\00473836941449648F9BC2CC9C8DA6DB\Setupsft_chr_p1v7.exe"
sh=22EA12E23878248FEBC79C3B7FD1FA8B91F03725 ft=1 fh=fe2b149769bf0004 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="O:\backup\Users\Wallace\AppData\Roaming\OpenCandy\88A0C4B74BD54A25BC3F55E29AB87F71\SearchGolTB.exe"
sh=1ECFC21820718B28EF8D02235CF47C9A2B4769C7 ft=1 fh=d64bdcab81966442 vn="Win32/InstallMonetizer.AU evtl. unerwünschte Anwendung" ac=I fn="O:\backup\Users\Wallace\Downloads\audioextractor.exe"
sh=6ED83CE586DCDECC79577A14549292617F11BA23 ft=0 fh=0000000000000000 vn="Variante von Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="O:\backup\Users\Wallace\Downloads\hypercam227-free.zip"
sh=6DC1CE7EA87D057DFA2EB7D8DE7F406E9CDD8471 ft=1 fh=097609c6004ddf6c vn="Variante von Win32/TrojanDropper.VB.OFV Trojaner" ac=I fn="O:\backup\Users\Wallace\Downloads\Games\Black Mesa Source-FULL\BlackMesa-Setup.exe"
sh=1ECFC21820718B28EF8D02235CF47C9A2B4769C7 ft=1 fh=d64bdcab81966442 vn="Win32/InstallMonetizer.AU evtl. unerwünschte Anwendung" ac=I fn="O:\Downloads\audioextractor.exe"
sh=6ED83CE586DCDECC79577A14549292617F11BA23 ft=0 fh=0000000000000000 vn="Variante von Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="O:\Downloads\hypercam227-free.zip"
sh=6DC1CE7EA87D057DFA2EB7D8DE7F406E9CDD8471 ft=1 fh=097609c6004ddf6c vn="Variante von Win32/TrojanDropper.VB.OFV Trojaner" ac=I fn="O:\Downloads\Games\Black Mesa Source-FULL\BlackMesa-Setup.exe"
sh=F07E6E10860D785A0137E4C356041F11AA3C4BD0 ft=1 fh=de96e0cbf8b45c4b vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="O:\Downloads\Games\GT Legends\SimRace_Essentials_Toolbar.exe"
sh=4DF80923E8D16FEB3A22796FB6850FCA625DECC4 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="O:\Downloads\Games\GT Legends\Car Mods\Porsche 917K v1_01 by RMi Release Group.rar"
sh=2A15FE61134342C4A1E2732E8D1CD49FC3076164 ft=1 fh=c71c0011e48792bc vn="Win32/InstallCore.MF evtl. unerwünschte Anwendung" ac=I fn="O:\Downloads\Programme\COMPUTER_BILD-Download-Manager_fuer_Test_Drive_Unlimited_Patch_1.66A.exe"
sh=6B0372F6C8561568A5ED30E4EDC9ABF5FEC48D64 ft=1 fh=88c4b3e90b27c805 vn="Win32/WinloadSDA.C evtl. unerwünschte Anwendung" ac=I fn="O:\Downloads\Programme\Mozilla-Firefox--Setup.exe"
sh=59D9EE694B4E90E172B3EE03AB2EDE01B6D9272E ft=1 fh=4e2a4e675581798e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="O:\Downloads\Programme\OpenOffice - CHIP-Downloader.exe"
sh=6BF3E30395DFFE2BBCCD6D64DC0F77A1D5CF6D2F ft=1 fh=44552bf7fe233294 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="O:\Downloads\Programme\SpeedFan - CHIP-Downloader.exe"
sh=86FD2D88F3C4675471D14644D2A2D8A0B08BA2F4 ft=1 fh=5d2300031434a965 vn="NSIS/StartPage.CC Trojaner" ac=I fn="O:\Downloads\Programme\vlc-2.1.2-win64.exe"
sh=97AD30A2F1954781EBF4872DC4EA0E4F7135EDCC ft=1 fh=dbf8fefc96520283 vn="Variante von Win32/Packed.ExeScript.B Trojaner" ac=I fn="O:\Games\BF2 + BF2142\AIX 2.0\AIX_2.0_CORE_MOD.exe"
sh=55F6A9E2DA379960592073A7FA9D8C43C4D25EBF ft=0 fh=0000000000000000 vn="JS/Kryptik.CC Trojaner" ac=I fn="Q:\BackUps\BACKUP C GEMEINSAME DOKUMENTE\Dokumente und Einstellungen\M.Wallace\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GZEDMR6V\42214.shoutbox[1]"
sh=46BDEF9CD33B7A5D32C193B7A6741468657AAECF ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F70d01"
sh=19C6900866327BCF73466E6A8E6E09F03091FAEB ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F71d01"
sh=28FF310CA301A6293CEF96A0051D3B235D2189FD ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F72d01"
sh=FCD951D20514E3849D3D19ECA80F0A83154815D4 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F73d01"
sh=FAC862047DA8DC2102578B66F0C6BC8F763ABBE8 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F7Ed01"
sh=8BE51386EE643E285C3CC73106139E7F5718FA4E ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F7Fd01"
sh=EE50D38F68F6FB156B6209509D829ABBF34DA963 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\BA17F746d01"
sh=D6B37D3A7C92BE6F1DC90DEBFEF2CF457F9A9EA8 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="Q:\BackUps\BACKUP SYSTEM DATEIEN\Marcel\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Z5OGDNR9\T2[1].html"
sh=8B4388B9ECCF763D3D9C304ABB2044473CE43285 ft=1 fh=070dcc345b9444d7 vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="Q:\BACKUP 082012\Downloads\SoftonicDownloader_fuer_g-force.exe"
sh=1A575A311E4A39596CED40212CF5AE8B218F6961 ft=1 fh=11bcebd3f89e4beb vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="Q:\BACKUP 082012\Downloads\PROGS\swirlabstractsss.exe"
Security Check
Code:
Results of screen317's Security Check version 0.99.96 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 TuneUp Utilities 2014 
 TuneUp Utilities 2014 (de-DE) 
 TuneUp Utilities 2014 
  Java 64-bit 8 Update 31 
 Adobe Flash Player 16.0.0.305 
 Adobe Reader XI 
 Mozilla Firefox (36.0)
 Mozilla Thunderbird 24.4.0 Thunderbird out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by Wallace (administrator) on DRAGON64 on 02-03-2015 20:16:35
Running from C:\Users\Wallace\Desktop
Loaded Profiles: Wallace (Available profiles: Wallace)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(ASUSTeK Computer Inc.) C:\ProgramData\ASUS\AsSysCtrlService\2.00.00\AsSysCtrlService.exe
(M-Audio) C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe
(Ideazon, Inc.) C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA)
HKLM-x32\...\Run: [Cpu Level Up help] => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [887936 2009-12-28] ()
HKLM-x32\...\Run: [Turbo Key] => C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe [1874432 2009-11-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Zboard] => C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe [182784 2011-02-22] (Ideazon, Inc.)
HKLM-x32\...\Run: [BF2Hub Client] => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe [1521664 2014-07-17] (BF2Hub Systems)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3631448 2015-02-27] (Electronic Arts)
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
Startup: C:\Users\Wallace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Wallace\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\9r3ecmn6.default
FF Homepage: https://www.google.de/
FF NetworkProxy: "ftp", "182.239.95.137"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "182.239.95.137"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "182.239.95.137"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "182.239.95.137"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3810334735-2351705608-1866539249-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Wallace\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Stealthy - C:\Users\Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\9r3ecmn6.default\Extensions\stealthyextension@gmail.com.xpi [2013-12-15]
FF Extension: Adblock Plus - C:\Users\Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\9r3ecmn6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-15]

Chrome:
=======
CHR Profile: C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-02]
CHR Extension: (Docs) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-02]
CHR Extension: (Google Drive) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-02]
CHR Extension: (YouTube) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-02]
CHR Extension: (Google Search) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-02]
CHR Extension: (Google Sheets) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-02]
CHR Extension: (Google Wallet) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-02]
CHR Extension: (Gmail) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 AsSysCtrlService; C:\ProgramData\ASUS\AsSysCtrlService\2.00.00\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [96184 2013-12-09] (Overwolf)
R2 OxygenAudioDevMon; C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe [1632776 2010-03-04] (M-Audio)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-10-02] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-04] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-23] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2014-06-21] (Advanced Micro Devices) [File not signed]
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 MADFULEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [28680 2010-02-09] (M-Audio)
S3 MAUSBLEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard.sys [196616 2010-02-09] (M-Audio)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-12-28] (Duplex Secure Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-06-16] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 20:07 - 2015-03-02 20:07 - 00001003 _____ () C:\Users\Wallace\Desktop\checkup.txt
2015-03-02 20:01 - 2015-03-02 20:01 - 00852594 _____ () C:\Users\Wallace\Desktop\SecurityCheck.exe
2015-03-01 14:25 - 2015-03-01 14:25 - 02347384 _____ (ESET) C:\Users\Wallace\Desktop\esetsmartinstaller_deu.exe
2015-02-28 17:49 - 2015-02-28 17:49 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-02-28 15:38 - 2015-03-02 20:16 - 00021844 _____ () C:\Users\Wallace\Desktop\FRST.txt
2015-02-28 15:38 - 2015-02-28 15:39 - 00038228 _____ () C:\Users\Wallace\Desktop\Addition.txt
2015-02-28 15:37 - 2015-03-02 20:16 - 00000000 ____D () C:\Users\Wallace\Desktop\FRST-OlderVersion
2015-02-28 15:36 - 2015-02-28 15:37 - 00000834 _____ () C:\Users\Wallace\Desktop\JRT.txt
2015-02-28 15:31 - 2015-02-28 15:31 - 00002626 _____ () C:\Users\Wallace\Desktop\AdwCleaner[S0].txt
2015-02-28 15:25 - 2015-02-28 15:28 - 00000000 ____D () C:\AdwCleaner
2015-02-28 15:24 - 2015-02-28 15:24 - 00003017 _____ () C:\Users\Wallace\Desktop\mbam.txt
2015-02-28 15:09 - 2015-02-28 15:09 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-28 15:09 - 2015-02-28 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-28 15:09 - 2015-02-28 15:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-28 15:09 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-28 15:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-28 14:57 - 2015-02-28 14:57 - 01388274 _____ (Thisisu) C:\Users\Wallace\Desktop\JRT.exe
2015-02-28 14:56 - 2015-02-28 14:56 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Wallace\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-28 14:56 - 2015-02-28 14:56 - 02126848 _____ () C:\Users\Wallace\Desktop\AdwCleaner_4.111.exe
2015-02-27 22:21 - 2015-02-27 22:21 - 00094454 _____ () C:\Users\Wallace\Downloads\Uninstal.exe
2015-02-27 22:21 - 2015-02-27 22:21 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yardley McLaren M23 v1.01
2015-02-27 22:18 - 2015-02-27 22:20 - 206699576 _____ () C:\Users\Wallace\Downloads\Mod_SaReNi_Camaro_Gt3_GtRaceCar_ByACM_V1.0.rar
2015-02-27 22:18 - 2015-02-27 22:18 - 55260537 _____ () C:\Users\Wallace\Downloads\McLaren_M23_V1.01.rar
2015-02-27 22:14 - 2015-02-27 22:16 - 160323109 _____ () C:\Users\Wallace\Downloads\longford_67_0.8.8.rar
2015-02-27 21:32 - 2015-02-27 21:34 - 53880603 _____ () C:\Users\Wallace\Downloads\AC-Karelia_Cross-TTM.rar
2015-02-27 21:28 - 2015-02-27 21:29 - 21591213 _____ () C:\Users\Wallace\Downloads\simtraxx_rpsg_0.4_AC.rar
2015-02-27 21:23 - 2015-02-27 21:35 - 316503409 _____ () C:\Users\Wallace\Downloads\simtraxx_pikes_peak_hc_v0.3_AC.rar
2015-02-27 21:03 - 2015-02-27 21:03 - 15093277 _____ () C:\Users\Wallace\Downloads\Martini_Racing.rar
2015-02-27 20:18 - 2015-02-27 20:21 - 82183898 _____ () C:\Users\Wallace\Downloads\simtraxx_magnolia_0.1.rar
2015-02-27 20:16 - 2015-02-27 20:23 - 167474031 _____ () C:\Users\Wallace\Downloads\simtraxx_peyregrosse-mandagout_0.6_AC.rar
2015-02-27 20:01 - 2015-02-27 20:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-27 17:04 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-27 17:04 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-27 17:04 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-27 17:04 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-27 17:04 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-27 17:04 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-27 17:04 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-27 17:04 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-27 17:02 - 2015-02-27 17:22 - 00000000 ____D () C:\Qoobox
2015-02-27 17:01 - 2015-02-27 17:20 - 00000000 ____D () C:\Windows\erdnt
2015-02-27 17:00 - 2015-02-27 17:00 - 05611903 ____R (Swearware) C:\Users\Wallace\Desktop\ComboFix.exe
2015-02-25 21:35 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 21:35 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-23 19:56 - 2015-02-23 20:18 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-22 19:42 - 2015-03-02 19:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-22 19:42 - 2015-02-28 15:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-22 19:42 - 2015-02-23 18:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-22 19:41 - 2015-02-22 20:12 - 00000000 ____D () C:\Users\Wallace\Desktop\mbar
2015-02-22 19:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-22 19:40 - 2015-02-22 19:40 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Wallace\Desktop\tdsskiller.exe
2015-02-22 19:39 - 2015-02-22 19:39 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Wallace\Desktop\mbar-1.09.1.1004.exe
2015-02-21 22:40 - 2015-02-21 22:40 - 00275848 _____ () C:\Windows\Minidump\022115-22308-01.dmp
2015-02-21 22:31 - 2015-02-21 22:31 - 00380416 _____ () C:\Users\Wallace\Desktop\Gmer-19357.exe
2015-02-21 22:25 - 2015-02-21 22:25 - 00048966 _____ () C:\Users\Wallace\Downloads\Addition.txt
2015-02-21 22:24 - 2015-03-02 20:16 - 02092544 _____ (Farbar) C:\Users\Wallace\Desktop\FRST64.exe
2015-02-21 22:24 - 2015-03-02 20:16 - 00000000 ____D () C:\FRST
2015-02-21 22:24 - 2015-02-21 22:25 - 00051743 _____ () C:\Users\Wallace\Downloads\FRST.txt
2015-02-21 22:07 - 2015-02-21 22:07 - 00000656 _____ () C:\Users\Wallace\Downloads\defogger_disable.log
2015-02-21 22:07 - 2015-02-21 22:07 - 00000188 _____ () C:\Users\Wallace\defogger_reenable
2015-02-21 22:06 - 2015-02-21 22:06 - 00050477 _____ () C:\Users\Wallace\Desktop\Defogger.exe
2015-02-21 21:40 - 2015-02-23 20:08 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Contest_team
2015-02-21 00:38 - 2015-02-23 20:08 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Matter-suffer
2015-02-20 10:19 - 2015-02-20 10:19 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-20 10:18 - 2015-02-20 10:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-20 10:18 - 2015-02-20 10:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-20 10:18 - 2015-02-20 10:18 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-20 10:18 - 2015-02-20 10:18 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-20 10:18 - 2015-02-20 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-20 10:18 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-20 10:17 - 2015-02-20 10:17 - 01203488 _____ () C:\Users\Wallace\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-02-20 10:16 - 2015-02-20 10:16 - 00000000 ____D () C:\Users\Wallace\AppData\Local\Steam
2015-02-18 07:54 - 2015-02-20 11:53 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Gpwzdqjjza
2015-02-16 20:01 - 2015-02-16 20:03 - 00000000 ____D () C:\Users\Wallace\Downloads\Fury.Herz.aus.Stahl
2015-02-16 18:48 - 2015-02-18 07:54 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Knkwzygm
2015-02-16 18:20 - 2015-02-23 20:08 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Pace-worried
2015-02-16 00:30 - 2015-02-23 20:08 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Opening-speed
2015-02-15 23:17 - 2015-02-15 23:20 - 107431599 _____ () C:\Users\Wallace\Downloads\fmodstudio10512win-installer.exe
2015-02-15 13:06 - 2015-02-23 20:08 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Hatinvite
2015-02-14 17:23 - 2015-02-16 18:48 - 00000000 ___HD () C:\Users\Wallace\AppData\Local\Hvxphis
2015-02-13 20:09 - 2015-02-13 20:12 - 00000000 ____D () C:\Users\Wallace\Downloads\i.roo.201drei.GE.BDR-W
2015-02-13 19:55 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 19:55 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 19:55 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 19:55 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 15:45 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 15:45 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 15:45 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 15:45 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 15:45 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 15:45 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 15:45 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 15:45 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 15:45 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 15:45 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 15:45 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 15:45 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 15:45 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 15:45 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 15:45 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 15:45 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 15:45 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 15:45 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 15:45 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 15:45 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 15:45 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 15:45 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 15:45 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 15:45 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 15:45 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 15:45 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 15:45 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 15:45 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 15:45 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 15:45 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 15:45 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 15:45 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 15:45 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 15:45 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 15:45 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 15:45 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 15:45 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 15:45 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 15:45 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 15:45 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 15:45 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 15:45 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 15:45 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 15:45 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 15:45 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 15:45 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 15:45 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 15:45 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 15:45 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 15:45 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 15:45 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 15:45 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 19:57 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 19:57 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 19:57 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 19:56 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 19:56 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 19:56 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 19:56 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 19:56 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 19:56 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 19:56 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 19:56 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 19:56 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 19:56 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 19:56 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 19:56 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 19:56 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 19:56 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 19:56 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 19:56 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 19:56 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 19:56 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 19:56 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 19:56 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 19:56 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 19:56 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 19:56 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 19:56 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 19:56 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 19:56 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 19:56 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 19:56 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 19:55 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 19:55 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 19:55 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 19:55 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 19:55 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 19:55 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 19:55 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 19:55 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 19:55 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 19:54 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 18:49 - 2015-02-11 19:42 - 00000000 ____D () C:\Users\Wallace\Downloads\Metro_Last_Light_Redux-FLT
2015-02-11 18:13 - 2015-02-22 19:36 - 00000000 ____D () C:\ProgramData\rnx
2015-02-11 15:59 - 2015-02-11 16:10 - 00001003 _____ () C:\Users\Wallace\Desktop\Neues Textdokument.txt
2015-02-04 18:06 - 2015-02-04 18:08 - 00000000 ____D () C:\Users\Wallace\Documents\BFH Beta 2

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 20:14 - 2014-01-02 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2015-03-02 20:14 - 2013-12-19 17:34 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-02 20:14 - 2013-12-19 16:08 - 00000000 ____D () C:\Program Files\Adobe
2015-03-02 20:00 - 2013-12-15 13:15 - 00000000 ____D () C:\ProgramData\Origin
2015-03-02 19:53 - 2014-01-07 21:15 - 00000000 ___RD () C:\Users\Wallace\Dropbox
2015-03-02 19:53 - 2013-12-15 13:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-02 19:52 - 2014-09-04 20:00 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\Raptr
2015-03-02 19:52 - 2014-07-06 13:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-02 19:52 - 2014-01-07 21:14 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\Dropbox
2015-03-02 19:52 - 2013-12-27 15:36 - 00000000 ____D () C:\Users\Wallace\AppData\Local\TSVNCache
2015-03-02 19:45 - 2013-12-15 02:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-02 19:41 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-02 19:41 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-02 19:38 - 2013-12-15 03:32 - 01186752 _____ () C:\Windows\WindowsUpdate.log
2015-03-02 19:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-02 19:33 - 2009-07-14 05:51 - 00084106 _____ () C:\Windows\setupact.log
2015-03-02 05:31 - 2014-07-06 13:09 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-28 18:24 - 2014-01-22 17:56 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\vlc
2015-02-28 15:30 - 2010-11-21 04:47 - 00280864 _____ () C:\Windows\PFRO.log
2015-02-28 15:28 - 2013-12-15 03:32 - 00000000 ____D () C:\Users\Wallace
2015-02-28 15:21 - 2013-12-15 01:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-28 15:05 - 2014-02-07 13:21 - 00003922 _____ () C:\Windows\System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm
2015-02-28 15:03 - 2013-12-15 17:18 - 00000000 ___RD () C:\Users\Wallace\Desktop\Shelf
2015-02-27 17:22 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-27 17:18 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-27 16:58 - 2013-12-15 13:15 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-21 23:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-21 22:40 - 2013-12-15 11:36 - 680203791 _____ () C:\Windows\MEMORY.DMP
2015-02-21 22:40 - 2013-12-15 11:36 - 00000000 ____D () C:\Windows\Minidump
2015-02-16 19:50 - 2011-04-12 08:43 - 00710404 _____ () C:\Windows\system32\perfh007.dat
2015-02-16 19:50 - 2011-04-12 08:43 - 00154734 _____ () C:\Windows\system32\perfc007.dat
2015-02-16 19:50 - 2009-07-14 06:13 - 01651334 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 12:59 - 2013-12-15 13:17 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-02-15 12:59 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-14 19:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 15:43 - 2014-01-07 21:14 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 15:36 - 2009-07-14 05:45 - 04970104 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 15:33 - 2014-12-11 15:46 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 15:33 - 2014-09-03 19:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 20:04 - 2013-12-15 01:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:00 - 2013-12-15 01:27 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-07 19:26 - 2014-07-06 13:09 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 19:26 - 2014-07-06 13:09 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-07 13:00 - 2013-12-15 11:13 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-07 10:45 - 2013-12-15 02:02 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-07 10:45 - 2013-12-15 02:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-07 10:45 - 2013-12-15 02:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 19:44 - 2013-12-15 21:30 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-02-04 18:08 - 2013-12-27 02:10 - 00000000 ____D () C:\Users\Wallace\AppData\Local\PunkBuster
2015-02-04 18:08 - 2013-12-15 21:30 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-02-04 17:42 - 2013-12-15 21:30 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-04 17:41 - 2013-12-15 11:10 - 00588174 _____ () C:\Windows\DirectX.log
2015-02-01 11:02 - 2014-09-04 20:00 - 00000000 ____D () C:\Program Files (x86)\Raptr

==================== Files in the root of some directories =======

2014-02-12 20:22 - 2014-02-12 20:22 - 0002499 _____ () C:\Program Files (x86)\unins000.dat
2014-02-12 20:22 - 2014-02-12 20:22 - 0682266 _____ () C:\Program Files (x86)\unins000.exe
2015-02-11 04:36 - 2015-02-11 04:36 - 0039936 _____ () C:\Users\Wallace\AppData\Roaming\12 Bracelets Passed To Spanish Hands.mp3
2014-01-07 18:17 - 2014-01-07 18:17 - 0000132 _____ () C:\Users\Wallace\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2013-12-28 10:50 - 2014-11-12 09:56 - 0000132 _____ () C:\Users\Wallace\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-07-11 14:46 - 2014-07-11 14:46 - 0000091 _____ () C:\Users\Wallace\AppData\Roaming\sversion.ini
2014-01-10 20:35 - 2014-04-11 02:10 - 0001456 _____ () C:\Users\Wallace\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-12-29 12:55 - 2013-12-29 12:55 - 0000095 _____ () C:\Users\Wallace\AppData\Local\fusioncache.dat

Some content of TEMP:
====================
C:\Users\Wallace\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbpsmll.dll
C:\Users\Wallace\AppData\Local\Temp\Quarantine.exe
C:\Users\Wallace\AppData\Local\Temp\sqlite3.dll
C:\Users\Wallace\AppData\Local\Temp\vlc-2.1.5-win64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 19:10

==================== End Of Log ============================
--- --- ---


Was würdest du mir denn als Anti-Viren Schutz empfehlen? Kann auch kostenpflichtig sein, wenn es dann das Geld Wert ist.

schrauber 03.03.2015 08:18
Das sehe ich ja jetzt erst...

Zitat:
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 hxxp://www.adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 192.150.18.108
127.0.0.1 activate.adobe.com:443
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
Das gecrackte Adobe runter. Schau dir mal das log von ESET an, dann haste auch die Bestätigung dass Software cracken nach hinten los geht.

DaWallace 03.03.2015 18:49
Ja ok. Sehe ich auch ein. Wurde deinstalliert und entfernt. Hab auch die Installationsfiles gelöscht.

schrauber 04.03.2015 08:44
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\Wallace\Downloads\SpyBot Search Destroy - CHIP-Installer.exe

C:\Users\Wallace\Downloads\winamp5666_full_all_inst.exe

O:\backup\Users\Wallace\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b56f2c6-30bc7037

O:\backup\Users\Wallace\AppData\Roaming\BabSolution\Shared\BabMaint.exe

O:\backup\Users\Wallace\AppData\Roaming\OpenCandy\00473836941449648F9BC2CC9C8DA6DB\Setupsft_chr_p1v7.exe

O:\backup\Users\Wallace\AppData\Roaming\OpenCandy\88A0C4B74BD54A25BC3F55E29AB87F71\SearchGolTB.exe

O:\backup\Users\Wallace\Downloads\audioextractor.exe

O:\backup\Users\Wallace\Downloads\hypercam227-free.zip

O:\backup\Users\Wallace\Downloads\Games\Black Mesa Source-FULL\BlackMesa-Setup.exe

O:\Downloads\audioextractor.exe

O:\Downloads\hypercam227-free.zip

O:\Downloads\Games\Black Mesa Source-FULL\BlackMesa-Setup.exe

O:\Downloads\Games\GT Legends\SimRace_Essentials_Toolbar.exe

O:\Downloads\Games\GT Legends\Car Mods\Porsche 917K v1_01 by RMi Release Group.rar

O:\Downloads\Programme\COMPUTER_BILD-Download-Manager_fuer_Test_Drive_Unlimited_Patch_1.66A.exe

O:\Downloads\Programme\Mozilla-Firefox--Setup.exe

O:\Downloads\Programme\OpenOffice - CHIP-Downloader.exe

O:\Downloads\Programme\SpeedFan - CHIP-Downloader.exe

O:\Downloads\Programme\vlc-2.1.2-win64.exe

O:\Games\BF2 + BF2142\AIX 2.0\AIX_2.0_CORE_MOD.exe

Q:\BackUps\BACKUP C GEMEINSAME DOKUMENTE\Dokumente und Einstellungen\M.Wallace\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GZEDMR6V\42214.shoutbox[1]

Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F70d01

Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F71d01

Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F72d01

Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F73d01

Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F7Ed01

Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F7Fd01

Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\BA17F746d01

Q:\BackUps\BACKUP SYSTEM DATEIEN\Marcel\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Z5OGDNR9\T2[1].html

Q:\BACKUP 082012\Downloads\SoftonicDownloader_fuer_g-force.exe
C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)
Q:\BACKUP 082012\Downloads\PROGS\swirlabstractsss.exe
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST log bitte. Noch Probleme?

DaWallace 04.03.2015 16:33
Fixlog
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015
Ran by Wallace at 2015-03-04 16:26:29 Run:1
Running from C:\Users\Wallace\Desktop
Loaded Profiles: Wallace (Available profiles: Wallace)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Wallace\Downloads\SpyBot Search Destroy - CHIP-Installer.exe

C:\Users\Wallace\Downloads\winamp5666_full_all_inst.exe

O:\backup\Users\Wallace\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b56f2c6-30bc7037

O:\backup\Users\Wallace\AppData\Roaming\BabSolution\Shared\BabMaint.exe

O:\backup\Users\Wallace\AppData\Roaming\OpenCandy\00473836941449648F9BC2CC9C8DA6DB\Setupsft_chr_p1v7.exe

O:\backup\Users\Wallace\AppData\Roaming\OpenCandy\88A0C4B74BD54A25BC3F55E29AB87F71\SearchGolTB.exe

O:\backup\Users\Wallace\Downloads\audioextractor.exe

O:\backup\Users\Wallace\Downloads\hypercam227-free.zip

O:\backup\Users\Wallace\Downloads\Games\Black Mesa Source-FULL\BlackMesa-Setup.exe

O:\Downloads\audioextractor.exe

O:\Downloads\hypercam227-free.zip

O:\Downloads\Games\Black Mesa Source-FULL\BlackMesa-Setup.exe

O:\Downloads\Games\GT Legends\SimRace_Essentials_Toolbar.exe

O:\Downloads\Games\GT Legends\Car Mods\Porsche 917K v1_01 by RMi Release Group.rar

O:\Downloads\Programme\COMPUTER_BILD-Download-Manager_fuer_Test_Drive_Unlimited_Patch_1.66A.exe

O:\Downloads\Programme\Mozilla-Firefox--Setup.exe

O:\Downloads\Programme\OpenOffice - CHIP-Downloader.exe

O:\Downloads\Programme\SpeedFan - CHIP-Downloader.exe

O:\Downloads\Programme\vlc-2.1.2-win64.exe

O:\Games\BF2 + BF2142\AIX 2.0\AIX_2.0_CORE_MOD.exe

Q:\BackUps\BACKUP C GEMEINSAME DOKUMENTE\Dokumente und Einstellungen\M.Wallace\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GZEDMR6V\42214.shoutbox[1]

Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F70d01

Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F71d01

Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F72d01

Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F73d01

Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F7Ed01

Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F7Fd01

Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\BA17F746d01

Q:\BackUps\BACKUP SYSTEM DATEIEN\Marcel\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Z5OGDNR9\T2[1].html

Q:\BACKUP 082012\Downloads\SoftonicDownloader_fuer_g-force.exe
C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)
Q:\BACKUP 082012\Downloads\PROGS\swirlabstractsss.exe
Emptytemp:
       
*****************

C:\Users\Wallace\Downloads\SpyBot Search Destroy - CHIP-Installer.exe => Moved successfully.
C:\Users\Wallace\Downloads\winamp5666_full_all_inst.exe => Moved successfully.
O:\backup\Users\Wallace\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b56f2c6-30bc7037 => Moved successfully.
O:\backup\Users\Wallace\AppData\Roaming\BabSolution\Shared\BabMaint.exe => Moved successfully.
O:\backup\Users\Wallace\AppData\Roaming\OpenCandy\00473836941449648F9BC2CC9C8DA6DB\Setupsft_chr_p1v7.exe => Moved successfully.
O:\backup\Users\Wallace\AppData\Roaming\OpenCandy\88A0C4B74BD54A25BC3F55E29AB87F71\SearchGolTB.exe => Moved successfully.
O:\backup\Users\Wallace\Downloads\audioextractor.exe => Moved successfully.
O:\backup\Users\Wallace\Downloads\hypercam227-free.zip => Moved successfully.
O:\backup\Users\Wallace\Downloads\Games\Black Mesa Source-FULL\BlackMesa-Setup.exe => Moved successfully.
O:\Downloads\audioextractor.exe => Moved successfully.
O:\Downloads\hypercam227-free.zip => Moved successfully.
O:\Downloads\Games\Black Mesa Source-FULL\BlackMesa-Setup.exe => Moved successfully.
O:\Downloads\Games\GT Legends\SimRace_Essentials_Toolbar.exe => Moved successfully.
O:\Downloads\Games\GT Legends\Car Mods\Porsche 917K v1_01 by RMi Release Group.rar => Moved successfully.
O:\Downloads\Programme\COMPUTER_BILD-Download-Manager_fuer_Test_Drive_Unlimited_Patch_1.66A.exe => Moved successfully.
O:\Downloads\Programme\Mozilla-Firefox--Setup.exe => Moved successfully.
O:\Downloads\Programme\OpenOffice - CHIP-Downloader.exe => Moved successfully.
O:\Downloads\Programme\SpeedFan - CHIP-Downloader.exe => Moved successfully.
O:\Downloads\Programme\vlc-2.1.2-win64.exe => Moved successfully.
O:\Games\BF2 + BF2142\AIX 2.0\AIX_2.0_CORE_MOD.exe => Moved successfully.
Q:\BackUps\BACKUP C GEMEINSAME DOKUMENTE\Dokumente und Einstellungen\M.Wallace\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GZEDMR6V\42214.shoutbox[1] => Moved successfully.
Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F70d01 => Moved successfully.
Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F71d01 => Moved successfully.
Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F72d01 => Moved successfully.
Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F73d01 => Moved successfully.
Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F7Ed01 => Moved successfully.
Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\6BA17F7Fd01 => Moved successfully.
Q:\BackUps\BACKUP SYSTEM DATEIEN\WALLACE\Anwendungsdaten\Mozilla\Firefox\Profiles\q16cxm54.default\Cache\BA17F746d01 => Moved successfully.
Q:\BackUps\BACKUP SYSTEM DATEIEN\Marcel\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Z5OGDNR9\T2[1].html => Moved successfully.
Q:\BACKUP 082012\Downloads\SoftonicDownloader_fuer_g-force.exe => Moved successfully.
C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit) => Moved successfully.
Q:\BACKUP 082012\Downloads\PROGS\swirlabstractsss.exe => Moved successfully.
EmptyTemp: => Removed 412.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 16:27:05 ====
FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by Wallace (administrator) on DRAGON64 on 04-03-2015 16:30:46
Running from C:\Users\Wallace\Desktop
Loaded Profiles: Wallace (Available profiles: Wallace)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(ASUSTeK Computer Inc.) C:\ProgramData\ASUS\AsSysCtrlService\2.00.00\AsSysCtrlService.exe
(M-Audio) C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe
(Ideazon, Inc.) C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA)
HKLM-x32\...\Run: [Cpu Level Up help] => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [887936 2009-12-28] ()
HKLM-x32\...\Run: [Turbo Key] => C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe [1874432 2009-11-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Zboard] => C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe [182784 2011-02-22] (Ideazon, Inc.)
HKLM-x32\...\Run: [BF2Hub Client] => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe [1521664 2014-07-17] (BF2Hub Systems)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3631448 2015-02-27] (Electronic Arts)
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
Startup: C:\Users\Wallace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Wallace\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wallace\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3810334735-2351705608-1866539249-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\9r3ecmn6.default
FF Homepage: https://www.google.de/
FF NetworkProxy: "ftp", "182.239.95.137"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "182.239.95.137"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "182.239.95.137"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "182.239.95.137"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3810334735-2351705608-1866539249-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Wallace\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Stealthy - C:\Users\Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\9r3ecmn6.default\Extensions\stealthyextension@gmail.com.xpi [2013-12-15]
FF Extension: Adblock Plus - C:\Users\Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\9r3ecmn6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-15]

Chrome:
=======
CHR Profile: C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-02]
CHR Extension: (Docs) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-02]
CHR Extension: (Google Drive) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-02]
CHR Extension: (YouTube) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-02]
CHR Extension: (Google Search) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-02]
CHR Extension: (Google Sheets) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-02]
CHR Extension: (Google Wallet) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-02]
CHR Extension: (Gmail) - C:\Users\Wallace\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 AsSysCtrlService; C:\ProgramData\ASUS\AsSysCtrlService\2.00.00\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [96184 2013-12-09] (Overwolf)
R2 OxygenAudioDevMon; C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe [1632776 2010-03-04] (M-Audio)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-10-02] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-04] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-23] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2014-06-21] (Advanced Micro Devices) [File not signed]
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 MADFULEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [28680 2010-02-09] (M-Audio)
S3 MAUSBLEGACYKEYBOARD; C:\Windows\System32\DRIVERS\MAudioLegacyKeyboard.sys [196616 2010-02-09] (M-Audio)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-12-28] (Duplex Secure Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-06-16] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 16:30 - 2015-03-04 16:31 - 00021105 _____ () C:\Users\Wallace\Desktop\FRST.txt
2015-03-04 16:29 - 2015-03-04 16:29 - 00000000 ____D () C:\Users\Wallace\Desktop\Neuer Ordner
2015-03-02 20:01 - 2015-03-02 20:01 - 00852594 _____ () C:\Users\Wallace\Desktop\SecurityCheck.exe
2015-02-28 15:25 - 2015-02-28 15:28 - 00000000 ____D () C:\AdwCleaner
2015-02-28 15:09 - 2015-02-28 15:09 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-28 15:09 - 2015-02-28 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-28 15:09 - 2015-02-28 15:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-28 15:09 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-28 15:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-28 14:57 - 2015-02-28 14:57 - 01388274 _____ (Thisisu) C:\Users\Wallace\Desktop\JRT.exe
2015-02-28 14:56 - 2015-02-28 14:56 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Wallace\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-28 14:56 - 2015-02-28 14:56 - 02126848 _____ () C:\Users\Wallace\Desktop\AdwCleaner_4.111.exe
2015-02-27 22:21 - 2015-02-27 22:21 - 00094454 _____ () C:\Users\Wallace\Downloads\Uninstal.exe
2015-02-27 22:21 - 2015-02-27 22:21 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yardley McLaren M23 v1.01
2015-02-27 22:18 - 2015-02-27 22:20 - 206699576 _____ () C:\Users\Wallace\Downloads\Mod_SaReNi_Camaro_Gt3_GtRaceCar_ByACM_V1.0.rar
2015-02-27 22:18 - 2015-02-27 22:18 - 55260537 _____ () C:\Users\Wallace\Downloads\McLaren_M23_V1.01.rar
2015-02-27 22:14 - 2015-02-27 22:16 - 160323109 _____ () C:\Users\Wallace\Downloads\longford_67_0.8.8.rar
2015-02-27 21:32 - 2015-02-27 21:34 - 53880603 _____ () C:\Users\Wallace\Downloads\AC-Karelia_Cross-TTM.rar
2015-02-27 21:28 - 2015-02-27 21:29 - 21591213 _____ () C:\Users\Wallace\Downloads\simtraxx_rpsg_0.4_AC.rar
2015-02-27 21:23 - 2015-02-27 21:35 - 316503409 _____ () C:\Users\Wallace\Downloads\simtraxx_pikes_peak_hc_v0.3_AC.rar
2015-02-27 21:03 - 2015-02-27 21:03 - 15093277 _____ () C:\Users\Wallace\Downloads\Martini_Racing.rar
2015-02-27 20:18 - 2015-02-27 20:21 - 82183898 _____ () C:\Users\Wallace\Downloads\simtraxx_magnolia_0.1.rar
2015-02-27 20:16 - 2015-02-27 20:23 - 167474031 _____ () C:\Users\Wallace\Downloads\simtraxx_peyregrosse-mandagout_0.6_AC.rar
2015-02-27 20:01 - 2015-02-27 20:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-27 17:04 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-27 17:04 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-27 17:04 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-27 17:04 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-27 17:04 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-27 17:04 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-27 17:04 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-27 17:04 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-27 17:02 - 2015-02-27 17:22 - 00000000 ____D () C:\Qoobox
2015-02-27 17:01 - 2015-02-27 17:20 - 00000000 ____D () C:\Windows\erdnt
2015-02-27 17:00 - 2015-02-27 17:00 - 05611903 ____R (Swearware) C:\Users\Wallace\Desktop\ComboFix.exe
2015-02-25 21:35 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 21:35 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-23 19:56 - 2015-02-23 20:18 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-22 19:42 - 2015-03-04 16:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-22 19:42 - 2015-02-28 15:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-22 19:42 - 2015-02-23 18:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-22 19:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-22 19:40 - 2015-02-22 19:40 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Wallace\Desktop\tdsskiller.exe
2015-02-22 19:39 - 2015-02-22 19:39 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Wallace\Desktop\mbar-1.09.1.1004.exe
2015-02-21 22:40 - 2015-02-21 22:40 - 00275848 _____ () C:\Windows\Minidump\022115-22308-01.dmp
2015-02-21 22:31 - 2015-02-21 22:31 - 00380416 _____ () C:\Users\Wallace\Desktop\Gmer-19357.exe
2015-02-21 22:25 - 2015-02-21 22:25 - 00048966 _____ () C:\Users\Wallace\Downloads\Addition.txt
2015-02-21 22:24 - 2015-03-04 16:30 - 00000000 ____D () C:\FRST
2015-02-21 22:24 - 2015-03-02 20:16 - 02092544 _____ (Farbar) C:\Users\Wallace\Desktop\FRST64.exe
2015-02-21 22:24 - 2015-02-21 22:25 - 00051743 _____ () C:\Users\Wallace\Downloads\FRST.txt
2015-02-21 22:07 - 2015-02-21 22:07 - 00000656 _____ () C:\Users\Wallace\Downloads\defogger_disable.log
2015-02-21 22:07 - 2015-02-21 22:07 - 00000188 _____ () C:\Users\Wallace\defogger_reenable
2015-02-21 22:06 - 2015-02-21 22:06 - 00050477 _____ () C:\Users\Wallace\Desktop\Defogger.exe
2015-02-21 21:40 - 2015-02-23 20:08 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Contest_team
2015-02-21 00:38 - 2015-02-23 20:08 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Matter-suffer
2015-02-20 10:19 - 2015-02-20 10:19 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-20 10:18 - 2015-02-20 10:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-20 10:18 - 2015-02-20 10:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-20 10:18 - 2015-02-20 10:18 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-20 10:18 - 2015-02-20 10:18 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-20 10:18 - 2015-02-20 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-20 10:18 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-20 10:16 - 2015-02-20 10:16 - 00000000 ____D () C:\Users\Wallace\AppData\Local\Steam
2015-02-18 07:54 - 2015-02-20 11:53 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Gpwzdqjjza
2015-02-16 20:01 - 2015-02-16 20:03 - 00000000 ____D () C:\Users\Wallace\Downloads\Fury.Herz.aus.Stahl
2015-02-16 18:48 - 2015-02-18 07:54 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Knkwzygm
2015-02-16 18:20 - 2015-02-23 20:08 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Pace-worried
2015-02-16 00:30 - 2015-02-23 20:08 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Opening-speed
2015-02-15 23:17 - 2015-02-15 23:20 - 107431599 _____ () C:\Users\Wallace\Downloads\fmodstudio10512win-installer.exe
2015-02-15 13:06 - 2015-02-23 20:08 - 00000000 ___HD () C:\Users\Wallace\AppData\Roaming\Hatinvite
2015-02-14 17:23 - 2015-02-16 18:48 - 00000000 ___HD () C:\Users\Wallace\AppData\Local\Hvxphis
2015-02-13 20:09 - 2015-02-13 20:12 - 00000000 ____D () C:\Users\Wallace\Downloads\i.roo.201drei.GE.BDR-W
2015-02-13 19:55 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 19:55 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 19:55 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 19:55 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 15:45 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 15:45 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 15:45 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 15:45 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 15:45 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 15:45 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 15:45 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 15:45 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 15:45 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 15:45 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 15:45 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 15:45 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 15:45 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 15:45 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 15:45 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 15:45 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 15:45 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 15:45 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 15:45 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 15:45 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 15:45 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 15:45 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 15:45 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 15:45 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 15:45 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 15:45 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 15:45 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 15:45 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 15:45 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 15:45 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 15:45 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 15:45 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 15:45 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 15:45 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 15:45 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 15:45 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 15:45 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 15:45 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 15:45 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 15:45 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 15:45 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 15:45 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 15:45 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 15:45 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 15:45 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 15:45 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 15:45 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 15:45 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 15:45 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 15:45 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 15:45 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 15:45 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 19:57 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 19:57 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 19:57 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 19:57 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 19:57 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 19:57 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 19:56 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 19:56 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 19:56 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 19:56 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 19:56 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 19:56 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 19:56 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 19:56 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 19:56 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 19:56 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 19:56 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 19:56 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 19:56 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 19:56 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 19:56 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 19:56 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 19:56 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 19:56 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 19:56 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 19:56 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 19:56 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 19:56 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 19:56 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 19:56 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 19:56 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 19:56 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 19:56 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 19:56 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 19:55 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 19:55 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 19:55 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 19:55 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 19:55 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 19:55 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 19:55 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 19:55 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 19:55 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 19:54 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 18:49 - 2015-02-11 19:42 - 00000000 ____D () C:\Users\Wallace\Downloads\Metro_Last_Light_Redux-FLT
2015-02-11 18:13 - 2015-02-22 19:36 - 00000000 ____D () C:\ProgramData\rnx
2015-02-11 15:59 - 2015-02-11 16:10 - 00001003 _____ () C:\Users\Wallace\Desktop\Neues Textdokument.txt
2015-02-04 18:06 - 2015-02-04 18:08 - 00000000 ____D () C:\Users\Wallace\Documents\BFH Beta 2

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 16:31 - 2014-07-06 13:09 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-04 16:30 - 2014-09-04 20:00 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\Raptr
2015-03-04 16:30 - 2014-01-07 21:15 - 00000000 ___RD () C:\Users\Wallace\Dropbox
2015-03-04 16:30 - 2013-12-15 13:15 - 00000000 ____D () C:\ProgramData\Origin
2015-03-04 16:30 - 2013-12-15 13:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-04 16:29 - 2014-07-06 13:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-04 16:29 - 2014-01-07 21:14 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\Dropbox
2015-03-04 16:29 - 2013-12-27 15:36 - 00000000 ____D () C:\Users\Wallace\AppData\Local\TSVNCache
2015-03-04 16:28 - 2010-11-21 04:47 - 00282542 _____ () C:\Windows\PFRO.log
2015-03-04 16:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-04 16:28 - 2009-07-14 05:51 - 00084274 _____ () C:\Windows\setupact.log
2015-03-04 16:27 - 2013-12-15 03:32 - 01276824 _____ () C:\Windows\WindowsUpdate.log
2015-03-04 16:26 - 2013-12-19 16:08 - 00000000 ____D () C:\Program Files\Adobe
2015-03-04 16:25 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 16:25 - 2009-07-14 05:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-03 20:45 - 2013-12-15 02:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-03 18:45 - 2013-12-19 17:34 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-03 18:45 - 2013-12-19 15:53 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-03 18:45 - 2013-12-19 15:53 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-28 18:24 - 2014-01-22 17:56 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\vlc
2015-02-28 15:28 - 2013-12-15 03:32 - 00000000 ____D () C:\Users\Wallace
2015-02-28 15:21 - 2013-12-15 01:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-28 15:05 - 2014-02-07 13:21 - 00003922 _____ () C:\Windows\System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm
2015-02-28 15:03 - 2013-12-15 17:18 - 00000000 ___RD () C:\Users\Wallace\Desktop\Shelf
2015-02-27 17:22 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-27 17:18 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-27 16:58 - 2013-12-15 13:15 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-21 23:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-21 22:40 - 2013-12-15 11:36 - 680203791 _____ () C:\Windows\MEMORY.DMP
2015-02-21 22:40 - 2013-12-15 11:36 - 00000000 ____D () C:\Windows\Minidump
2015-02-16 19:50 - 2011-04-12 08:43 - 00710404 _____ () C:\Windows\system32\perfh007.dat
2015-02-16 19:50 - 2011-04-12 08:43 - 00154734 _____ () C:\Windows\system32\perfc007.dat
2015-02-16 19:50 - 2009-07-14 06:13 - 01651334 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 12:59 - 2013-12-15 13:17 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-02-15 12:59 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-14 19:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 15:43 - 2014-01-07 21:14 - 00000000 ____D () C:\Users\Wallace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 15:36 - 2009-07-14 05:45 - 04970104 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 15:33 - 2014-12-11 15:46 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 15:33 - 2014-09-03 19:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 20:04 - 2013-12-15 01:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:00 - 2013-12-15 01:27 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-07 19:26 - 2014-07-06 13:09 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 19:26 - 2014-07-06 13:09 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-07 13:00 - 2013-12-15 11:13 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-07 10:45 - 2013-12-15 02:02 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-07 10:45 - 2013-12-15 02:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-07 10:45 - 2013-12-15 02:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 19:44 - 2013-12-15 21:30 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-02-04 18:08 - 2013-12-27 02:10 - 00000000 ____D () C:\Users\Wallace\AppData\Local\PunkBuster
2015-02-04 18:08 - 2013-12-15 21:30 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-02-04 17:42 - 2013-12-15 21:30 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-04 17:41 - 2013-12-15 11:10 - 00588174 _____ () C:\Windows\DirectX.log

==================== Files in the root of some directories =======

2014-02-12 20:22 - 2014-02-12 20:22 - 0002499 _____ () C:\Program Files (x86)\unins000.dat
2014-02-12 20:22 - 2014-02-12 20:22 - 0682266 _____ () C:\Program Files (x86)\unins000.exe
2015-02-11 04:36 - 2015-02-11 04:36 - 0039936 _____ () C:\Users\Wallace\AppData\Roaming\12 Bracelets Passed To Spanish Hands.mp3
2014-01-07 18:17 - 2014-01-07 18:17 - 0000132 _____ () C:\Users\Wallace\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2013-12-28 10:50 - 2014-11-12 09:56 - 0000132 _____ () C:\Users\Wallace\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-07-11 14:46 - 2014-07-11 14:46 - 0000091 _____ () C:\Users\Wallace\AppData\Roaming\sversion.ini
2014-01-10 20:35 - 2014-04-11 02:10 - 0001456 _____ () C:\Users\Wallace\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-12-29 12:55 - 2013-12-29 12:55 - 0000095 _____ () C:\Users\Wallace\AppData\Local\fusioncache.dat

Some content of TEMP:
====================
C:\Users\Wallace\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd7gajq.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 19:10

==================== End Of Log ============================
--- --- ---


Bis jetzt keine Probleme mehr bemerkt. :daumenhoc

schrauber 04.03.2015 17:30
http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

DaWallace 04.03.2015 18:43
Vielen Dank! Alles wurde entfernt und bereinigt. Hab sogar endlich das TuneUp runtergeschmissen und entfernt.

Emisoft wird gleich aufgespielt und der Malwarebytes Scanner wird auch regelmäßig laufen gelassen.

System läuft derzeit wieder rund und dafür möchte ich mich herzlich bedanken!

Im Lob und Kritik Thread hab ich mich ebenfalls schon bedankt.

Gruß Marcel

schrauber 05.03.2015 07:07
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:15 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131