Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost.exe creates itself in C:/Windows/TEMP


  • This topic is locked This topic is locked
5 replies to this topic

#1 pepe79

pepe79

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 02 March 2015 - 01:51 AM

i have the same problem than another user before. i already read his topic but it's closed so i couldnt answer in there.

 

when i start my computer, it takes a long time untill kaspersky starts. after it finally startet, i get a message that my wifi is insecure and that my computer is infected with malware. kaspersky automatically deletes c:windows/temp/svchost.exe but when i restart my computer things repeat.

 

malwareantibytes tells something about bitcoin trojan.

 

 

what can i do to fix that problem?

 

 

 



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,933 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:01 AM

Posted 02 March 2015 - 03:13 AM

Hello pepe79 and welcome to the Bleeping Computer forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called FRST.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Logs to include with next post:

AdwCleaner log
RKreport.txt
FRST.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 pepe79

pepe79
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 02 March 2015 - 03:54 AM

Hi! Thanks for helping.

Here goes.

 

# AdwCleaner v4.111 - Bericht erstellt 02/03/2015 um 10:31:30

# Aktualisiert 18/02/2015 von Xplode

# Datenbank : 2015-03-02.1 [Server]

# Betriebssystem : Windows 8.1 Pro  (x64)

# Benutzername : pepe - PEPE

# Gestarted von : C:\AdwCleaner\adwcleaner_4.111.exe

# Option : Löschen

 

***** [ Dienste ] *****

 

***** [ Dateien / Ordner ] *****

 

***** [ Geplante Tasks ] *****

 

***** [ Verknüpfungen ] *****

 

***** [ Registrierungsdatenbank ] *****

 

Schlüssel Gelöscht : HKCU\Software\OCS

 

***** [ Internetbrowser ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

-\\ Mozilla Firefox v36.0 (x86 de)

 

-\\ Google Chrome v40.0.2214.115

 

-\\ Opera v0.0.0.0

 

*************************

 

AdwCleaner[R0].txt - [10055 Bytes] - [22/02/2015 08:50:42]

AdwCleaner[R1].txt - [4817 Bytes] - [22/02/2015 09:51:59]

AdwCleaner[R2].txt - [1269 Bytes] - [22/02/2015 09:55:52]

AdwCleaner[R3].txt - [1379 Bytes] - [22/02/2015 10:34:31]

AdwCleaner[R4].txt - [1492 Bytes] - [22/02/2015 10:40:28]

AdwCleaner[R5].txt - [1551 Bytes] - [23/02/2015 00:03:12]

AdwCleaner[R6].txt - [1750 Bytes] - [01/03/2015 07:52:11]

AdwCleaner[R7].txt - [1812 Bytes] - [02/03/2015 10:25:18]

AdwCleaner[R8].txt - [1871 Bytes] - [02/03/2015 10:29:13]

AdwCleaner[S0].txt - [4194 Bytes] - [22/02/2015 09:52:57]

AdwCleaner[S1].txt - [1069 Bytes] - [22/02/2015 09:57:40]

AdwCleaner[S2].txt - [1176 Bytes] - [22/02/2015 10:38:38]

AdwCleaner[S3].txt - [1506 Bytes] - [01/03/2015 07:56:39]

AdwCleaner[S4].txt - [1488 Bytes] - [02/03/2015 10:31:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1547  Bytes] ##########

 

 

 

RogueKiller V10.4.3.0 [Feb 23 2015] by Adlice Software

Mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Betriebssystem : Windows 8.1 (6.3.9200 ) 64 bits version

gestarted in : normaler Modus

User : pepe [Administrator]

Modus : Scannen -- Datum : 03/02/2015  10:44:31

¤¤¤ Prozesse : 0 ¤¤¤

¤¤¤ Registry : 14 ¤¤¤

[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1650395932-2732705422-4071963876-1001\Software\Microsoft\Windows\CurrentVersion\Run | MinimizeToTrayTool : C:\Users\pepe\AppData\Roaming\4dots Software\MinimizeToTrayTool\MinimizeToTrayTool.exe  -> Gefunden

[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1650395932-2732705422-4071963876-1001\Software\Microsoft\Windows\CurrentVersion\Run | BitTorrent : "C:\Users\pepe\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED  -> Gefunden

[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1650395932-2732705422-4071963876-1001\Software\Microsoft\Windows\CurrentVersion\Run | MinimizeToTrayTool : C:\Users\pepe\AppData\Roaming\4dots Software\MinimizeToTrayTool\MinimizeToTrayTool.exe  -> Gefunden

[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1650395932-2732705422-4071963876-1001\Software\Microsoft\Windows\CurrentVersion\Run | BitTorrent : "C:\Users\pepe\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED  -> Gefunden

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 87.120.0.1 87.120.0.10  -> Gefunden

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 87.120.0.1 87.120.0.10  -> Gefunden

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{972ACEA9-9DBF-4983-9A1F-22FF2756D5E0} | DhcpNameServer : 87.120.0.1 87.120.0.10  -> Gefunden

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{972ACEA9-9DBF-4983-9A1F-22FF2756D5E0} | DhcpNameServer : 87.120.0.1 87.120.0.10  -> Gefunden

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Gefunden

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Gefunden

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Gefunden

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Gefunden

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Gefunden

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Gefunden

¤¤¤ Aufgaben : 2 ¤¤¤

[Suspicious.Path] \\KMS Activation for Office -- C:\Windows\KMSAct.exe -> Gefunden

[Suspicious.Path] \\Origin -- C:\ProgramData\Origin\update.vbe -> Gefunden

¤¤¤ Dateien : 0 ¤¤¤

¤¤¤ Host Dateien : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: nicht geladen [0x20]) ¤¤¤

¤¤¤ Web Browser : 2 ¤¤¤

[PUM.Proxy][FIREFX:Config] z36uyivo.default : user_pref("network.proxy.http", "223.252.33.201"); -> Gefunden

[PUM.Proxy][FIREFX:Config] z36uyivo.default : user_pref("network.proxy.http_port", 33987); -> Gefunden

¤¤¤ MBR Überprüfung : ¤¤¤

+++++ PhysicalDrive0: ST3500418AS ATA Device +++++

--- User ---

[MBR] 47b893ceb1685c9a7d941072c78563aa

[BSP] 5b6c865128ae7f8632db3e6e5f0c53a6 : Windows Vista/7/8 MBR Code

Partition table:

0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB

1 - Basic data partition | Offset (sectors): 264192 | Size: 476810 MB

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: ST3320418AS ATA Device +++++

--- User ---

[MBR] 5a7ec45ab376166e54663c4b9a6042f5

[BSP] 7121a90f23be73c168d84737fd6d8a9d : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 305143 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

User = LL2 ... OK

 

============================================

RKreport_SCN_03022015_103905.log

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015

Ran by pepe (administrator) on PEPE on 02-03-2015 10:48:06

Running from C:\Users\pepe\Desktop

Loaded Profiles: pepe (Available profiles: pepe)

Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\wscript.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Microsoft Corporation) C:\Windows\System32\schtasks.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe

 

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774552 2014-11-19] (Realtek Semiconductor)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-02-27] (Raptr, Inc)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-1650395932-2732705422-4071963876-1001\...\Run: [MinimizeToTrayTool] => C:\Users\pepe\AppData\Roaming\4dots Software\MinimizeToTrayTool\MinimizeToTrayTool.exe [90112 2011-09-12] (4dots Software)

HKU\S-1-5-21-1650395932-2732705422-4071963876-1001\...\Run: [Gadwin PrintScreen (64-bit)] => C:\Program Files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe [14061216 2014-02-04] (Gadwin Systems)

HKU\S-1-5-21-1650395932-2732705422-4071963876-1001\...\Run: [BitTorrent] => C:\Users\pepe\AppData\Roaming\BitTorrent\BitTorrent.exe [1442904 2015-02-10] (BitTorrent Inc.)

HKU\S-1-5-21-1650395932-2732705422-4071963876-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)

HKU\S-1-5-21-1650395932-2732705422-4071963876-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)

HKU\S-1-5-21-1650395932-2732705422-4071963876-1001\...\MountPoints2: {50b2a907-55d3-11e2-be77-4061862e2a8a} - "F:\setup.exe"

HKU\S-1-5-21-1650395932-2732705422-4071963876-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-11-21] (Microsoft Corporation)

Startup: C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk

ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\S-1-5-21-1650395932-2732705422-4071963876-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.de.msn.com/

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)

BHO: PricieLoessss -> {bac69ba6-e174-4171-8ae0-75f1c0ba6161} -> C:\Program Files (x86)\PricieLoessss\1IjPJFMEdx7vfc.x64.dll No File

BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)

BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)

BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)

BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)

BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)

BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 87.120.0.1 87.120.0.10

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:

========

FF ProfilePath: C:\Users\pepe\AppData\Roaming\Mozilla\Firefox\Profiles\z36uyivo.default

FF NewTab: www.google.de/ig

FF DefaultSearchEngine: google.de PWS

FF Homepage: hxxp://www.google.de/ig

FF NetworkProxy: "ftp", "223.252.33.201"

FF NetworkProxy: "ftp_port", 33987

FF NetworkProxy: "gopher", "223.252.33.201"

FF NetworkProxy: "gopher_port", 33987

FF NetworkProxy: "http", "223.252.33.201"

FF NetworkProxy: "http_port", 33987

FF NetworkProxy: "socks", "223.252.33.201"

FF NetworkProxy: "socks_port", 33987

FF NetworkProxy: "ssl", "223.252.33.201"

FF NetworkProxy: "ssl_port", 33987

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @alternatiff.com/AlternaTIFF -> C:\Program Files\MIE\AlternaTIFF\npatif64.dll (Medical Informatics Engineering, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com ()

FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com ()

FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @unity3d.com/UnityPlayer,version=1.0 -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)

FF SearchPlugin: C:\Users\pepe\AppData\Roaming\Mozilla\Firefox\Profiles\z36uyivo.default\searchplugins\googlede-pws.xml

FF Extension: DownloadHelper - C:\Users\pepe\AppData\Roaming\Mozilla\Firefox\Profiles\z36uyivo.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-10]

FF Extension: Adblock Plus - C:\Users\pepe\AppData\Roaming\Mozilla\Firefox\Profiles\z36uyivo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-04]

FF Extension: Always on Top - C:\Users\pepe\AppData\Roaming\Mozilla\Firefox\Profiles\z36uyivo.default\Extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi [2012-12-12]

FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com

FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-11]

FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-11]

FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com

FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-11]

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-12-24]

 

Chrome:

=======

CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1424581748&from=amt&uid=ST3500418AS_9VM731GXXXXX9VM731GX

CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1424581748&from=amt&uid=ST3500418AS_9VM731GXXXXX9VM731GX"

CHR DefaultSearchKeyword: Default -> mystartsearch

CHR DefaultSearchURL: Default -> http://www.mystartsearch.com/web/?type=ds&ts=1424581748&from=amt&uid=ST3500418AS_9VM731GXXXXX9VM731GX&q={searchTerms}

CHR Profile: C:\Users\pepe\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\pepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-12]

CHR Extension: (Google Docs) - C:\Users\pepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]

CHR Extension: (Google Drive) - C:\Users\pepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-12]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\pepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-12]

CHR Extension: (YouTube) - C:\Users\pepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-12]

CHR Extension: (Google Search) - C:\Users\pepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-12]

CHR Extension: (Kaspersky Protection) - C:\Users\pepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-02-12]

CHR Extension: (Google Sheets) - C:\Users\pepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-12]

CHR Extension: (Google Wallet) - C:\Users\pepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-12]

CHR Extension: (Gmail) - C:\Users\pepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-12]

CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

StartMenuInternet: Google Chrome - Chrome.exe

Opera:

=======

StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe http://www.mystartsearch.com/?type=sc&ts=1424581748&from=amt&uid=ST3500418AS_9VM731GXXXXX9VM731GX

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)

S2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)

R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)

S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)

R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)

R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-04-07] (DT Soft Ltd)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)

R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)

S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)

R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [150536 2014-12-11] (Kaspersky Lab ZAO)

R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247480 2014-08-12] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [799944 2014-12-11] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)

R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)

R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [68616 2014-12-11] (Kaspersky Lab ZAO)

R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [77512 2014-12-11] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-02] ()

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-03-02 10:48 - 2015-03-02 10:48 - 00021106 _____ () C:\Users\pepe\Desktop\FRST.txt

2015-03-02 10:47 - 2015-03-02 10:48 - 00000000 ____D () C:\FRST

2015-03-02 10:47 - 2015-03-02 10:47 - 02092544 _____ (Farbar) C:\Users\pepe\Desktop\FRST64.exe

2015-03-02 10:46 - 2015-03-02 10:46 - 00004672 _____ () C:\Users\pepe\Desktop\RKreport_SCN_03022015_104431.log

2015-03-02 10:34 - 2015-03-02 10:34 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys

2015-03-02 10:34 - 2015-03-02 10:34 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-03-02 10:33 - 2015-03-02 10:33 - 00001627 _____ () C:\Users\pepe\Desktop\AdwCleaner[S4].txt

2015-03-02 10:24 - 2015-03-02 10:24 - 15536728 _____ () C:\Users\pepe\Desktop\RogueKiller.exe

2015-03-02 09:45 - 2015-03-02 09:45 - 00003188 _____ () C:\WINDOWS\System32\Tasks\{D11ECFE7-EC00-44FE-AA9C-582C0E285068}

2015-03-02 09:34 - 2015-03-02 09:34 - 00000000 ____D () C:\ProgramData\ATI

2015-03-02 09:05 - 2015-03-02 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved

2015-03-02 09:04 - 2015-03-02 09:04 - 00064312 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201503020904203351.log

2015-03-02 09:04 - 2015-03-02 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center

2015-03-02 09:03 - 2015-03-02 09:03 - 00000000 ____D () C:\WINDOWS\LastGood

2015-03-02 09:02 - 2015-03-02 09:02 - 00027004 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201503020902226641.log

2015-03-02 09:02 - 2015-03-02 09:02 - 00000000 ____D () C:\Program Files (x86)\AMD

2015-03-02 08:11 - 2015-03-02 08:11 - 00296216 _____ () C:\WINDOWS\Minidump\030215-14937-01.dmp

2015-03-02 08:11 - 2015-03-02 08:11 - 00000000 ____D () C:\WINDOWS\Minidump

2015-03-02 08:10 - 2015-03-02 08:10 - 556111256 _____ () C:\WINDOWS\MEMORY.DMP

2015-03-02 06:02 - 2015-03-02 06:02 - 00054200 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201503020602454971.log

2015-03-02 05:49 - 2015-03-02 05:49 - 00055045 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201503020549171714.log

2015-03-02 05:48 - 2015-03-02 05:48 - 00063437 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201503020548464369.log

2015-03-02 05:47 - 2015-03-02 06:43 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp

2015-03-01 15:46 - 2015-03-01 15:46 - 00064312 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201503011546498662.log

2015-03-01 15:45 - 2015-03-01 15:45 - 00059972 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201503011545029832.log

2015-03-01 15:45 - 2015-03-01 15:45 - 00000000 ____D () C:\Users\pepe\AppData\Local\Focus Home Interactive

2015-03-01 15:26 - 2015-03-01 15:26 - 00003086 _____ () C:\WINDOWS\System32\Tasks\Origin

2015-03-01 07:36 - 2015-03-01 07:36 - 00000000 ____D () C:\Users\pepe\Documents\SimCity

2015-03-01 07:35 - 2015-03-01 07:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor1911

2015-03-01 00:04 - 2015-03-01 12:19 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7427643A-C8D5-49E9-8210-FF3E8CA76481}

2015-03-01 00:04 - 2015-03-01 00:04 - 00000000 __SHD () C:\Users\pepe\AppData\Local\EmieUserList

2015-03-01 00:04 - 2015-03-01 00:04 - 00000000 __SHD () C:\Users\pepe\AppData\Local\EmieSiteList

2015-03-01 00:04 - 2015-03-01 00:04 - 00000000 __SHD () C:\Users\pepe\AppData\Local\EmieBrowserModeList

2015-02-25 17:18 - 2015-02-25 17:18 - 00000000 ____D () C:\Users\pepe\AppData\Local\PDF24

2015-02-25 17:17 - 2015-02-25 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24

2015-02-25 17:17 - 2015-02-25 17:17 - 00000000 ____D () C:\Program Files (x86)\PDF24

2015-02-25 14:36 - 2015-01-23 06:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2015-02-25 14:36 - 2015-01-23 05:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2015-02-25 14:36 - 2014-12-13 23:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls

2015-02-25 14:36 - 2014-12-13 23:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls

2015-02-25 05:36 - 2015-02-28 02:02 - 00000000 ____D () C:\Users\pepe\AppData\Roaming\Tropico 5

2015-02-25 05:36 - 2015-02-25 05:36 - 00000000 ____D () C:\Users\pepe\AppData\Roaming\Kalypso Media

2015-02-25 02:13 - 2015-02-25 02:13 - 00000000 ____D () C:\WINDOWS\system32\appraiser

2015-02-25 02:07 - 2015-02-25 02:07 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx

2015-02-25 00:43 - 2015-02-25 00:43 - 00000000 ____D () C:\Users\pepe\Documents\ProcAlyzer Dumps

2015-02-25 00:42 - 2015-02-25 00:41 - 00450771 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150225-004213.backup

2015-02-25 00:41 - 2013-08-22 15:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150225-004111.backup

2015-02-24 13:40 - 2015-02-24 13:40 - 00000000 ____D () C:\Users\pepe\Documents\FIFA 15

2015-02-23 20:10 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys

2015-02-23 20:10 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys

2015-02-23 20:06 - 2014-12-09 05:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll

2015-02-23 20:06 - 2014-12-09 03:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll

2015-02-23 20:03 - 2015-01-16 00:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2015-02-23 20:03 - 2015-01-16 00:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys

2015-02-23 20:03 - 2015-01-14 06:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll

2015-02-23 20:03 - 2015-01-14 05:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll

2015-02-23 20:03 - 2014-12-09 03:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2015-02-23 20:03 - 2014-11-10 04:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll

2015-02-23 20:03 - 2014-11-10 03:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll

2015-02-23 20:02 - 2015-01-14 00:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll

2015-02-23 20:02 - 2015-01-14 00:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll

2015-02-23 20:02 - 2015-01-10 11:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2015-02-23 20:02 - 2015-01-10 11:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2015-02-23 20:02 - 2015-01-10 10:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2015-02-23 20:02 - 2015-01-10 09:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll

2015-02-23 20:02 - 2015-01-10 08:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

2015-02-23 20:02 - 2014-12-19 10:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2015-02-23 20:02 - 2014-12-19 10:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2015-02-23 20:02 - 2014-12-09 01:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml

2015-02-23 20:02 - 2014-10-31 01:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll

2015-02-23 20:02 - 2014-10-31 01:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll

2015-02-23 20:02 - 2014-10-29 04:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll

2015-02-23 20:02 - 2014-10-29 04:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll

2015-02-23 20:02 - 2014-10-29 03:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll

2015-02-23 20:02 - 2014-10-29 03:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll

2015-02-23 20:02 - 2014-10-29 03:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll

2015-02-23 20:02 - 2014-10-29 03:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe

2015-02-23 20:02 - 2014-10-29 03:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe

2015-02-23 20:02 - 2014-10-29 03:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe

2015-02-23 20:02 - 2014-09-22 05:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys

2015-02-23 20:02 - 2014-09-22 05:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys

2015-02-23 20:02 - 2014-09-22 04:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys

2015-02-23 20:02 - 2014-09-03 00:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll

2015-02-23 20:02 - 2014-09-03 00:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll

2015-02-23 20:01 - 2014-12-19 08:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys

2015-02-23 20:01 - 2014-12-12 04:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe

2015-02-23 20:01 - 2014-12-12 02:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys

2015-02-23 20:00 - 2015-01-12 05:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-02-23 20:00 - 2015-01-12 04:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2015-02-23 20:00 - 2015-01-12 04:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-02-23 20:00 - 2015-01-12 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2015-02-23 20:00 - 2015-01-12 04:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-02-23 20:00 - 2015-01-12 04:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-02-23 20:00 - 2015-01-12 04:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2015-02-23 20:00 - 2015-01-12 04:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-02-23 20:00 - 2015-01-12 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2015-02-23 20:00 - 2015-01-12 04:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2015-02-23 20:00 - 2015-01-12 04:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2015-02-23 20:00 - 2015-01-12 03:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2015-02-23 20:00 - 2015-01-12 03:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-02-23 20:00 - 2015-01-12 03:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2015-02-23 20:00 - 2015-01-12 03:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2015-02-23 20:00 - 2015-01-12 03:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2015-02-23 20:00 - 2015-01-12 03:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2015-02-23 20:00 - 2015-01-12 03:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2015-02-23 20:00 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll

2015-02-23 20:00 - 2015-01-12 03:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-02-23 20:00 - 2015-01-12 03:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2015-02-23 20:00 - 2015-01-12 03:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2015-02-23 20:00 - 2015-01-12 03:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2015-02-23 20:00 - 2015-01-12 03:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2015-02-23 20:00 - 2015-01-12 03:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2015-02-23 20:00 - 2015-01-12 03:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2015-02-23 20:00 - 2015-01-12 03:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2015-02-23 20:00 - 2015-01-12 03:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2015-02-23 20:00 - 2015-01-12 03:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-02-23 20:00 - 2015-01-12 03:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2015-02-23 20:00 - 2015-01-12 03:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2015-02-23 20:00 - 2015-01-12 03:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2015-02-23 20:00 - 2015-01-12 02:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2015-02-23 20:00 - 2015-01-12 02:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2015-02-23 20:00 - 2014-11-22 04:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

2015-02-23 20:00 - 2014-11-22 04:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec

2015-02-23 20:00 - 2014-11-22 04:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2015-02-23 20:00 - 2014-11-22 04:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2015-02-23 20:00 - 2014-11-22 03:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2015-02-23 20:00 - 2014-11-22 03:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2015-02-23 19:54 - 2015-01-19 20:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll

2015-02-23 19:54 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe

2015-02-23 19:54 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe

2015-02-23 19:53 - 2015-02-04 01:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2015-02-23 19:53 - 2015-02-04 01:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2015-02-23 19:53 - 2015-02-04 01:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2015-02-23 19:53 - 2015-02-03 01:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2015-02-23 19:53 - 2015-02-03 01:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2015-02-23 19:53 - 2015-02-03 01:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2015-02-23 19:53 - 2015-01-10 10:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2015-02-23 19:53 - 2014-12-06 05:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll

2015-02-23 19:53 - 2014-12-06 03:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll

2015-02-23 19:53 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2015-02-23 19:53 - 2014-11-10 01:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2015-02-23 19:53 - 2014-11-10 01:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2015-02-23 19:53 - 2014-11-10 01:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll

2015-02-23 19:53 - 2014-11-10 01:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll

2015-02-23 19:53 - 2014-11-01 01:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2015-02-23 19:53 - 2014-11-01 01:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2015-02-23 19:53 - 2014-10-31 00:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

2015-02-23 19:53 - 2014-10-31 00:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe

2015-02-23 19:49 - 2014-12-08 21:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2015-02-23 19:49 - 2014-12-08 21:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2015-02-23 19:49 - 2014-12-08 21:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

2015-02-23 19:49 - 2014-12-08 21:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

2015-02-23 19:49 - 2014-12-06 03:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2015-02-23 19:49 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll

2015-02-23 19:49 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll

2015-02-23 19:48 - 2014-12-08 21:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

2015-02-23 19:48 - 2014-12-08 21:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll

2015-02-23 19:48 - 2014-12-08 21:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe

2015-02-23 19:48 - 2014-12-08 21:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe

2015-02-23 00:20 - 2015-02-23 00:20 - 00001023 _____ () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\SpeedFan.lnk

2015-02-23 00:19 - 2015-02-25 04:19 - 00000000 ____D () C:\Program Files (x86)\SpeedFan

2015-02-23 00:19 - 2015-02-23 00:19 - 00000000 ____D () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan

2015-02-22 22:07 - 2015-02-22 22:07 - 00000000 ____D () C:\Program Files (x86)\tpt

2015-02-22 22:02 - 2015-02-22 22:02 - 00000452 __RSH () C:\ProgramData\ntuser.pol

2015-02-22 21:29 - 2015-02-22 21:29 - 00000000 ____D () C:\Users\pepe\OneDrive

2015-02-22 16:27 - 2015-02-22 16:27 - 00001108 _____ () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Calculator.lnk

2015-02-22 10:27 - 2015-02-22 10:32 - 00000000 ____D () C:\Program Files\KMSpico

2015-02-22 10:27 - 2015-02-22 10:27 - 00004608 _____ () C:\WINDOWS\SECOH-QAD.exe

2015-02-22 10:27 - 2015-02-22 10:27 - 00003584 _____ () C:\WINDOWS\SECOH-QAD.dll

2015-02-22 09:56 - 2015-02-23 00:03 - 00001047 _____ () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\adwcleaner.lnk

2015-02-22 08:50 - 2015-03-02 10:31 - 00000000 ____D () C:\AdwCleaner

2015-02-22 07:53 - 2015-03-02 08:51 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-02-22 07:53 - 2015-02-22 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-22 07:52 - 2015-02-22 07:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-22 07:52 - 2015-02-22 07:52 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-22 07:52 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-02-22 07:52 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-02-22 07:52 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-02-22 07:14 - 2015-02-22 07:14 - 00003140 _____ () C:\WINDOWS\System32\Tasks\{B51BC3CF-39D9-48A2-8502-5C5A9EFE7DA3}

2015-02-22 07:07 - 2015-02-22 07:31 - 00000000 ___DC () C:\WINDOWS\Panther

2015-02-22 07:06 - 2015-02-22 07:06 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff

2015-02-22 07:05 - 2015-02-22 07:05 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer

2015-02-22 07:05 - 2015-02-22 07:05 - 00000000 ____D () C:\Program Files\Reference Assemblies

2015-02-22 07:05 - 2015-02-22 07:05 - 00000000 ____D () C:\Program Files\MSBuild

2015-02-22 07:05 - 2015-02-22 07:05 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies

2015-02-22 07:05 - 2015-02-22 07:05 - 00000000 ____D () C:\Program Files (x86)\MSBuild

2015-02-22 07:04 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll

2015-02-22 07:04 - 2013-08-03 06:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll

2015-02-22 07:04 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll

2015-02-22 07:04 - 2013-08-03 06:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2015-02-22 06:42 - 2015-02-22 06:42 - 00060817 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201502220642146820.log

2015-02-22 06:40 - 2015-02-22 06:40 - 00066560 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201502220640514474.log

2015-02-22 06:40 - 2015-02-22 06:40 - 00000000 ____D () C:\Users\Default\AppData\Roaming\ATI

2015-02-22 06:40 - 2015-02-22 06:40 - 00000000 ____D () C:\Users\Default\AppData\Local\ATI

2015-02-22 06:40 - 2015-02-22 06:40 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\ATI

2015-02-22 06:40 - 2015-02-22 06:40 - 00000000 ____D () C:\Users\Default User\AppData\Local\ATI

2015-02-22 06:32 - 2015-02-22 07:09 - 00001466 _____ () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-02-22 06:32 - 2015-02-22 06:32 - 00000020 ___SH () C:\Users\pepe\ntuser.ini

2015-02-22 06:31 - 2015-03-02 10:47 - 01446187 _____ () C:\WINDOWS\WindowsUpdate.log

2015-02-22 06:31 - 2015-02-22 06:31 - 00000000 _SHDL () C:\Users\Default\Vorlagen

2015-02-22 06:31 - 2015-02-22 06:31 - 00000000 _SHDL () C:\Users\Default\Startmenü

2015-02-22 06:31 - 2015-02-22 06:31 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung

2015-02-22 06:31 - 2015-02-22 06:31 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen

2015-02-22 06:31 - 2015-02-22 06:31 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien

2015-02-22 06:31 - 2015-02-22 06:31 - 00000000 _SHDL () C:\Users\Default\Druckumgebung

2015-02-22 06:31 - 2015-02-22 06:31 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik

2015-02-22 06:31 - 2015-02-22 06:31 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder

2015-02-22 06:31 - 2015-02-22 06:31 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2015-02-22 06:31 - 2015-02-22 06:31 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf

2015-02-22 06:31 - 2015-02-22 06:31 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten

2015-02-22 06:31 - 2015-02-22 06:31 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten

2015-02-22 06:31 - 2015-02-22 06:31 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik

2015-02-22 06:31 - 2015-02-22 06:31 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder

2015-02-22 06:31 - 2015-02-22 06:31 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2015-02-22 06:31 - 2015-02-22 06:31 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf

2015-02-22 06:31 - 2015-02-22 06:31 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten

2015-02-22 06:30 - 2015-02-22 06:30 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat

2015-02-22 06:18 - 2015-02-22 06:18 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-02-22 06:15 - 2015-02-22 06:15 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate

2015-02-22 06:14 - 2015-03-02 10:31 - 00000000 ____D () C:\Users\pepe

2015-02-22 06:14 - 2015-02-22 06:31 - 00024768 _____ () C:\WINDOWS\diagwrn.xml

2015-02-22 06:14 - 2015-02-22 06:31 - 00024768 _____ () C:\WINDOWS\diagerr.xml

2015-02-22 06:14 - 2015-02-22 06:14 - 00000000 _SHDL () C:\Users\pepe\Vorlagen

2015-02-22 06:14 - 2015-02-22 06:14 - 00000000 _SHDL () C:\Users\pepe\Startmenü

2015-02-22 06:14 - 2015-02-22 06:14 - 00000000 _SHDL () C:\Users\pepe\Netzwerkumgebung

2015-02-22 06:14 - 2015-02-22 06:14 - 00000000 _SHDL () C:\Users\pepe\Lokale Einstellungen

2015-02-22 06:14 - 2015-02-22 06:14 - 00000000 _SHDL () C:\Users\pepe\Eigene Dateien

2015-02-22 06:14 - 2015-02-22 06:14 - 00000000 _SHDL () C:\Users\pepe\Druckumgebung

2015-02-22 06:14 - 2015-02-22 06:14 - 00000000 _SHDL () C:\Users\pepe\Documents\Eigene Musik

2015-02-22 06:14 - 2015-02-22 06:14 - 00000000 _SHDL () C:\Users\pepe\Documents\Eigene Bilder

2015-02-22 06:14 - 2015-02-22 06:14 - 00000000 _SHDL () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programme

2015-02-22 06:14 - 2015-02-22 06:14 - 00000000 _SHDL () C:\Users\pepe\AppData\Local\Verlauf

2015-02-22 06:14 - 2015-02-22 06:14 - 00000000 _SHDL () C:\Users\pepe\AppData\Local\Anwendungsdaten

2015-02-22 06:14 - 2015-02-22 06:14 - 00000000 _SHDL () C:\Users\pepe\Anwendungsdaten

2015-02-22 06:14 - 2015-02-22 06:14 - 00000000 ___RD () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-02-22 06:14 - 2014-11-21 13:08 - 00000000 ___RD () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-02-22 06:14 - 2014-11-21 13:08 - 00000000 ___RD () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-02-22 06:14 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk

2015-02-22 06:14 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk

2015-02-22 06:14 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-02-22 06:09 - 2015-03-02 06:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM

2015-02-22 06:09 - 2015-03-02 06:43 - 00000000 ____D () C:\Program Files\Realtek

2015-02-22 06:09 - 2015-02-22 06:09 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys

2015-02-22 06:09 - 2015-02-22 06:09 - 00001164 _____ () C:\WINDOWS\LkmdfCoInst.log

2015-02-22 05:52 - 2015-02-22 06:31 - 00006608 _____ () C:\WINDOWS\comsetup.log

2015-02-22 05:00 - 2015-02-22 05:39 - 00000000 __RHD () C:\ESD

2015-02-19 07:41 - 2015-02-23 00:19 - 00000045 _____ () C:\WINDOWS\SysWOW64\initdebug.nfo

2015-02-19 07:41 - 2015-02-22 06:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan

2015-02-18 04:03 - 2015-02-22 06:19 - 00000000 ____D () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker

2015-02-18 04:03 - 2015-02-18 04:03 - 00000000 ____D () C:\Program Files\Unlocker

2015-02-18 03:59 - 2015-02-18 03:59 - 00003132 _____ () C:\WINDOWS\System32\Tasks\{9F67DCE8-6ECA-4F24-B112-246F0D203534}

2015-02-18 01:40 - 2015-02-18 01:40 - 00000000 ____D () C:\Users\pepe\.android

2015-02-16 16:54 - 2015-02-17 02:39 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager

2015-02-16 00:52 - 2015-02-16 00:52 - 00001728 _____ () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\CyberGhost 5.lnk

2015-02-16 00:52 - 2015-02-16 00:52 - 00001221 _____ () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Mozilla Firefox.lnk

2015-02-15 06:38 - 2015-02-15 06:39 - 00000000 ____D () C:\Users\pepe\AppData\Local\CyberGhost

2015-02-15 06:37 - 2015-02-22 06:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5

2015-02-15 06:37 - 2015-02-15 06:39 - 00000000 ____D () C:\Program Files\CyberGhost 5

2015-02-15 06:37 - 2015-02-15 06:38 - 00000000 ____D () C:\Program Files\TAP-Windows

2015-02-15 06:31 - 2015-02-15 06:31 - 00000000 ____D () C:\Program Files (x86)\Tor Browser

2015-02-13 21:34 - 2015-02-13 21:34 - 00000000 ____D () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2015-02-13 17:39 - 2015-02-13 17:39 - 00002094 _____ () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\OpenHardwareMonitor.lnk

2015-02-13 16:52 - 2015-02-13 16:52 - 00000000 ____D () C:\Program Files (x86)\openhardwaremonitor-v0.7.1-beta

2015-02-13 03:44 - 2015-02-13 03:44 - 00000000 ____D () C:\Users\pepe\Documents\Eden Games

2015-02-13 03:37 - 2015-02-13 03:37 - 00000000 ____D () C:\Users\pepe\AppData\Local\i-Knyazev.ru

2015-02-13 03:06 - 2015-02-22 06:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari

2015-02-12 16:58 - 2015-03-02 10:33 - 00001112 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-12 16:58 - 2015-03-02 10:03 - 00001116 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-12 16:58 - 2015-02-22 06:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-02-12 16:58 - 2015-02-12 16:58 - 00004088 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-12 16:58 - 2015-02-12 16:58 - 00003852 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-12 16:58 - 2015-02-12 16:58 - 00000000 ____D () C:\Users\pepe\AppData\Local\Google

2015-02-12 16:58 - 2015-02-12 16:58 - 00000000 ____D () C:\Program Files (x86)\Google

2015-02-12 16:07 - 2015-02-12 16:07 - 00000000 ____D () C:\WINDOWS\pss

2015-02-11 21:46 - 2015-01-29 10:30 - 00011056 ____N () C:\WINDOWS\system32\AutoconfigV2.cab

2015-02-11 21:06 - 2015-02-22 06:17 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies

2015-02-11 20:53 - 2014-12-03 14:51 - 00960728 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll

2015-02-11 20:53 - 2014-12-03 12:41 - 04290520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys

2015-02-11 20:53 - 2014-12-03 11:15 - 01485163 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT

2015-02-11 20:53 - 2014-12-02 12:42 - 03218800 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll

2015-02-11 20:53 - 2014-11-27 09:31 - 02823024 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll

2015-02-11 20:53 - 2014-11-19 09:42 - 01289944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll

2015-02-11 20:53 - 2014-11-11 07:44 - 00631000 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll

2015-02-11 20:53 - 2014-08-06 07:43 - 02860760 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll

2015-02-11 20:53 - 2014-04-10 06:19 - 02041432 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll

2015-02-11 20:53 - 2014-03-06 10:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl

2015-02-11 20:53 - 2014-01-08 09:25 - 00397592 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBWrp64.dll

2015-02-11 20:53 - 2012-06-08 10:21 - 00897152 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO64.dll

2015-02-11 20:53 - 2012-06-08 10:21 - 00753280 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO32.dll

2015-02-11 20:53 - 2011-12-20 09:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll

2015-02-11 20:53 - 2011-12-16 08:57 - 00065112 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBppld64.dll

2015-02-11 20:53 - 2011-11-22 10:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll

2015-02-11 20:53 - 2010-11-08 01:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll

2015-02-11 20:53 - 2010-11-08 01:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll

2015-02-11 20:53 - 2010-11-08 01:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll

2015-02-11 20:53 - 2010-11-08 01:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll

2015-02-11 20:53 - 2010-11-08 01:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll

2015-02-11 20:53 - 2010-11-08 01:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll

2015-02-11 20:53 - 2010-11-03 12:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll

2015-02-11 20:53 - 2010-09-27 03:34 - 00318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll

2015-02-11 20:53 - 2009-11-24 03:55 - 00518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll

2015-02-11 20:53 - 2009-11-24 03:55 - 00211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll

2015-02-11 20:53 - 2009-11-24 03:55 - 00198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll

2015-02-11 20:53 - 2009-11-24 03:55 - 00155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll

2015-02-11 20:53 - 2009-11-18 01:13 - 00060504 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBPPCn64.dll

2015-02-11 20:52 - 2014-10-23 11:34 - 02080472 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll

2015-02-11 20:52 - 2014-06-09 04:59 - 00560328 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll

2015-02-11 20:52 - 2014-02-18 11:04 - 02770976 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll

2015-02-11 20:52 - 2013-10-11 06:47 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll

2015-02-11 20:52 - 2012-03-08 05:47 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll

2015-02-11 20:47 - 2014-07-18 14:31 - 00874712 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys

2015-02-11 20:47 - 2014-07-18 14:31 - 00073800 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll

2015-02-11 20:23 - 2015-02-11 20:23 - 00243664 _____ () C:\Users\pepe\Downloads\Firefox Setup Stub 35.0.1.exe

2015-02-11 19:45 - 2015-02-11 19:45 - 00000000 ____D () C:\Users\Public\Documents\Speedbit

2015-02-11 19:45 - 2015-02-11 19:45 - 00000000 ____D () C:\Users\pepe\AppData\Roaming\dlg

2015-02-11 15:06 - 2015-02-11 15:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-02-11 15:02 - 2015-03-02 06:43 - 00000000 ____D () C:\Program Files (x86)\Realtek

2015-02-11 14:41 - 2015-02-11 20:53 - 00000000 ___HD () C:\Program Files (x86)\Temp

2015-02-11 14:36 - 2015-02-23 02:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI

2015-02-11 14:36 - 2015-02-23 02:39 - 00000000 ____D () C:\Program Files (x86)\MSI

2015-02-11 14:36 - 2015-02-11 14:36 - 00000000 ____D () C:\MSI

2015-02-11 05:51 - 2015-02-11 05:51 - 00058826 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201502110551038724.log

2015-02-11 05:51 - 2015-02-11 05:51 - 00000000 ____D () C:\Program Files (x86)\AMD AVT

2015-02-11 05:41 - 2015-02-11 05:41 - 00000000 ____D () C:\Users\pepe\AppData\Roaming\ATI

2015-02-11 05:41 - 2015-02-11 05:41 - 00000000 ____D () C:\Users\pepe\AppData\Local\ATI

2015-02-11 05:41 - 2015-02-11 05:41 - 00000000 ____D () C:\Users\pepe\AppData\Local\AMD

2015-02-11 05:34 - 2015-02-11 05:34 - 00000000 ____D () C:\Users\pepe\AppData\Roaming\library_dir

2015-02-11 05:33 - 2015-03-02 10:33 - 00000000 ____D () C:\Users\pepe\AppData\Roaming\Raptr

2015-02-11 05:33 - 2015-03-02 09:05 - 00000000 ____D () C:\Program Files (x86)\Raptr

2015-02-11 05:33 - 2015-03-02 09:03 - 00000000 ____D () C:\ProgramData\AMD

2015-02-11 05:33 - 2015-02-11 05:33 - 00067420 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201502110533410649.log

2015-02-11 05:32 - 2015-03-02 09:46 - 00000000 ____D () C:\Program Files\AMD

2015-02-11 05:32 - 2015-03-02 09:02 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies

2015-02-11 05:24 - 2015-03-02 09:02 - 00000000 ____D () C:\Program Files\ATI Technologies

2015-02-11 05:24 - 2015-03-02 06:36 - 00000000 ____D () C:\Program Files\ATI

2015-02-11 05:23 - 2015-03-02 08:59 - 00000000 ____D () C:\AMD

2015-02-11 03:41 - 2015-03-02 09:02 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-11 03:41 - 2015-02-11 20:13 - 00000000 ____D () C:\Users\pepe\AppData\Local\Game Updater

2015-02-11 03:41 - 2015-02-11 03:41 - 00000000 ____D () C:\Users\pepe\Documents\Ghost Games

2015-02-11 03:30 - 2015-02-11 03:30 - 00000000 ____D () C:\Users\pepe\AppData\Local\Setup Integrity Check

2015-02-11 02:43 - 2015-02-11 02:43 - 00000000 __SHD () C:\ProgramData\DSS

2015-02-11 02:21 - 2015-02-11 02:21 - 00000000 ____D () C:\Users\pepe\Documents\Games for Windows - LIVE Demos

2015-02-11 02:19 - 2015-02-22 06:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace

2015-02-11 02:19 - 2015-02-11 21:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2015-02-10 23:31 - 2015-02-10 23:31 - 00001753 _____ () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\iTunes.lnk

2015-02-10 23:15 - 2015-02-22 06:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-02-10 23:14 - 2015-02-10 23:15 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2015-02-10 23:14 - 2015-02-10 23:15 - 00000000 ____D () C:\Program Files\iTunes

2015-02-10 23:14 - 2015-02-10 23:14 - 00000000 ____D () C:\Program Files\iPod

2015-02-10 23:14 - 2015-02-10 23:14 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 10:45 - 2013-12-20 02:38 - 00000000 ____D () C:\Users\pepe\AppData\Roaming\ClassicShell

2015-03-02 10:41 - 2012-12-11 20:16 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1650395932-2732705422-4071963876-1001

2015-03-02 10:33 - 2014-02-09 22:29 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2015-03-02 10:32 - 2013-08-22 16:46 - 00316880 _____ () C:\WINDOWS\setupact.log

2015-03-02 10:32 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-03-02 10:32 - 2012-12-12 04:26 - 00000208 _____ () C:\WINDOWS\Tasks\AutoKMS.job

2015-03-02 10:31 - 2013-08-22 15:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI

2015-03-02 10:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-03-02 08:10 - 2014-11-20 20:24 - 00022312 _____ () C:\WINDOWS\PFRO.log

2015-03-02 07:59 - 2012-12-11 20:47 - 00000000 ____D () C:\WINDOWS\KJ

2015-03-02 06:43 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender

2015-03-02 06:43 - 2012-12-11 22:13 - 00000000 ____D () C:\Users\pepe\AppData\Roaming\vlc

2015-03-02 06:38 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration

2015-03-02 06:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2015-03-01 15:26 - 2013-04-07 00:03 - 00000000 ___HD () C:\ProgramData\Origin

2015-03-01 15:26 - 2012-12-13 14:52 - 00400896 ___SH () C:\Users\pepe\Desktop\Thumbs.db

2015-03-01 15:23 - 2012-12-12 02:42 - 00000000 ____D () C:\Users\pepe\AppData\Roaming\BitTorrent

2015-03-01 14:21 - 2012-12-12 04:26 - 00000220 _____ () C:\WINDOWS\Tasks\AutoKMSDaily.job

2015-03-01 07:54 - 2014-11-21 05:35 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-03-01 07:54 - 2014-11-21 04:45 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat

2015-03-01 07:54 - 2014-11-21 04:45 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat

2015-03-01 07:42 - 2014-12-22 21:21 - 00032768 _____ () C:\WINDOWS\system32\persistent_q.db-shm

2015-03-01 07:38 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

2015-02-26 21:33 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\tracing

2015-02-26 19:22 - 2012-12-11 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-02-26 15:39 - 2014-12-22 21:21 - 00003072 _____ () C:\WINDOWS\system32\persistent_q.db

2015-02-26 07:44 - 2012-12-11 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-02-25 17:07 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-02-25 16:49 - 2012-12-13 02:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

2015-02-25 04:48 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache

2015-02-25 02:17 - 2013-08-22 16:44 - 00410360 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2015-02-25 02:13 - 2014-11-21 13:07 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2015-02-25 02:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-02-25 02:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-02-25 02:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS

2015-02-25 02:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS

2015-02-25 02:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2015-02-25 02:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions

2015-02-25 00:43 - 2014-01-29 00:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2015-02-24 01:40 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-02-22 23:10 - 2012-12-11 20:08 - 00000000 ____D () C:\Users\pepe\AppData\Local\Packages

2015-02-22 22:01 - 2013-08-22 17:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy

2015-02-22 07:37 - 2012-12-12 13:57 - 00034919 _____ () C:\WINDOWS\AutoKMS.log

2015-02-22 07:16 - 2014-12-11 14:57 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense

2015-02-22 07:09 - 2012-12-11 20:14 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-02-22 07:06 - 2013-08-22 17:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template

2015-02-22 06:40 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\restore

2015-02-22 06:33 - 2012-12-11 20:09 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD

2015-02-22 06:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT

2015-02-22 06:31 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default

2015-02-22 06:28 - 2013-08-22 17:36 - 00000000 __RSD () C:\WINDOWS\Media

2015-02-22 06:28 - 2013-08-22 17:36 - 00000000 __RHD () C:\Users\Public\Libraries

2015-02-22 06:19 - 2014-12-22 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2015-02-22 06:19 - 2014-12-22 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2015-02-22 06:19 - 2014-12-11 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security

2015-02-22 06:19 - 2014-01-29 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2015-02-22 06:19 - 2013-12-19 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker.Eu

2015-02-22 06:19 - 2013-08-21 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++

2015-02-22 06:19 - 2013-08-20 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2015-02-22 06:19 - 2013-08-09 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher

2015-02-22 06:19 - 2013-08-08 18:05 - 00000000 ____D () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2

2015-02-22 06:19 - 2013-08-08 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-02-22 06:19 - 2013-07-06 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2015-02-22 06:19 - 2013-07-05 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.0

2015-02-22 06:19 - 2013-06-17 20:13 - 00000000 ____D () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.EU

2015-02-22 06:19 - 2013-04-07 00:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite

2015-02-22 06:19 - 2012-12-14 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain

2015-02-22 06:19 - 2012-12-13 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

2015-02-22 06:19 - 2012-12-12 03:47 - 00000000 ____D () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2015-02-22 06:19 - 2012-12-12 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2015-02-22 06:19 - 2012-12-11 22:06 - 00000000 ____D () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in

2015-02-22 06:18 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN

2015-02-22 06:18 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep

2015-02-22 06:18 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\system32\WCN

2015-02-22 06:18 - 2013-08-22 17:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log

2015-02-22 06:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI

2015-02-22 06:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz

2015-02-22 06:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME

2015-02-22 06:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns

2015-02-22 06:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\spool

2015-02-22 06:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\MUI

2015-02-22 06:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\IME

2015-02-22 06:18 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI

2015-02-22 06:18 - 2013-05-18 18:20 - 00000000 ____D () C:\WINDOWS\SysWOW64\%Report%

2015-02-22 06:18 - 2012-12-18 15:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\QuickTime

2015-02-22 06:18 - 2012-07-26 07:37 - 00000000 ____D () C:\Users\Default.migrated

2015-02-22 06:17 - 2014-12-24 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

2015-02-22 06:17 - 2014-02-08 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin

2015-02-22 06:17 - 2013-08-22 17:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker

2015-02-22 06:17 - 2013-08-22 17:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar

2015-02-22 06:17 - 2013-08-22 17:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar

2015-02-22 06:17 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\IME

2015-02-22 06:17 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Help

2015-02-22 06:17 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\System

2015-02-22 06:17 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2015-02-22 06:17 - 2012-12-18 16:00 - 00000000 ____D () C:\WINDOWS\system32\appmgmt

2015-02-22 06:17 - 2012-12-11 20:08 - 00000000 ____D () C:\ProgramData\PRICache

2015-02-22 06:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery

2015-02-22 06:14 - 2012-12-13 14:23 - 00000000 ____D () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4dots Software

2015-02-22 06:11 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep

2015-02-22 06:11 - 2012-12-11 20:03 - 00000000 __SHD () C:\Recovery

2015-02-22 05:56 - 2012-12-11 20:08 - 01964229 _____ () C:\WINDOWS\WindowsUpdate (1).log

2015-02-21 01:41 - 2013-12-20 00:13 - 00000000 ____D () C:\ProgramData\ClassicShell

2015-02-21 01:40 - 2013-12-20 00:11 - 00000000 ____D () C:\Program Files\Classic Shell

2015-02-18 21:55 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent

2015-02-18 04:13 - 2012-12-12 00:47 - 00000000 ____D () C:\Users\pepe\AppData\Local\Adobe

2015-02-17 01:46 - 2012-12-11 22:12 - 00000000 ____D () C:\Program Files (x86)\VLC

2015-02-11 21:39 - 2012-12-12 04:01 - 00003924 _____ () C:\WINDOWS\System32\Tasks\KMS Activation for Office

2015-02-11 21:27 - 2013-08-17 11:22 - 00000000 ____D () C:\WINDOWS\system32\MRT

2015-02-11 20:10 - 2013-06-01 13:10 - 00000000 ____D () C:\Users\pepe\Documents\My Games

2015-02-11 02:43 - 2013-06-01 13:10 - 00000000 ____D () C:\ProgramData\Codemasters

2015-02-10 23:53 - 2014-02-10 00:59 - 00000846 _____ () C:\Users\pepe\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk

2015-02-10 23:14 - 2012-12-11 22:16 - 00000000 ____D () C:\Program Files\Common Files\Apple

2015-02-03 21:31 - 2014-11-21 13:15 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-02-03 21:31 - 2014-11-21 13:15 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2012-12-18 15:47 - 2012-12-18 15:47 - 0004608 _____ () C:\Users\pepe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-08-02 16:48 - 2013-08-02 16:48 - 0000757 _____ () C:\Users\pepe\AppData\Local\recently-used.xbel

2013-07-05 15:40 - 2013-07-05 15:40 - 0004925 _____ () C:\ProgramData\flwjycbm.bab

Some content of TEMP:

====================

C:\Users\pepe\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win8.1-64bit.exe

C:\Users\pepe\AppData\Local\Temp\AutoDetectUtilApp.exe

C:\Users\pepe\AppData\Local\Temp\dllnt_dump.dll

C:\Users\pepe\AppData\Local\Temp\Quarantine.exe

C:\Users\pepe\AppData\Local\Temp\raptrpatch.exe

C:\Users\pepe\AppData\Local\Temp\raptr_stub.exe

C:\Users\pepe\AppData\Local\Temp\sfamcc00001.dll

C:\Users\pepe\AppData\Local\Temp\sfextra.dll

C:\Users\pepe\AppData\Local\Temp\sqlite3.dll

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2015-02-22 06:08

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015

Ran by pepe at 2015-03-02 10:48:47

Running from C:\Users\pepe\Desktop

Boot Mode: Normal

==========================================================

 

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)

Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)

Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 2.9.1501 - DsNET Corp)

BitTorrent (HKU\S-1-5-21-1650395932-2732705422-4071963876-1001\...\BitTorrent) (Version: 7.9.2.38657 - BitTorrent Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)

CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)

DiRT 3 Profile Import version 1.0 (HKLM-x32\...\{FCFCFCFC-FCFC-FCFC-FCFC-FCFCFCFCFCFC}_is1) (Version: 1.0 - )

erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden

Free Video to MP3 Converter version 5.0.21.1212 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.21.1212 - DVDVideoSoft Ltd.)

Full Tilt Poker.Eu (HKLM-x32\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 5.4.2.WIN.FullTilt.EU - )

Gadwin PrintScreen (64-Bit) (HKLM\...\{4D1B6540-9F0C-413F-8444-C04FC0F69B7B}) (Version: 5.0.1.0 - Gadwin Systems)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.28.01 - Hyperionics Technology LLC)

iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)

Instant Demo (HKLM-x32\...\{6AAAB385-2A38-4A4C-BE6F-3C3D979A8660}) (Version: 7.00.331 - NetPlay Software)

iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)

JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)

Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)

Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden

Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)

Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

MinimizeToTrayTool (remove only) (HKU\S-1-5-21-1650395932-2732705422-4071963876-1001\...\MinimizeToTrayTool) (Version:  - )

Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)

Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)

Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)

PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)

PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)

PostgreSQL 9.0  (HKLM\...\PostgreSQL 9.0) (Version: 9.0 - PostgreSQL Global Development Group)

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Raptr (HKLM-x32\...\Raptr) (Version:  - )

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.35.716.2014 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7399 - Realtek Semiconductor Corp.)

Setup - Cities XXL © Focus Home Interactive ... (HKLM-x32\...\Setup - Cities XXL © Focus Home Interactive ...) (Version: ... - Focus)

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)

TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )

Test Drive Unlimited 2 (HKLM-x32\...\Test Drive Unlimited 2_is1) (Version:  - Atari)

Unity Web Player (All users) (HKLM-x32\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)

Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)

Winamp Erkennungs-Plug-in (HKU\S-1-5-21-1650395932-2732705422-4071963876-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

==================== Restore Points  =========================

01-03-2015 15:32:05 Geplanter Prüfpunkt

02-03-2015 06:34:28 Wiederherstellungsvorgang

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 15:25 - 2015-02-25 00:42 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 10sek.com

127.0.0.1 www.10sek.com

127.0.0.1 www.1-2005-search.com

127.0.0.1 1-2005-search.com

127.0.0.1 123fporn.info

127.0.0.1 www.123fporn.info

127.0.0.1 123haustiereundmehr.com

127.0.0.1 www.123haustiereundmehr.com

127.0.0.1 123moviedownload.com

There are 1000 more lines.

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0359088B-21F2-4E82-BF81-060D85144C2D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {06371D24-46E4-4285-8E7A-C6AD2F1E7883} - System32\Tasks\{D11ECFE7-EC00-44FE-AA9C-582C0E285068} => pcalua.exe -a C:\Users\pepe\Desktop\amd-catalyst-omega-14.12-with-dotnet45-win8.1-64bit.exe -d C:\Users\pepe\Desktop

Task: {0CCA1C08-29D6-45E9-8026-11E6716D5EAD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-12] (Google Inc.)

Task: {1EBA3D53-A746-4809-B102-F654A5EF1F38} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()

Task: {377F7194-D912-4BAA-A81E-A271C988E2C4} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-03-01] () <==== ATTENTION

Task: {3CD0D3C4-0FF8-4E7F-8D7F-03BDDE097976} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe

Task: {48C70B8B-ACD7-4AE0-BCB5-ACB1E4B0EDEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-12] (Google Inc.)

Task: {55DEB3B5-0C10-4522-BB25-D34BE4DAF378} - System32\Tasks\{B51BC3CF-39D9-48A2-8502-5C5A9EFE7DA3} => pcalua.exe -a C:\Users\pepe\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=amt

Task: {79E8660B-092B-4E53-9F51-3A772F1D81FE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe

Task: {804392DC-8A7E-463E-A564-F85AB1730EE7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe

Task: {C29960AE-771F-4E6B-BD96-BF0AEC17096D} - System32\Tasks\KMS Activation for Office => C:\Windows\KMSAct.exe

Task: {C6FC4FC2-D856-4D42-9F32-5589652A6DF2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-29] (Microsoft Corporation)

Task: {CA4EAFC3-1132-4EDA-90CB-61D896530E4F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {D75B2D6C-ECA5-42CC-B9DA-280292E44FBA} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe

Task: {D81E9B40-960B-4C84-895C-C1DD0E8162E5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe

Task: {D82B750E-BB89-45E8-839D-34961FEC6610} - System32\Tasks\{9F67DCE8-6ECA-4F24-B112-246F0D203534} => pcalua.exe -a C:\Users\pepe\Desktop\avenger\avenger.exe -d C:\Users\pepe\Desktop\avenger

Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe

Task: C:\WINDOWS\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-01-28 22:57 - 2012-09-18 16:27 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll

2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll

2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll

2014-11-20 21:23 - 2014-11-20 21:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2014-08-30 18:12 - 2014-12-11 12:00 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll

2014-08-30 18:12 - 2014-12-11 12:00 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll

2014-08-30 18:12 - 2014-12-11 12:00 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:364682BC

AlternateDataStreams: C:\Users\pepe\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1650395932-2732705422-4071963876-1001\Control Panel\Desktop\\Wallpaper -> D:\Fotos\verschiedenes\412523_10150979887351299_1065437751_o.jpg

DNS Servers: 87.120.0.1 - 87.120.0.10

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: AeLookupSvc => 3

MSCONFIG\Services: ALG => 3

MSCONFIG\Services: AMD External Events Utility => 2

MSCONFIG\Services: AMD FUEL Service => 2

MSCONFIG\Services: AppIDSvc => 3

MSCONFIG\Services: Apple Mobile Device Service => 2

MSCONFIG\Services: AppMgmt => 3

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: CGVPNCliService => 2

MSCONFIG\Services: Fax => 3

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: iPod Service => 3

MSCONFIG\Services: SDScannerService => 2

MSCONFIG\Services: SDUpdateService => 2

MSCONFIG\Services: SDWSCService => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: WindowsMangerProtect => 2

HKLM\...\StartupApproved\Run: => "EvtMgr6"

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "APSDaemon"

HKLM\...\StartupApproved\Run32: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "WinampAgent"

HKLM\...\StartupApproved\Run32: => "Adobe ARM"

HKLM\...\StartupApproved\Run32: => "QuickTime Task"

HKLM\...\StartupApproved\Run32: => "SDTray"

HKLM\...\StartupApproved\Run32: => "StartCCC"

HKLM\...\StartupApproved\Run32: => "PDFPrint"

HKU\S-1-5-21-1650395932-2732705422-4071963876-1001\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"

HKU\S-1-5-21-1650395932-2732705422-4071963876-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"

HKU\S-1-5-21-1650395932-2732705422-4071963876-1001\...\StartupApproved\Run: => "Gadwin PrintScreen (64-bit)"

HKU\S-1-5-21-1650395932-2732705422-4071963876-1001\...\StartupApproved\Run: => "MinimizeToTrayTool"

HKU\S-1-5-21-1650395932-2732705422-4071963876-1001\...\StartupApproved\Run: => "Spybot-S&D Cleaning"

HKU\S-1-5-21-1650395932-2732705422-4071963876-1001\...\StartupApproved\Run: => "BitTorrent"

HKU\S-1-5-21-1650395932-2732705422-4071963876-1001\...\StartupApproved\Run: => "CyberGhost"

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1650395932-2732705422-4071963876-500 - Administrator - Enabled)

Gast (S-1-5-21-1650395932-2732705422-4071963876-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1650395932-2732705422-4071963876-1009 - Limited - Enabled)

pepe (S-1-5-21-1650395932-2732705422-4071963876-1001 - Administrator - Enabled) => C:\Users\pepe

postgres (S-1-5-21-1650395932-2732705422-4071963876-1006 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

==================== Event log errors: =========================

Application errors:

==================

Error: (03/02/2015 06:53:57 AM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (1408) SRUJet: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\WINDOWS\system32\SRU\SRU00080.log.

 

Error: (03/02/2015 05:48:43 AM) (Source: MsiInstaller) (EventID: 11500) (User: PEPE)

Description: Produkt: AMD Catalyst Install Manager -- Fehler 1500. Im Augenblick wird eine weitere Installation ausgeführt. Sie müssen erst die zweite Installation abschließen, bevor Sie mit dieser Installation fortfahren können.

Error: (03/01/2015 04:56:37 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: CitiesXXL.exe, Version: 2.0.1.5, Zeitstempel: 0x54ceadf8

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f

Ausnahmecode: 0xc0000005

Fehleroffset: 0x000411d2

ID des fehlerhaften Prozesses: 0x1524

Startzeit der fehlerhaften Anwendung: 0xCitiesXXL.exe0

Pfad der fehlerhaften Anwendung: CitiesXXL.exe1

Pfad des fehlerhaften Moduls: CitiesXXL.exe2

Berichtskennung: CitiesXXL.exe3

Vollständiger Name des fehlerhaften Pakets: CitiesXXL.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CitiesXXL.exe5

 

Error: (03/01/2015 03:55:53 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm Explorer.EXE, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 6f8

Startzeit: 01d053e4a259f57b

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\Explorer.EXE

Berichts-ID: 70ffb2de-c01a-11e4-befb-4061862e2a8a

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/01/2015 03:52:54 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0dcc

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0e17a

Ausnahmecode: 0xc0000374

Fehleroffset: 0x00000000000f1240

ID des fehlerhaften Prozesses: 0x1c9c

Startzeit der fehlerhaften Anwendung: 0xCCC.exe0

Pfad der fehlerhaften Anwendung: CCC.exe1

Pfad des fehlerhaften Moduls: CCC.exe2

Berichtskennung: CCC.exe3

Vollständiger Name des fehlerhaften Pakets: CCC.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CCC.exe5

 

Error: (03/01/2015 03:45:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: CitiesXXL.exe, Version: 2.0.1.5, Zeitstempel: 0x54ceadf8

Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00000040

ID des fehlerhaften Prozesses: 0x15a0

Startzeit der fehlerhaften Anwendung: 0xCitiesXXL.exe0

Pfad der fehlerhaften Anwendung: CitiesXXL.exe1

Pfad des fehlerhaften Moduls: CitiesXXL.exe2

Berichtskennung: CitiesXXL.exe3

Vollständiger Name des fehlerhaften Pakets: CitiesXXL.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CitiesXXL.exe5

Error: (03/01/2015 07:39:11 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: SDUpdate.exe, Version: 2.2.18.91, Zeitstempel: 0x51949fc0

Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504ade

Ausnahmecode: 0x0eedfade

Fehleroffset: 0x00014598

ID des fehlerhaften Prozesses: 0x3cc

Startzeit der fehlerhaften Anwendung: 0xSDUpdate.exe0

Pfad der fehlerhaften Anwendung: SDUpdate.exe1

Pfad des fehlerhaften Moduls: SDUpdate.exe2

Berichtskennung: SDUpdate.exe3

Vollständiger Name des fehlerhaften Pakets: SDUpdate.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SDUpdate.exe5

 

Error: (02/28/2015 06:41:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PEPE)

Description: Bei der Aktivierung der App „Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/28/2015 06:41:32 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm wwahost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

 

Prozess-ID: 810

 

Startzeit: 01d05310ab2722ac

 

Endzeit: 4294967295

 

Anwendungspfad: C:\WINDOWS\system32\wwahost.exe

 

Berichts-ID: 0fe903ca-bf04-11e4-bef8-4061862e2a8a

 

Vollständiger Name des fehlerhaften Pakets: Microsoft.ZuneVideo_2.6.434.0_x64__8wekyb3d8bbwe

 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.ZuneVideo

 

Error: (02/28/2015 06:41:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: PEPE)

Description: Die App „Microsoft.ZuneVideo_2.6.434.0_x64__8wekyb3d8bbwe+Microsoft.ZuneVideo“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.

 

System errors:

=============

Error: (03/02/2015 10:41:02 AM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

Error: (03/02/2015 10:41:00 AM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

 

Error: (03/02/2015 10:40:59 AM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

Error: (03/02/2015 10:40:58 AM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

 

Error: (03/02/2015 10:40:49 AM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

Error: (03/02/2015 10:40:44 AM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

 

Error: (03/02/2015 10:40:43 AM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

Error: (03/02/2015 10:40:32 AM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

 

Error: (03/02/2015 10:40:30 AM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

Error: (03/02/2015 10:40:29 AM) (Source: atapi) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.

 

Microsoft Office Sessions:

=========================

Error: (03/02/2015 06:53:57 AM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost1408SRUJet: C:\WINDOWS\system32\SRU\SRU00080.log-1811 (0xfffff8ed)

 

Error: (03/02/2015 05:48:43 AM) (Source: MsiInstaller) (EventID: 11500) (User: PEPE)

Description: Produkt: AMD Catalyst Install Manager -- Fehler 1500. Im Augenblick wird eine weitere Installation ausgeführt. Sie müssen erst die zweite Installation abschließen, bevor Sie mit dieser Installation fortfahren können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/01/2015 04:56:37 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: CitiesXXL.exe2.0.1.554ceadf8ntdll.dll6.3.9600.1763054b0d74fc0000005000411d2152401d0542faff3829dD:\Spiele\Cities XXL\CitiesXXL.exeC:\WINDOWS\SYSTEM32\ntdll.dll287c15e2-c023-11e4-befc-4061862e2a8a

 

Error: (03/01/2015 03:55:53 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Explorer.EXE6.3.9600.174156f801d053e4a259f57b4294967295C:\WINDOWS\Explorer.EXE70ffb2de-c01a-11e4-befb-4061862e2a8a

Error: (03/01/2015 03:52:54 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: CCC.exe4.5.0.053ad0dccntdll.dll6.3.9600.1763054b0e17ac000037400000000000f12401c9c01d05426605463dcC:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\ntdll.dll4198ed51-c01a-11e4-befb-4061862e2a8a

 

Error: (03/01/2015 03:45:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: CitiesXXL.exe2.0.1.554ceadf8unknown0.0.0.000000000c00000050000004015a001d05425f646334fD:\Spiele\Cities XXL\CitiesXXL.exeunknown3a593b72-c019-11e4-befb-4061862e2a8a

Error: (03/01/2015 07:39:11 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: SDUpdate.exe2.2.18.9151949fc0KERNELBASE.dll6.3.9600.1741554504ade0eedfade000145983cc01d053e2012cd10fC:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll4920cc27-bfd5-11e4-bef8-4061862e2a8a

 

Error: (02/28/2015 06:41:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PEPE)

Description: Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo-2144927142

Error: (02/28/2015 06:41:32 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: wwahost.exe6.3.9600.1741581001d05310ab2722ac4294967295C:\WINDOWS\system32\wwahost.exe0fe903ca-bf04-11e4-bef8-4061862e2a8aMicrosoft.ZuneVideo_2.6.434.0_x64__8wekyb3d8bbweMicrosoft.ZuneVideo

 

Error: (02/28/2015 06:41:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: PEPE)

Description: Microsoft.ZuneVideo_2.6.434.0_x64__8wekyb3d8bbwe+Microsoft.ZuneVideo

 

==================== Memory info ===========================

 

Processor: AMD Phenom™ II X4 965 Processor

Percentage of memory in use: 21%

Total physical RAM: 8190.24 MB

Available physical RAM: 6435.54 MB

Total Pagefile: 16382.24 MB

Available Pagefile: 14741.46 MB

Total Virtual: 131072 MB

Available Virtual: 131071.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:240.19 GB) NTFS

Drive d: (Volume) (Fixed) (Total:465.63 GB) (Free:226.35 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 06230622)

Partition: GPT Partition Type.

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 75E374E1)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================



#4 satchfan

satchfan

  • Malware Response Team
  • 2,933 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:01 AM

Posted 02 March 2015 - 11:52 AM

Sorry about the delay but for some reason I was not notified of your reply.

There are signs that you have tried dealing with this yourself but one of the tools you downloaded, (Avenger), can have VERY severe consequences when used by an untrained person. I suggest to get rid of it straight away before you reduce your computer to a lump of useless metal.

Please don’t try to run anything else whilst we are working on this.

==============================================

There are some signs of malware on your computer but before fixing anything I’d like you to run a couple more scans.

Do you know what these are and do you use a proxy server?


PUM.Proxy][FIREFX:Config] z36uyivo.default : user_pref("network.proxy.http", "223.252.33.201"); -> Gefunden

[PUM.Proxy][FIREFX:Config] z36uyivo.default : user_pref("network.proxy.http_port", 33987); -> Gefunden

 

==============================================

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Can you please run FRST again after you have run Malwarebytes and post the new log.

Logs to include with the next post:

Mbam.txt
New FRST log


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 satchfan

satchfan

  • Malware Response Team
  • 2,933 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:01 AM

Posted 06 March 2015 - 08:33 AM

Hi pepe79

It has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 satchfan

satchfan

  • Malware Response Team
  • 2,933 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:01 AM

Posted 09 March 2015 - 10:59 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users