Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Adware:MSIL/Yontoo

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.01.2014, 19:15   #1
Croatis
 
Adware:MSIL/Yontoo - Standard

Adware:MSIL/Yontoo



Hey,
Mein Microsoft Security Essentials zeigt mir an,dass ich Yontoo auf mein PC habe.Die Ads und Pop-ups wurden allerdings mit Hilfe des adwCleaner schon vor 1-2 Monaten behoben und ich dachte ich wäre Yontoo los.Mein PC verhält sich MEISTENS ganz normal,außer dass ich manchmal einen Bluescreen kriege oder dass mein PC ziehmlich lange zum Hochfahren braucht.Bin mir nicht sicher ob Yontoo überhaupt noch auf mein Rechner ist oder ob ich nicht noch ein anderen Virus eingefangen habe.

Danke im Vorraus

Alt 01.01.2014, 20:11   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adware:MSIL/Yontoo - Standard

Adware:MSIL/Yontoo



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 01.01.2014, 20:46   #3
Croatis
 
Adware:MSIL/Yontoo - Standard

Adware:MSIL/Yontoo



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2014
Ran by malte (administrator) on MALTE-PC on 01-01-2014 21:28:59
Running from C:\Users\malte\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Protector Suite\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(UPEK Inc.) C:\Program Files\Protector Suite\psqltray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.196\deploy\LoLLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.63\deploy\LolClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11817576 2011-04-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2209896 2011-04-18] (Realtek Semiconductor)
HKLM\...\Run: [PSQLLauncher] - C:\Program Files\Protector Suite\launcher.exe [84816 2010-12-10] (UPEK Inc.)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2028328 2010-01-22] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [75048 2011-05-25] (cyberlink)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2011-04-15] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [228448 2011-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [GoogleChromeAutoLaunch_4EDD238F6323EBFA2FEF3611F48EDEB5] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-12-04] (Google Inc.)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {46d09926-831a-11e2-b255-4c809317e502} - F:\AutoRun.exe
MountPoints2: {46d09930-831a-11e2-b255-4c809317e502} - F:\AutoRun.exe
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-11-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-11-14] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {56EC649A-0232-40A9-8F89-83C17C10A853} URL = hxxp://rover.ebay.com/rover/1/707-1403-276402/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={sear chTerms}
SearchScopes: HKCU - {8E198647-95D1-43D5-B357-5DFB5F43AC18} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag= interactivemesuche21&index=blended&linkCode=ur2&camp=1638&creative=6742
SearchScopes: HKCU - {ACF4F651-1C38-427E-8A07-0E6013F6A053} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKCU - {CFE47D08-D199-4152-B4D0-20736C8171FA} URL = hxxp://suche.t-online.de/fastcgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&d ia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wikitab_internet_std&q={searchTerms}&br=ie7-toi
BHO: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {fa63398e-322b-4833-9af3-15837ad12138} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default
FF NewTab: about:blank
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: opencandy.com/Ignite - C:\Users\malte\AppData\Local\Ignite\npOCDM.1.1.4.0.dll (OpenCandy, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default\searchplugins\amazon-distro.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default\Extensions\ich@maltegoetz.de
FF Extension: ChatZilla - C:\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF Extension: Search Results Toolbar - C:\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default\Extensions\{fa63398e-322b-4833-9af3-15837ad12138}
FF Extension: Grooveshark Unlocker - C:\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: Adblock Plus - C:\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

Chrome: 
=======
CHR HomePage: about:blank
CHR RestoreOnStartup: "about:blank"
CHR DefaultSearchKeyword: Google
CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\malte\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\malte\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\malte\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\malte\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0
CHR Extension: (Google Wallet) - C:\Users\malte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\malte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-10-07] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-01 21:28 - 2014-01-01 21:29 - 00021646 _____ C:\Users\malte\Downloads\FRST.txt
2014-01-01 21:28 - 2014-01-01 21:28 - 00000000 ____D C:\FRST
2014-01-01 21:27 - 2014-01-01 21:27 - 01931396 _____ (Farbar) C:\Users\malte\Downloads\FRST64.exe
2014-01-01 04:24 - 2014-01-01 04:24 - 01233962 _____ C:\Users\malte\Desktop\adwcleaner.exe
2014-01-01 02:39 - 2014-01-01 02:39 - 00602112 _____ (OldTimer Tools) C:\Users\malte\Downloads\OTL(1).exe
2014-01-01 02:29 - 2014-01-01 02:29 - 00165376 _____ C:\Users\malte\Downloads\SystemLook_x64(1).exe
2014-01-01 02:20 - 2014-01-01 02:20 - 00000000 ____D C:\_OTL
2014-01-01 02:18 - 2014-01-01 02:18 - 00131488 _____ C:\Users\malte\Downloads\Extras.Txt
2014-01-01 02:16 - 2014-01-01 02:16 - 00155764 _____ C:\Users\malte\Downloads\OTL.Txt
2014-01-01 02:01 - 2014-01-01 02:01 - 00602112 _____ (OldTimer Tools) C:\Users\malte\Downloads\OTL.exe
2014-01-01 01:52 - 2014-01-01 19:49 - 00028562 _____ C:\Users\malte\Downloads\SystemLook.txt
2014-01-01 01:51 - 2014-01-01 01:51 - 00165376 _____ C:\Users\malte\Downloads\SystemLook_x64.exe
2013-12-28 15:41 - 2013-12-28 15:42 - 00000000 ____D C:\Users\malte\AppData\Local\NVIDIA Corporation
2013-12-28 15:39 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-28 15:39 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-28 15:37 - 2013-12-28 15:43 - 00000000 ____D C:\Users\malte\AppData\Local\NVIDIA
2013-12-27 16:02 - 2013-12-27 16:02 - 00000000 ____D C:\Users\malte\Documents\Rayman Legends
2013-12-27 15:47 - 2013-12-27 16:05 - 00000000 ____D C:\Users\malte\AppData\Local\Ubisoft Game Launcher
2013-12-27 15:47 - 2013-12-27 15:47 - 00001209 _____ C:\Users\malte\Desktop\Uplay.lnk
2013-12-27 15:47 - 2013-12-27 15:47 - 00000000 ____D C:\Users\malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-12-27 15:47 - 2013-12-27 15:47 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-12-26 09:38 - 2013-12-26 09:38 - 00000000 ____D C:\Users\malte\AppData\Roaming\NVIDIA
2013-12-26 09:28 - 2013-12-26 09:28 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-12-26 09:28 - 2013-12-26 09:28 - 00000000 ____D C:\Windows\system32\NV
2013-12-26 09:25 - 2013-12-10 03:13 - 01100248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-12-26 09:25 - 2013-12-10 03:13 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-12-26 09:22 - 2013-11-14 12:58 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-12-26 09:22 - 2013-11-14 12:58 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-12-26 09:22 - 2013-11-11 16:02 - 06674208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-12-26 09:22 - 2013-11-11 16:02 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-12-26 09:22 - 2013-11-11 16:01 - 03467927 _____ C:\Windows\system32\nvcoproc.bin
2013-12-26 09:22 - 2013-11-11 16:01 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-12-26 09:22 - 2013-11-11 16:01 - 01065248 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2013-12-26 09:22 - 2013-11-11 16:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-12-26 09:22 - 2013-11-11 16:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-12-26 09:22 - 2013-11-11 16:01 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2013-12-26 09:22 - 2013-11-11 16:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-12-26 09:11 - 2013-12-05 09:42 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 18293608 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-12-26 09:11 - 2013-11-14 12:58 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 03069608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2013-12-26 09:11 - 2013-11-14 12:58 - 00023754 _____ C:\Windows\system32\nvinfo.pb
2013-12-26 07:52 - 2013-12-26 07:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-26 07:44 - 2013-12-26 07:44 - 00000000 ____D C:\NVIDIA
2013-12-26 07:24 - 2013-12-26 07:43 - 259887872 _____ (NVIDIA Corporation) C:\Users\malte\Downloads\331.82-notebook-win8-win7-64bit-international-whql.exe
2013-12-26 06:44 - 2013-12-26 06:44 - 00000000 ____D C:\ProgramData\Codemasters
2013-12-25 22:10 - 2013-12-25 22:19 - 00000000 ____D C:\Users\malte\Documents\ManiaPlanet
2013-12-25 22:10 - 2013-12-25 22:19 - 00000000 ____D C:\ProgramData\ManiaPlanet
2013-12-25 18:54 - 2013-12-25 19:03 - 00000000 ____D C:\Users\malte\Documents\Mount&Blade Warband Savegames
2013-12-25 18:52 - 2013-12-25 18:58 - 00000000 ____D C:\Users\malte\Documents\Mount&Blade Warband
2013-12-25 18:52 - 2013-12-25 18:53 - 00000000 ____D C:\Users\malte\AppData\Roaming\Mount&Blade Warband
2013-12-22 17:57 - 2013-12-22 17:58 - 09117752 _____ C:\Users\malte\Downloads\yet_another_cleaner(3).exe
2013-12-21 18:44 - 2013-12-21 18:44 - 00001138 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-21 18:38 - 2014-01-01 21:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-21 18:38 - 2013-12-21 18:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-21 18:38 - 2013-12-21 18:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-21 18:38 - 2013-12-21 18:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-21 18:18 - 2013-12-21 18:18 - 01587612 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-20 15:22 - 2013-12-20 17:22 - 00000000 ____D C:\Users\malte\AppData\Local\BIT.TRIP RUNNER
2013-12-20 15:22 - 2013-12-20 15:22 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-12-20 15:22 - 2013-12-20 15:22 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-12-20 15:22 - 2013-12-20 15:22 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-12-20 15:22 - 2013-12-20 15:22 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-12-20 15:22 - 2013-12-20 15:22 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-20 15:22 - 2013-12-20 15:22 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-12-18 19:16 - 2013-12-18 21:40 - 00000000 ____D C:\Users\malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2013-12-18 19:16 - 2013-12-18 21:39 - 00000000 ____D C:\Program Files (x86)\SmartTweak
2013-12-11 22:57 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 22:57 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 22:57 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 22:57 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 22:56 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 22:56 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 22:56 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 22:56 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 22:56 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 22:56 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 22:56 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 22:56 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 22:56 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 22:56 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 22:56 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 22:56 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 22:56 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 22:56 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 22:56 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 22:56 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 22:56 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 22:56 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 22:56 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 22:56 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 22:56 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 22:56 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 22:56 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 22:56 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 22:56 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 22:56 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 22:56 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 22:56 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 22:56 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 22:56 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 22:56 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 13:25 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 13:25 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 13:25 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 13:25 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 13:25 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 13:25 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 13:25 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 13:25 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 13:25 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 13:25 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 13:25 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 13:25 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 13:25 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 13:25 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 13:25 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 13:25 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 13:25 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 13:25 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 13:25 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-09 19:06 - 2013-12-27 18:20 - 00055419 _____ C:\Windows\DirectX.log
2013-12-05 16:32 - 2013-12-26 09:42 - 688538012 _____ C:\Windows\MEMORY.DMP
2013-12-05 16:32 - 2013-12-05 16:33 - 00262144 _____ C:\Windows\Minidump\120513-19546-01.dmp
2013-12-05 12:15 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-05 12:10 - 2013-12-05 12:10 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-05 12:10 - 2013-12-05 12:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-05 12:10 - 2013-12-05 12:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-05 12:10 - 2013-12-05 12:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-05 12:10 - 2013-12-05 12:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-05 12:10 - 2013-12-05 12:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-05 12:10 - 2013-12-05 12:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-05 12:06 - 2013-12-05 12:15 - 00010671 _____ C:\Windows\IE11_main.log
2013-12-05 00:49 - 2013-12-05 00:49 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-12-04 22:50 - 2013-12-04 22:50 - 00001179 _____ C:\Users\malte\Desktop\Blobby Volley 2 Version 1.0RC4.lnk
2013-12-04 22:50 - 2013-12-04 22:50 - 00000000 ____D C:\Program Files (x86)\Blobby Volley 2 Version 1.0RC4
2013-12-04 22:49 - 2013-12-04 22:50 - 02676391 _____ (                                                            ) C:\Users\malte\Downloads\blobby2-win32-1.0rc4-installer.exe
2013-12-03 14:10 - 2013-12-03 14:10 - 00903832 _____ C:\Users\malte\Downloads\yet_another_cleaner(2).exe
2013-12-03 06:41 - 2014-01-01 04:27 - 00115602 _____ C:\Windows\PFRO.log
2013-12-03 06:39 - 2013-12-03 06:39 - 01110034 _____ C:\Users\malte\Downloads\adwcleaner(1).exe
2013-12-02 06:21 - 2014-01-01 18:55 - 00004435 _____ C:\Windows\setupact.log
2013-12-02 06:21 - 2013-12-02 06:21 - 00000000 _____ C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

2014-01-01 21:29 - 2014-01-01 21:28 - 00021646 _____ C:\Users\malte\Downloads\FRST.txt
2014-01-01 21:28 - 2014-01-01 21:28 - 00000000 ____D C:\FRST
2014-01-01 21:27 - 2014-01-01 21:27 - 01931396 _____ (Farbar) C:\Users\malte\Downloads\FRST64.exe
2014-01-01 21:27 - 2012-06-13 18:24 - 00000000 ____D C:\Users\malte\AppData\Roaming\Skype
2014-01-01 21:12 - 2013-12-21 18:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-01 20:56 - 2012-11-10 22:33 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-01 20:01 - 2012-06-13 18:41 - 00000000 ____D C:\Users\malte\AppData\Local\PMB Files
2014-01-01 20:00 - 2013-07-29 18:57 - 00000000 ____D C:\Users\malte\AppData\Roaming\TS3Client
2014-01-01 19:49 - 2014-01-01 01:52 - 00028562 _____ C:\Users\malte\Downloads\SystemLook.txt
2014-01-01 19:08 - 2012-06-13 18:41 - 00000000 ____D C:\ProgramData\PMB Files
2014-01-01 19:04 - 2009-07-14 05:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-01 19:04 - 2009-07-14 05:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-01 19:00 - 2012-06-13 17:45 - 01465256 _____ C:\Windows\WindowsUpdate.log
2014-01-01 18:59 - 2013-02-24 17:24 - 00000000 ____D C:\Users\malte\AppData\Local\LogMeIn Hamachi
2014-01-01 18:56 - 2012-06-28 13:26 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-01 18:55 - 2013-12-02 06:21 - 00004435 _____ C:\Windows\setupact.log
2014-01-01 18:55 - 2012-11-10 22:33 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 18:55 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-01 18:54 - 2011-10-11 13:46 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-01 17:30 - 2013-11-15 16:19 - 00000000 ____D C:\AdwCleaner
2014-01-01 04:27 - 2013-12-03 06:41 - 00115602 _____ C:\Windows\PFRO.log
2014-01-01 04:24 - 2014-01-01 04:24 - 01233962 _____ C:\Users\malte\Desktop\adwcleaner.exe
2014-01-01 02:39 - 2014-01-01 02:39 - 00602112 _____ (OldTimer Tools) C:\Users\malte\Downloads\OTL(1).exe
2014-01-01 02:29 - 2014-01-01 02:29 - 00165376 _____ C:\Users\malte\Downloads\SystemLook_x64(1).exe
2014-01-01 02:20 - 2014-01-01 02:20 - 00000000 ____D C:\_OTL
2014-01-01 02:18 - 2014-01-01 02:18 - 00131488 _____ C:\Users\malte\Downloads\Extras.Txt
2014-01-01 02:16 - 2014-01-01 02:16 - 00155764 _____ C:\Users\malte\Downloads\OTL.Txt
2014-01-01 02:01 - 2014-01-01 02:01 - 00602112 _____ (OldTimer Tools) C:\Users\malte\Downloads\OTL.exe
2014-01-01 01:51 - 2014-01-01 01:51 - 00165376 _____ C:\Users\malte\Downloads\SystemLook_x64.exe
2014-01-01 01:41 - 2013-11-27 21:25 - 00000000 ____D C:\Users\malte\AppData\Roaming\eCyber
2013-12-30 16:32 - 2011-05-16 15:04 - 00699682 _____ C:\Windows\system32\perfh007.dat
2013-12-30 16:32 - 2011-05-16 15:04 - 00149790 _____ C:\Windows\system32\perfc007.dat
2013-12-30 16:32 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-28 15:43 - 2013-12-28 15:37 - 00000000 ____D C:\Users\malte\AppData\Local\NVIDIA
2013-12-28 15:42 - 2013-12-28 15:41 - 00000000 ____D C:\Users\malte\AppData\Local\NVIDIA Corporation
2013-12-28 15:42 - 2011-10-11 13:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-28 15:40 - 2011-10-11 13:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-28 15:40 - 2011-10-11 13:45 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-27 18:20 - 2013-12-09 19:06 - 00055419 _____ C:\Windows\DirectX.log
2013-12-27 16:05 - 2013-12-27 15:47 - 00000000 ____D C:\Users\malte\AppData\Local\Ubisoft Game Launcher
2013-12-27 16:02 - 2013-12-27 16:02 - 00000000 ____D C:\Users\malte\Documents\Rayman Legends
2013-12-27 15:47 - 2013-12-27 15:47 - 00001209 _____ C:\Users\malte\Desktop\Uplay.lnk
2013-12-27 15:47 - 2013-12-27 15:47 - 00000000 ____D C:\Users\malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-12-27 15:47 - 2013-12-27 15:47 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-12-26 13:49 - 2012-07-12 15:07 - 00000000 ____D C:\Users\malte\AppData\Local\PokerStars.EU
2013-12-26 12:01 - 2012-06-15 14:02 - 00000000 ____D C:\Windows\Minidump
2013-12-26 09:42 - 2013-12-05 16:32 - 688538012 _____ C:\Windows\MEMORY.DMP
2013-12-26 09:38 - 2013-12-26 09:38 - 00000000 ____D C:\Users\malte\AppData\Roaming\NVIDIA
2013-12-26 09:28 - 2013-12-26 09:28 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-12-26 09:28 - 2013-12-26 09:28 - 00000000 ____D C:\Windows\system32\NV
2013-12-26 09:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2013-12-26 07:52 - 2013-12-26 07:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-26 07:44 - 2013-12-26 07:44 - 00000000 ____D C:\NVIDIA
2013-12-26 07:43 - 2013-12-26 07:24 - 259887872 _____ (NVIDIA Corporation) C:\Users\malte\Downloads\331.82-notebook-win8-win7-64bit-international-whql.exe
2013-12-26 06:44 - 2013-12-26 06:44 - 00000000 ____D C:\ProgramData\Codemasters
2013-12-26 06:44 - 2013-06-01 12:03 - 00000000 ____D C:\Users\malte\Documents\My Games
2013-12-25 22:19 - 2013-12-25 22:10 - 00000000 ____D C:\Users\malte\Documents\ManiaPlanet
2013-12-25 22:19 - 2013-12-25 22:10 - 00000000 ____D C:\ProgramData\ManiaPlanet
2013-12-25 19:03 - 2013-12-25 18:54 - 00000000 ____D C:\Users\malte\Documents\Mount&Blade Warband Savegames
2013-12-25 18:58 - 2013-12-25 18:52 - 00000000 ____D C:\Users\malte\Documents\Mount&Blade Warband
2013-12-25 18:53 - 2013-12-25 18:52 - 00000000 ____D C:\Users\malte\AppData\Roaming\Mount&Blade Warband
2013-12-22 17:58 - 2013-12-22 17:57 - 09117752 _____ C:\Users\malte\Downloads\yet_another_cleaner(3).exe
2013-12-21 18:48 - 2012-06-13 19:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-21 18:44 - 2013-12-21 18:44 - 00001138 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-21 18:39 - 2012-06-28 18:12 - 00000000 ____D C:\Users\malte\AppData\Local\Adobe
2013-12-21 18:38 - 2013-12-21 18:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-21 18:38 - 2013-12-21 18:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-21 18:38 - 2013-12-21 18:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-21 18:18 - 2013-12-21 18:18 - 01587612 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-20 18:15 - 2012-07-12 15:07 - 00000000 ____D C:\Program Files (x86)\PokerStars
2013-12-20 17:22 - 2013-12-20 15:22 - 00000000 ____D C:\Users\malte\AppData\Local\BIT.TRIP RUNNER
2013-12-20 15:22 - 2013-12-20 15:22 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-12-20 15:22 - 2013-12-20 15:22 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-12-20 15:22 - 2013-12-20 15:22 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-12-20 15:22 - 2013-12-20 15:22 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-12-20 15:22 - 2013-12-20 15:22 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-20 15:22 - 2013-12-20 15:22 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-12-19 15:52 - 2012-06-13 17:47 - 00000000 ____D C:\Program Files (x86)\watchmi
2013-12-19 15:22 - 2012-06-13 17:51 - 00000000 ____D C:\Users\malte
2013-12-19 15:20 - 2013-11-27 21:24 - 00000000 ____D C:\Windows\system32\log
2013-12-19 15:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-12-19 15:19 - 2011-04-12 09:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-19 15:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-12-18 21:40 - 2013-12-18 19:16 - 00000000 ____D C:\Users\malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2013-12-18 21:39 - 2013-12-18 19:16 - 00000000 ____D C:\Program Files (x86)\SmartTweak
2013-12-18 19:41 - 2011-07-18 21:54 - 00000000 ____D C:\Windows\Panther
2013-12-15 03:04 - 2013-08-15 09:59 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 03:01 - 2011-07-18 21:31 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 07:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 12:25 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 12:24 - 2009-07-14 05:45 - 00300400 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-10 03:13 - 2013-12-26 09:25 - 01100248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-12-10 03:13 - 2013-12-26 09:25 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-12-05 16:33 - 2013-12-05 16:32 - 00262144 _____ C:\Windows\Minidump\120513-19546-01.dmp
2013-12-05 14:21 - 2013-05-21 10:40 - 00001429 _____ C:\Users\malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-05 14:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-05 12:15 - 2013-12-05 12:06 - 00010671 _____ C:\Windows\IE11_main.log
2013-12-05 12:10 - 2013-12-05 12:10 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-05 12:10 - 2013-12-05 12:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-05 12:10 - 2013-12-05 12:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-05 12:10 - 2013-12-05 12:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-05 12:10 - 2013-12-05 12:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-05 12:10 - 2013-12-05 12:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-05 12:10 - 2013-12-05 12:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-05 09:42 - 2013-12-28 15:39 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-05 09:42 - 2013-12-28 15:39 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-05 09:42 - 2013-12-26 09:11 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-12-05 00:49 - 2013-12-05 00:49 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-12-05 00:49 - 2013-02-24 17:24 - 00000930 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2013-12-04 22:50 - 2013-12-04 22:50 - 00001179 _____ C:\Users\malte\Desktop\Blobby Volley 2 Version 1.0RC4.lnk
2013-12-04 22:50 - 2013-12-04 22:50 - 00000000 ____D C:\Program Files (x86)\Blobby Volley 2 Version 1.0RC4
2013-12-04 22:50 - 2013-12-04 22:49 - 02676391 _____ (                                                            ) C:\Users\malte\Downloads\blobby2-win32-1.0rc4-installer.exe
2013-12-03 14:10 - 2013-12-03 14:10 - 00903832 _____ C:\Users\malte\Downloads\yet_another_cleaner(2).exe
2013-12-03 06:39 - 2013-12-03 06:39 - 01110034 _____ C:\Users\malte\Downloads\adwcleaner(1).exe
2013-12-02 06:21 - 2013-12-02 06:21 - 00000000 _____ C:\Windows\setuperr.log

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.4048.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-01 10:43

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Ich habe bisher noch kein anderen Virenscanner durchlaufen lassen.

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2014
Ran by malte at 2014-01-01 21:30:24
Running from C:\Users\malte\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adblock IE 1.1 (Version: 1.1.0868 - MGTEK)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.9 (x32 Version:  - )
Blobby Volley 2 Version 1.0RC4 (x32 Version:  - )
Call of Duty: Modern Warfare 2 - Multiplayer (x32 Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (x32 Version:  - Infinity Ward)
Castle Crashers (x32 Version:  - The Behemoth)
CCleaner (Version: 3.19 - Piriform)
Chivalry: Medieval Warfare (x32 Version:  - Torn Banner Studios)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Counter-Strike: Global Offensive (x32 Version:  - Valve)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.3225.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.3225.52 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink PowerProducer (x32 Version: 5.0.2.3503 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.2.3503 - CyberLink Corp.) Hidden
CyberLink PowerRecover (x32 Version: 5.5.4125 - CyberLink Corp.)
CyberLink PowerRecover (x32 Version: 5.5.4125 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 3.1.4013 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4013 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (x32 Version: 2.6.1.28 - DivX, LLC)
Dolby Home Theater v4 (x32 Version: 7.2.7000.4 - Dolby Laboratories Inc)
Empire: Total War (x32 Version:  - The Creative Assembly)
EVEREST Home Edition v2.20 (x32 Version: 2.20 - Lavalys Inc)
F1 2013 (x32 Version:  - Codemasters Birmingham)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FTL: Faster Than Light (x32 Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Dev Tycoon v1.3.2 (c) Greenheart Games version 1 (x32 Version: 1 - )
Garry's Mod (x32 Version:  - Facepunch Studios)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Ignite (HKCU Version: 1.1.4.125 - OpenCandy, Inc.)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2418 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (Version: 1.0.0.0135 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 1.0.2.0518 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.0.1008 - Intel Corporation)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 26 (64-bit) (Version: 6.0.260 - Oracle)
Java(TM) 6 Update 26 (x32 Version: 6.0.260 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2 - Microsoft Corporation)
League of Legends (x32 Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.) Hidden
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mount & Blade: Warband (x32 Version:  - Tale Worlds)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NVIDIA 3D Vision Treiber 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3182 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)
OpenAL (x32 Version:  - )
Pando Media Booster (x32 Version: 2.6.0.7 - Pando Networks Inc.)
PHotkey (x32 Version: 1.00.0038 - Pegatron Corporation)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PokerStars (x32 Version:  - PokerStars)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Protector Suite 2011 (Version: 5.9.4.6894 - UPEK Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Rayman Legends (x32 Version:  - )
Realtek Ethernet Controller Driver (x32 Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6353 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.16.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.16.0 - Renesas Electronics Corporation) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SpeedFan (remove only) (x32 Version:  - )
Spelling Dictionaries Support For Adobe Reader X (x32 Version: 10.0.0 - Adobe Systems Incorporated)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Super Hexagon (x32 Version:  - Terry Cavanagh)
Synaptics Pointing Device Driver (Version: 15.0.4.0 - Synaptics Incorporated)
TeamSpeak 3 Client (x32 Version: 3.0.13.1 - TeamSpeak Systems GmbH)
The Binding of Isaac (x32 Version:  - )
Uplay (x32 Version: 3.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

27-12-2013 17:18:26 DirectX wurde installiert
28-12-2013 14:41:23 DirectX wurde installiert
29-12-2013 22:00:42 Windows-Sicherung
30-12-2013 05:15:27 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-01-01 02:44 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {128FFCC5-E213-476D-B24E-C2367F3A2F9F} - System32\Tasks\{07B605FA-93C8-40B9-B725-09FEBC942889} => Firefox.exe 
Task: {447A246A-D84A-43C3-9FEA-DF9CB48CF7A7} - System32\Tasks\{CDDB4254-5B41-47D3-8591-CB5236C96238} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4CFBBAE2-C924-47F1-86E4-E31CB7E61905} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10] (Google Inc.)
Task: {698931DB-512A-46CE-B3E0-579EF32CB6CD} - System32\Tasks\{FDE9254A-4B5A-4E10-BBFD-798D59728C60} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {804DD3FF-090D-49ED-843A-1CE8E07BEAB2} - System32\Tasks\{53B04E57-3AAD-4E6D-8EAA-89294CA596DE} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.115/de/go/help.faq.installer?LastError=1603
Task: {9FF782BD-6D85-4BF0-BC20-7AF80AF7DC62} - \Scheduled Update for Ask Toolbar No Task File
Task: {AEF14196-0260-4861-8CB4-325B9E03EF35} - System32\Tasks\{DCAAE010-52DE-4F3B-8750-9BA4A4D69371} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BF626A47-304C-4610-AF88-24EEEAAD0C6C} - \BackgroundContainer Startup Task No Task File
Task: {C7B63D84-9614-4206-8C84-D7384174BAF3} - \dsmonitor No Task File
Task: {C8EC00D0-E794-4C13-AADC-992B170FB4A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-21] (Adobe Systems Incorporated)
Task: {CDFAE4D5-22BD-4D9D-86F9-3E4215A5352F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D88F4DDB-C292-40F7-A575-0B15964037BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10] (Google Inc.)
Task: {E76F2826-CCEE-4DBE-AEB2-D5C2C3309221} - System32\Tasks\{72D8A4D7-70BD-4192-93CD-C422D3669133} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {FEB5BE6E-DD3F-4459-B5BB-A5991D97EA27} - \DriverScanner No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-05-02 21:41 - 2011-05-02 21:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-08-30 23:31 - 2009-12-18 23:36 - 00973432 ____R () C:\Program Files (x86)\PHotkey\acAuth.dll
2011-08-30 23:31 - 2009-12-18 23:41 - 00129544 ____R () C:\Program Files (x86)\PHotkey\GFNEX.dll
2013-03-12 17:10 - 2013-11-06 22:48 - 00691200 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2012-06-28 13:30 - 2013-12-11 20:40 - 01135016 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-06-28 13:30 - 2013-11-06 22:48 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-06-28 13:30 - 2013-06-15 00:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-06-28 13:30 - 2013-06-15 00:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-06-28 13:30 - 2013-06-15 00:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2010-08-03 23:39 - 2010-08-03 23:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-03 23:39 - 2010-08-03 23:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-02-13 03:38 - 2013-02-13 03:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-09-28 21:04 - 2013-12-17 15:21 - 00126816 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.196\deploy\RiotLauncher.dll
2013-08-16 05:46 - 2013-08-16 05:46 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\eb4812681f6ab4406053f3a1803e6da0\IsdiInterop.ni.dll
2011-08-30 23:15 - 2010-11-06 07:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-12-21 18:44 - 2013-12-21 18:48 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-21 18:38 - 2013-12-21 18:38 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2014 04:31:27 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (01/01/2014 04:31:27 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (12/30/2013 10:31:28 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LolClient.exe, Version: 0.0.0.0, Zeitstempel: 0x515663e0
Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.7.0.1530, Zeitstempel: 0x5156646c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006dd76
ID des fehlerhaften Prozesses: 0x1940
Startzeit der fehlerhaften Anwendung: 0xLolClient.exe0
Pfad der fehlerhaften Anwendung: LolClient.exe1
Pfad des fehlerhaften Moduls: LolClient.exe2
Berichtskennung: LolClient.exe3

Error: (12/30/2013 04:44:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 10.11.15.0, Zeitstempel: 0x52a6776c
Name des fehlerhaften Moduls: nvd3d9wrap.dll, Version: 9.18.13.3182, Zeitstempel: 0x5280d7e2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00005170
ID des fehlerhaften Prozesses: 0xf6c
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3

Error: (12/30/2013 04:44:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 10.11.15.0, Zeitstempel: 0x52a6776c
Name des fehlerhaften Moduls: nvspcap.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52a67618
Ausnahmecode: 0xc0000005
Fehleroffset: 0x100be510
ID des fehlerhaften Prozesses: 0xf6c
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3

Error: (12/29/2013 11:03:45 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005)"

Error: (12/28/2013 05:50:22 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.5472 - Nicht behebbarer Systemfehler.

Error: (12/28/2013 03:50:22 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.5472 - Nicht behebbarer Systemfehler.

Error: (12/28/2013 01:50:32 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.5472 - Nicht behebbarer Systemfehler.

Error: (12/27/2013 11:50:23 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.5472 - Nicht behebbarer Systemfehler.


System errors:
=============
Error: (01/01/2014 06:56:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/01/2014 06:56:37 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (01/01/2014 05:37:25 PM) (Source: Microsoft Antimalware) (User: )
Description: Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte Software wurde von %Adware:MSIL/Yontoo60 ein schwerwiegender Fehler festgestellt.

Weitere Informationen finden Sie hier:
%Adware:MSIL/Yontoo603

	Name: Adware:MSIL/Yontoo

	ID: 200356

	Schweregrad: %Adware:MSIL/Yontoo600

	Kategorie: %Adware:MSIL/Yontoo602

	Pfad: 4.4.0304.02

	Ursprung der Erkennung: 4.4.0304.04

	Typ der Erkennung: 4.4.0304.08

	Quelle der Erkennung: %Adware:MSIL/Yontoo608

	Benutzer: {213FCB60-96CE-4282-82A5-75164F4B201E}9

	Prozessname: %Adware:MSIL/Yontoo609

	Aktion: {213FCB60-96CE-4282-82A5-75164F4B201E}1

	Aktionsstatus:  {213FCB60-96CE-4282-82A5-75164F4B201E}8

	Fehlercode: {213FCB60-96CE-4282-82A5-75164F4B201E}3

	Fehlerbeschreibung: {213FCB60-96CE-4282-82A5-75164F4B201E}4

	Signaturversion: 2014-01-01T08:27:29.284Z1

	Modulversion: 2014-01-01T08:27:29.284Z2

Error: (01/01/2014 05:06:48 AM) (Source: Microsoft Antimalware) (User: )
Description: Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte Software wurde von %Adware:MSIL/Yontoo60 ein schwerwiegender Fehler festgestellt.

Weitere Informationen finden Sie hier:
%Adware:MSIL/Yontoo603

	Name: Adware:MSIL/Yontoo

	ID: 200356

	Schweregrad: %Adware:MSIL/Yontoo600

	Kategorie: %Adware:MSIL/Yontoo602

	Pfad: 4.4.0304.02

	Ursprung der Erkennung: 4.4.0304.04

	Typ der Erkennung: 4.4.0304.08

	Quelle der Erkennung: %Adware:MSIL/Yontoo608

	Benutzer: {5440AD47-AD4D-4997-B56C-0CC047D8F405}9

	Prozessname: %Adware:MSIL/Yontoo609

	Aktion: {5440AD47-AD4D-4997-B56C-0CC047D8F405}1

	Aktionsstatus:  {5440AD47-AD4D-4997-B56C-0CC047D8F405}8

	Fehlercode: {5440AD47-AD4D-4997-B56C-0CC047D8F405}3

	Fehlerbeschreibung: {5440AD47-AD4D-4997-B56C-0CC047D8F405}4

	Signaturversion: 2014-01-01T03:43:58.721Z1

	Modulversion: 2014-01-01T03:43:58.721Z2

Error: (01/01/2014 05:05:33 AM) (Source: Microsoft Antimalware) (User: )
Description: Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte Software wurde von %Adware:MSIL/Yontoo60 ein schwerwiegender Fehler festgestellt.

Weitere Informationen finden Sie hier:
%Adware:MSIL/Yontoo603

	Name: Adware:MSIL/Yontoo

	ID: 200356

	Schweregrad: %Adware:MSIL/Yontoo600

	Kategorie: %Adware:MSIL/Yontoo602

	Pfad: 4.4.0304.02

	Ursprung der Erkennung: 4.4.0304.04

	Typ der Erkennung: 4.4.0304.08

	Quelle der Erkennung: %Adware:MSIL/Yontoo608

	Benutzer: {5440AD47-AD4D-4997-B56C-0CC047D8F405}9

	Prozessname: %Adware:MSIL/Yontoo609

	Aktion: {5440AD47-AD4D-4997-B56C-0CC047D8F405}1

	Aktionsstatus:  {5440AD47-AD4D-4997-B56C-0CC047D8F405}8

	Fehlercode: {5440AD47-AD4D-4997-B56C-0CC047D8F405}3

	Fehlerbeschreibung: {5440AD47-AD4D-4997-B56C-0CC047D8F405}4

	Signaturversion: 2014-01-01T03:43:58.721Z1

	Modulversion: 2014-01-01T03:43:58.721Z2

Error: (01/01/2014 04:40:03 AM) (Source: Microsoft Antimalware) (User: )
Description: Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte Software wurde von %Adware:MSIL/Yontoo60 ein schwerwiegender Fehler festgestellt.

Weitere Informationen finden Sie hier:
%Adware:MSIL/Yontoo603

	Name: Adware:MSIL/Yontoo

	ID: 200356

	Schweregrad: %Adware:MSIL/Yontoo600

	Kategorie: %Adware:MSIL/Yontoo602

	Pfad: 4.4.0304.02

	Ursprung der Erkennung: 4.4.0304.04

	Typ der Erkennung: 4.4.0304.08

	Quelle der Erkennung: %Adware:MSIL/Yontoo608

	Benutzer: {189F0FE0-831D-4A8B-A941-5AA683C0B194}9

	Prozessname: %Adware:MSIL/Yontoo609

	Aktion: {189F0FE0-831D-4A8B-A941-5AA683C0B194}1

	Aktionsstatus:  {189F0FE0-831D-4A8B-A941-5AA683C0B194}8

	Fehlercode: {189F0FE0-831D-4A8B-A941-5AA683C0B194}3

	Fehlerbeschreibung: {189F0FE0-831D-4A8B-A941-5AA683C0B194}4

	Signaturversion: 2014-01-01T03:31:11.371Z1

	Modulversion: 2014-01-01T03:31:11.371Z2

Error: (01/01/2014 04:40:01 AM) (Source: Microsoft Antimalware) (User: )
Description: Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte Software wurde von %Adware:MSIL/Yontoo60 ein schwerwiegender Fehler festgestellt.

Weitere Informationen finden Sie hier:
%Adware:MSIL/Yontoo603

	Name: Adware:MSIL/Yontoo

	ID: 200356

	Schweregrad: %Adware:MSIL/Yontoo600

	Kategorie: %Adware:MSIL/Yontoo602

	Pfad: 4.4.0304.02

	Ursprung der Erkennung: 4.4.0304.04

	Typ der Erkennung: 4.4.0304.08

	Quelle der Erkennung: %Adware:MSIL/Yontoo608

	Benutzer: {189F0FE0-831D-4A8B-A941-5AA683C0B194}9

	Prozessname: %Adware:MSIL/Yontoo609

	Aktion: {189F0FE0-831D-4A8B-A941-5AA683C0B194}1

	Aktionsstatus:  {189F0FE0-831D-4A8B-A941-5AA683C0B194}8

	Fehlercode: {189F0FE0-831D-4A8B-A941-5AA683C0B194}3

	Fehlerbeschreibung: {189F0FE0-831D-4A8B-A941-5AA683C0B194}4

	Signaturversion: 2014-01-01T03:31:11.371Z1

	Modulversion: 2014-01-01T03:31:11.371Z2

Error: (01/01/2014 04:28:44 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\System32\IWMSSvc.dll
Fehlercode: 258

Error: (01/01/2014 04:02:24 AM) (Source: Microsoft Antimalware) (User: )
Description: Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte Software wurde von %Adware:MSIL/Yontoo60 ein schwerwiegender Fehler festgestellt.

Weitere Informationen finden Sie hier:
%Adware:MSIL/Yontoo603

	Name: Adware:MSIL/Yontoo

	ID: 200356

	Schweregrad: %Adware:MSIL/Yontoo600

	Kategorie: %Adware:MSIL/Yontoo602

	Pfad: 4.4.0304.02

	Ursprung der Erkennung: 4.4.0304.04

	Typ der Erkennung: 4.4.0304.08

	Quelle der Erkennung: %Adware:MSIL/Yontoo608

	Benutzer: {D1BC2B08-3F38-4DF6-B534-3483EB455A54}9

	Prozessname: %Adware:MSIL/Yontoo609

	Aktion: {D1BC2B08-3F38-4DF6-B534-3483EB455A54}1

	Aktionsstatus:  {D1BC2B08-3F38-4DF6-B534-3483EB455A54}8

	Fehlercode: {D1BC2B08-3F38-4DF6-B534-3483EB455A54}3

	Fehlerbeschreibung: {D1BC2B08-3F38-4DF6-B534-3483EB455A54}4

	Signaturversion: 2014-01-01T02:36:48.328Z1

	Modulversion: 2014-01-01T02:36:48.328Z2

Error: (01/01/2014 04:00:46 AM) (Source: Microsoft Antimalware) (User: )
Description: Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte Software wurde von %Adware:MSIL/Yontoo60 ein schwerwiegender Fehler festgestellt.

Weitere Informationen finden Sie hier:
%Adware:MSIL/Yontoo603

	Name: Adware:MSIL/Yontoo

	ID: 200356

	Schweregrad: %Adware:MSIL/Yontoo600

	Kategorie: %Adware:MSIL/Yontoo602

	Pfad: 4.4.0304.02

	Ursprung der Erkennung: 4.4.0304.04

	Typ der Erkennung: 4.4.0304.08

	Quelle der Erkennung: %Adware:MSIL/Yontoo608

	Benutzer: {D1BC2B08-3F38-4DF6-B534-3483EB455A54}9

	Prozessname: %Adware:MSIL/Yontoo609

	Aktion: {D1BC2B08-3F38-4DF6-B534-3483EB455A54}1

	Aktionsstatus:  {D1BC2B08-3F38-4DF6-B534-3483EB455A54}8

	Fehlercode: {D1BC2B08-3F38-4DF6-B534-3483EB455A54}3

	Fehlerbeschreibung: {D1BC2B08-3F38-4DF6-B534-3483EB455A54}4

	Signaturversion: 2014-01-01T02:36:48.328Z1

	Modulversion: 2014-01-01T02:36:48.328Z2


Microsoft Office Sessions:
=========================
Error: (01/01/2014 04:31:27 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (01/01/2014 04:31:27 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (12/30/2013 10:31:28 PM) (Source: Application Error)(User: )
Description: LolClient.exe0.0.0.0515663e0Adobe AIR.dll3.7.0.15305156646cc00000050006dd76194001cf0597738af03fC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.63\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.63\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dllbd3d0a7f-7199-11e3-a66b-4c809317e502

Error: (12/30/2013 04:44:27 PM) (Source: Application Error)(User: )
Description: NvBackend.exe10.11.15.052a6776cnvd3d9wrap.dll9.18.13.31825280d7e2c000000500005170f6c01cf05737e64239aC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dll4315c7b2-7169-11e3-a66b-4c809317e502

Error: (12/30/2013 04:44:00 PM) (Source: Application Error)(User: )
Description: NvBackend.exe10.11.15.052a6776cnvspcap.dll_unloaded0.0.0.052a67618c0000005100be510f6c01cf05737e64239aC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvspcap.dll33040138-7169-11e3-a66b-4c809317e502

Error: (12/29/2013 11:03:45 PM) (Source: Windows Backup)(User: )
Description: Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005)

Error: (12/28/2013 05:50:22 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.5472 - Nicht behebbarer Systemfehler.

Error: (12/28/2013 03:50:22 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.5472 - Nicht behebbarer Systemfehler.

Error: (12/28/2013 01:50:32 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.5472 - Nicht behebbarer Systemfehler.

Error: (12/27/2013 11:50:23 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.5472 - Nicht behebbarer Systemfehler.


CodeIntegrity Errors:
===================================
  Date: 2013-02-23 22:31:06.446
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\malte\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-23 22:31:06.415
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\malte\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-23 22:31:06.103
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-23 22:31:06.071
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 53%
Total physical RAM: 4007.05 MB
Available physical RAM: 1848.68 MB
Total Pagefile: 8012.29 MB
Available Pagefile: 4590.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:414.66 GB) (Free:287.89 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:0 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=415 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
         
__________________

Alt 01.01.2014, 20:59   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adware:MSIL/Yontoo - Standard

Adware:MSIL/Yontoo



Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.01.2014, 21:34   #5
Croatis
 
Adware:MSIL/Yontoo - Standard

Adware:MSIL/Yontoo



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
malte :: MALTE-PC [administrator]

01.01.2014 22:08:10
mbar-log-2014-01-01 (22-08-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 235869
Time elapsed: 21 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


Alt 01.01.2014, 22:19   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adware:MSIL/Yontoo - Standard

Adware:MSIL/Yontoo



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
--> Adware:MSIL/Yontoo

Alt 02.01.2014, 14:25   #7
Croatis
 
Adware:MSIL/Yontoo - Standard

Adware:MSIL/Yontoo



Code:
ATTFilter
# AdwCleaner v3.016 - Bericht erstellt am 02/01/2014 um 15:01:10
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : malte - MALTE-PC
# Gestartet von : C:\Users\malte\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\malte\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [59991 octets] - [15/11/2013 16:19:21]
AdwCleaner[R10].txt - [2000 octets] - [17/11/2013 10:19:39]
AdwCleaner[R11].txt - [2061 octets] - [17/11/2013 19:24:37]
AdwCleaner[R12].txt - [2115 octets] - [24/11/2013 20:12:08]
AdwCleaner[R13].txt - [2174 octets] - [27/11/2013 21:14:44]
AdwCleaner[R14].txt - [3800 octets] - [30/11/2013 14:32:07]
AdwCleaner[R15].txt - [3300 octets] - [30/11/2013 15:06:06]
AdwCleaner[R16].txt - [2776 octets] - [30/11/2013 15:12:29]
AdwCleaner[R17].txt - [2378 octets] - [30/11/2013 15:17:55]
AdwCleaner[R18].txt - [2439 octets] - [30/11/2013 15:26:24]
AdwCleaner[R19].txt - [2600 octets] - [30/11/2013 15:36:50]
AdwCleaner[R1].txt - [1159 octets] - [15/11/2013 16:37:18]
AdwCleaner[R20].txt - [2756 octets] - [03/12/2013 06:39:21]
AdwCleaner[R21].txt - [2782 octets] - [03/12/2013 14:12:34]
AdwCleaner[R22].txt - [2843 octets] - [04/12/2013 13:07:39]
AdwCleaner[R23].txt - [2904 octets] - [04/12/2013 14:41:27]
AdwCleaner[R24].txt - [2979 octets] - [04/12/2013 15:54:37]
AdwCleaner[R25].txt - [3040 octets] - [04/12/2013 23:44:45]
AdwCleaner[R26].txt - [3107 octets] - [05/12/2013 16:42:47]
AdwCleaner[R27].txt - [3168 octets] - [07/12/2013 14:02:01]
AdwCleaner[R28].txt - [10631 octets] - [18/12/2013 19:28:35]
AdwCleaner[R29].txt - [9935 octets] - [18/12/2013 19:40:45]
AdwCleaner[R2].txt - [1337 octets] - [15/11/2013 16:53:34]
AdwCleaner[R30].txt - [9996 octets] - [18/12/2013 19:42:11]
AdwCleaner[R31].txt - [10057 octets] - [18/12/2013 19:43:26]
AdwCleaner[R32].txt - [10204 octets] - [18/12/2013 21:29:50]
AdwCleaner[R33].txt - [10227 octets] - [18/12/2013 23:24:28]
AdwCleaner[R34].txt - [10152 octets] - [19/12/2013 06:27:21]
AdwCleaner[R35].txt - [10212 octets] - [19/12/2013 14:38:08]
AdwCleaner[R36].txt - [3788 octets] - [01/01/2014 17:30:35]
AdwCleaner[R37].txt - [3849 octets] - [02/01/2014 15:00:28]
AdwCleaner[R3].txt - [1232 octets] - [15/11/2013 16:58:12]
AdwCleaner[R4].txt - [1353 octets] - [15/11/2013 17:03:21]
AdwCleaner[R5].txt - [1639 octets] - [16/11/2013 16:36:36]
AdwCleaner[R6].txt - [1535 octets] - [16/11/2013 16:43:48]
AdwCleaner[R7].txt - [1819 octets] - [16/11/2013 18:15:44]
AdwCleaner[R8].txt - [1879 octets] - [16/11/2013 20:13:28]
AdwCleaner[R9].txt - [1938 octets] - [16/11/2013 21:07:02]
AdwCleaner[S0].txt - [58984 octets] - [15/11/2013 16:20:13]
AdwCleaner[S10].txt - [10668 octets] - [18/12/2013 19:35:44]
AdwCleaner[S11].txt - [3229 octets] - [02/01/2014 15:01:10]
AdwCleaner[S1].txt - [1320 octets] - [15/11/2013 16:54:40]
AdwCleaner[S2].txt - [1294 octets] - [15/11/2013 16:59:20]
AdwCleaner[S3].txt - [1622 octets] - [16/11/2013 16:37:39]
AdwCleaner[S4].txt - [3774 octets] - [30/11/2013 14:39:25]
AdwCleaner[S5].txt - [3270 octets] - [30/11/2013 15:07:23]
AdwCleaner[S6].txt - [2840 octets] - [30/11/2013 15:13:28]
AdwCleaner[S7].txt - [2824 octets] - [03/12/2013 06:39:59]
AdwCleaner[S8].txt - [2972 octets] - [04/12/2013 14:41:54]
AdwCleaner[S9].txt - [3102 octets] - [05/12/2013 00:44:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S11].txt - [3830 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by malte on 02.01.2014 at 15:12:17,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fa63398e-322b-4833-9af3-15837ad12138}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_USERS\.DEFAULT\Software\SearchProtect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DropDownDeals_Setup-C4_2013_03_14-8AE8_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DropDownDeals_Setup-C4_2013_03_14-8AE8_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DropDownDeals_Setup-C4_2013_03_14-8AE8_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DropDownDeals_Setup-C4_2013_03_14-8AE8_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56EC649A-0232-40A9-8F89-83C17C10A853}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files

Successfully deleted: [File] "C:\Users\malte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\adtrustmedia"
Successfully deleted: [Folder] "C:\Users\malte\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\smarttweak"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
Successfully deleted: [Folder] "C:\Users\malte\AppData\Roaming\microsoft\windows\start menu\programs\smarttweak software"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\malte\appdata\local\{42C78CA2-6395-4E4C-B8D1-5EADB1416B12}
Successfully deleted: [Empty Folder] C:\Users\malte\appdata\local\{486C41E2-AB76-4C3A-ACD8-08C0D66F47F8}
Successfully deleted: [Empty Folder] C:\Users\malte\appdata\local\{7A955831-0C4A-4287-BB5B-8BCD1052EEB6}
Successfully deleted: [Empty Folder] C:\Users\malte\appdata\local\{8C1E1683-A192-4ACB-91A0-27CDCD3DAE20}
Successfully deleted: [Empty Folder] C:\Users\malte\appdata\local\{990154BA-A459-42E0-8DEC-5F0F5A49AEFE}
Successfully deleted: [Empty Folder] C:\Users\malte\appdata\local\{C2777930-786C-4261-99AA-D813B7720B5D}



~~~ FireFox

Successfully deleted the following from C:\Users\malte\AppData\Roaming\mozilla\firefox\profiles\56lcwbxo.default\prefs.js

user_pref("extensions.trusted-ads.TrustAd", "{\"r\":[{\"t\":\"FQDN\",\"r\":\"trustedads.adtrustmedia.com\",\"c\":[{\"i\":\"1\",\"s\":[\"display.clickpoint.com\",\"www.africawi
Emptied folder: C:\Users\malte\AppData\Roaming\mozilla\firefox\profiles\56lcwbxo.default\minidumps [1175 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.01.2014 at 15:18:16,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2014 01
Ran by malte (administrator) on MALTE-PC on 02-01-2014 15:20:38
Running from C:\Users\malte\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Protector Suite\upeksvr.exe
() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(UPEK Inc.) C:\Program Files\Protector Suite\psqltray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11817576 2011-04-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2209896 2011-04-18] (Realtek Semiconductor)
HKLM\...\Run: [PSQLLauncher] - C:\Program Files\Protector Suite\launcher.exe [84816 2010-12-10] (UPEK Inc.)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2028328 2010-01-22] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [75048 2011-05-25] (cyberlink)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2011-04-15] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [228448 2011-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [GoogleChromeAutoLaunch_4EDD238F6323EBFA2FEF3611F48EDEB5] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-12-04] (Google Inc.)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {46d09926-831a-11e2-b255-4c809317e502} - F:\AutoRun.exe
MountPoints2: {46d09930-831a-11e2-b255-4c809317e502} - F:\AutoRun.exe
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {8E198647-95D1-43D5-B357-5DFB5F43AC18} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag= interactivemesuche21&index=blended&linkCode=ur2&camp=1638&creative=6742
SearchScopes: HKCU - {ACF4F651-1C38-427E-8A07-0E6013F6A053} URL = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
SearchScopes: HKCU - {CFE47D08-D199-4152-B4D0-20736C8171FA} URL = hxxp://suche.t-online.de/fastcgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&d ia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wikitab_internet_std&q={searchTerms}&br=ie7-toi
BHO: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default
FF NewTab: about:blank
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: opencandy.com/Ignite - C:\Users\malte\AppData\Local\Ignite\npOCDM.1.1.4.0.dll (OpenCandy, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default\searchplugins\amazon-distro.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default\Extensions\ich@maltegoetz.de
FF Extension: ChatZilla - C:\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF Extension: Search Results Toolbar - C:\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default\Extensions\{fa63398e-322b-4833-9af3-15837ad12138}
FF Extension: Grooveshark Unlocker - C:\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: Adblock Plus - C:\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

Chrome: 
=======
CHR HomePage: about:blank
CHR RestoreOnStartup: "about:blank"
CHR DefaultSearchKeyword: Google
CHR DefaultSearchURL: hxxp://www.google.com/search?q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\malte\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\malte\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\malte\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\malte\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0
CHR Extension: (Google Wallet) - C:\Users\malte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\malte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-10-07] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-02 15:20 - 2014-01-02 15:20 - 00020930 _____ C:\Users\malte\Desktop\FRST.txt
2014-01-02 15:20 - 2014-01-02 15:20 - 00000000 ____D C:\Users\malte\Desktop\FRST-OlderVersion
2014-01-02 15:18 - 2014-01-02 15:18 - 00003624 _____ C:\Users\malte\Desktop\JRT.txt
2014-01-02 15:12 - 2014-01-02 15:12 - 00000000 ____D C:\Windows\ERUNT
2014-01-02 15:10 - 2014-01-02 15:11 - 01036305 _____ (Thisisu) C:\Users\malte\Downloads\JRT.exe
2014-01-02 05:01 - 2014-01-02 05:01 - 00000000 ____D C:\Users\malte\AppData\Local\TechSmith
2014-01-02 04:58 - 2014-01-02 07:51 - 00004608 _____ C:\Users\malte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-02 04:53 - 2014-01-02 05:08 - 00000000 ____D C:\Users\malte\Documents\Camtasia Studio
2014-01-02 04:53 - 2014-01-02 04:53 - 00000000 ____D C:\Users\malte\AppData\Roaming\TechSmith
2014-01-02 04:51 - 2014-01-02 04:51 - 00001172 _____ C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2014-01-02 04:51 - 2014-01-02 04:51 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2014-01-02 04:51 - 2014-01-02 04:51 - 00000000 ____D C:\Program Files (x86)\QuickTime
2014-01-02 04:50 - 2014-01-02 04:50 - 00000000 ____D C:\ProgramData\TechSmith
2014-01-02 04:50 - 2014-01-02 04:50 - 00000000 ____D C:\Program Files (x86)\TechSmith
2014-01-02 04:26 - 2014-01-02 04:46 - 251749736 _____ C:\Users\malte\Downloads\camtasiade_8.1.2.exe
2014-01-01 22:08 - 2014-01-01 22:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-01 22:08 - 2014-01-01 22:08 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-01 22:08 - 2014-01-01 22:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-01 22:06 - 2014-01-01 22:31 - 00000000 ____D C:\Users\malte\Desktop\mbar
2014-01-01 22:06 - 2014-01-01 22:06 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-01 22:03 - 2014-01-01 22:04 - 12582688 _____ (Malwarebytes Corp.) C:\Users\malte\Desktop\mbar-1.07.0.1008.exe
2014-01-01 21:30 - 2014-01-01 21:31 - 00034980 _____ C:\Users\malte\Downloads\Addition.txt
2014-01-01 21:28 - 2014-01-02 15:20 - 00000000 ____D C:\FRST
2014-01-01 21:28 - 2014-01-01 21:31 - 00067426 _____ C:\Users\malte\Downloads\FRST.txt
2014-01-01 21:27 - 2014-01-02 15:20 - 01931426 _____ (Farbar) C:\Users\malte\Desktop\FRST64.exe
2014-01-01 04:24 - 2014-01-01 04:24 - 01233962 _____ C:\Users\malte\Desktop\adwcleaner.exe
2014-01-01 02:39 - 2014-01-01 02:39 - 00602112 _____ (OldTimer Tools) C:\Users\malte\Downloads\OTL(1).exe
2014-01-01 02:29 - 2014-01-01 02:29 - 00165376 _____ C:\Users\malte\Downloads\SystemLook_x64(1).exe
2014-01-01 02:20 - 2014-01-01 02:20 - 00000000 ____D C:\_OTL
2014-01-01 02:18 - 2014-01-01 02:18 - 00131488 _____ C:\Users\malte\Downloads\Extras.Txt
2014-01-01 02:16 - 2014-01-01 02:16 - 00155764 _____ C:\Users\malte\Downloads\OTL.Txt
2014-01-01 02:01 - 2014-01-01 02:01 - 00602112 _____ (OldTimer Tools) C:\Users\malte\Downloads\OTL.exe
2014-01-01 01:52 - 2014-01-01 19:49 - 00028562 _____ C:\Users\malte\Downloads\SystemLook.txt
2014-01-01 01:51 - 2014-01-01 01:51 - 00165376 _____ C:\Users\malte\Downloads\SystemLook_x64.exe
2013-12-28 15:41 - 2013-12-28 15:42 - 00000000 ____D C:\Users\malte\AppData\Local\NVIDIA Corporation
2013-12-28 15:39 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-28 15:39 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-28 15:37 - 2013-12-28 15:43 - 00000000 ____D C:\Users\malte\AppData\Local\NVIDIA
2013-12-27 16:02 - 2013-12-27 16:02 - 00000000 ____D C:\Users\malte\Documents\Rayman Legends
2013-12-27 15:47 - 2013-12-27 16:05 - 00000000 ____D C:\Users\malte\AppData\Local\Ubisoft Game Launcher
2013-12-27 15:47 - 2013-12-27 15:47 - 00001209 _____ C:\Users\malte\Desktop\Uplay.lnk
2013-12-27 15:47 - 2013-12-27 15:47 - 00000000 ____D C:\Users\malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-12-27 15:47 - 2013-12-27 15:47 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-12-26 09:38 - 2013-12-26 09:38 - 00000000 ____D C:\Users\malte\AppData\Roaming\NVIDIA
2013-12-26 09:28 - 2013-12-26 09:28 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-12-26 09:28 - 2013-12-26 09:28 - 00000000 ____D C:\Windows\system32\NV
2013-12-26 09:25 - 2013-12-10 03:13 - 01100248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-12-26 09:25 - 2013-12-10 03:13 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-12-26 09:22 - 2013-11-14 12:58 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-12-26 09:22 - 2013-11-14 12:58 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-12-26 09:22 - 2013-11-11 16:02 - 06674208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-12-26 09:22 - 2013-11-11 16:02 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-12-26 09:22 - 2013-11-11 16:01 - 03467927 _____ C:\Windows\system32\nvcoproc.bin
2013-12-26 09:22 - 2013-11-11 16:01 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-12-26 09:22 - 2013-11-11 16:01 - 01065248 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2013-12-26 09:22 - 2013-11-11 16:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-12-26 09:22 - 2013-11-11 16:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-12-26 09:22 - 2013-11-11 16:01 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2013-12-26 09:22 - 2013-11-11 16:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-12-26 09:11 - 2013-12-05 09:42 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 18293608 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-12-26 09:11 - 2013-11-14 12:58 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 03069608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-12-26 09:11 - 2013-11-14 12:58 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2013-12-26 09:11 - 2013-11-14 12:58 - 00023754 _____ C:\Windows\system32\nvinfo.pb
2013-12-26 07:52 - 2013-12-26 07:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-26 07:44 - 2013-12-26 07:44 - 00000000 ____D C:\NVIDIA
2013-12-26 07:24 - 2013-12-26 07:43 - 259887872 _____ (NVIDIA Corporation) C:\Users\malte\Downloads\331.82-notebook-win8-win7-64bit-international-whql.exe
2013-12-26 06:44 - 2013-12-26 06:44 - 00000000 ____D C:\ProgramData\Codemasters
2013-12-25 22:10 - 2013-12-25 22:19 - 00000000 ____D C:\Users\malte\Documents\ManiaPlanet
2013-12-25 22:10 - 2013-12-25 22:19 - 00000000 ____D C:\ProgramData\ManiaPlanet
2013-12-25 18:54 - 2013-12-25 19:03 - 00000000 ____D C:\Users\malte\Documents\Mount&Blade Warband Savegames
2013-12-25 18:52 - 2013-12-25 18:58 - 00000000 ____D C:\Users\malte\Documents\Mount&Blade Warband
2013-12-25 18:52 - 2013-12-25 18:53 - 00000000 ____D C:\Users\malte\AppData\Roaming\Mount&Blade Warband
2013-12-22 17:57 - 2013-12-22 17:58 - 09117752 _____ C:\Users\malte\Downloads\yet_another_cleaner(3).exe
2013-12-21 18:44 - 2013-12-21 18:44 - 00001138 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-21 18:38 - 2014-01-02 15:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-21 18:38 - 2013-12-21 18:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-21 18:38 - 2013-12-21 18:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-21 18:38 - 2013-12-21 18:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-21 18:18 - 2013-12-21 18:18 - 01587612 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-20 15:22 - 2013-12-20 17:22 - 00000000 ____D C:\Users\malte\AppData\Local\BIT.TRIP RUNNER
2013-12-20 15:22 - 2013-12-20 15:22 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-12-20 15:22 - 2013-12-20 15:22 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-12-20 15:22 - 2013-12-20 15:22 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-12-20 15:22 - 2013-12-20 15:22 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-12-20 15:22 - 2013-12-20 15:22 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-20 15:22 - 2013-12-20 15:22 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-12-11 22:57 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 22:57 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 22:57 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 22:57 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 22:56 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 22:56 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 22:56 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 22:56 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 22:56 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 22:56 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 22:56 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 22:56 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 22:56 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 22:56 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 22:56 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 22:56 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 22:56 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 22:56 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 22:56 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 22:56 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 22:56 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 22:56 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 22:56 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 22:56 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 22:56 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 22:56 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 22:56 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 22:56 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 22:56 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 22:56 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 22:56 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 22:56 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 22:56 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 22:56 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 22:56 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 13:25 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 13:25 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 13:25 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 13:25 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 13:25 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 13:25 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 13:25 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 13:25 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 13:25 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 13:25 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 13:25 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 13:25 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 13:25 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 13:25 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 13:25 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 13:25 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 13:25 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 13:25 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 13:25 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-09 19:06 - 2013-12-27 18:20 - 00055419 _____ C:\Windows\DirectX.log
2013-12-05 16:32 - 2013-12-26 09:42 - 688538012 _____ C:\Windows\MEMORY.DMP
2013-12-05 16:32 - 2013-12-05 16:33 - 00262144 _____ C:\Windows\Minidump\120513-19546-01.dmp
2013-12-05 12:15 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-05 12:10 - 2013-12-05 12:10 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-05 12:10 - 2013-12-05 12:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-05 12:10 - 2013-12-05 12:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-05 12:10 - 2013-12-05 12:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-05 12:10 - 2013-12-05 12:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-05 12:10 - 2013-12-05 12:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-05 12:10 - 2013-12-05 12:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-05 12:06 - 2013-12-05 12:15 - 00010671 _____ C:\Windows\IE11_main.log
2013-12-05 00:49 - 2013-12-05 00:49 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-12-04 22:50 - 2013-12-04 22:50 - 00001179 _____ C:\Users\malte\Desktop\Blobby Volley 2 Version 1.0RC4.lnk
2013-12-04 22:50 - 2013-12-04 22:50 - 00000000 ____D C:\Program Files (x86)\Blobby Volley 2 Version 1.0RC4
2013-12-04 22:49 - 2013-12-04 22:50 - 02676391 _____ (                                                            ) C:\Users\malte\Downloads\blobby2-win32-1.0rc4-installer.exe
2013-12-03 14:10 - 2013-12-03 14:10 - 00903832 _____ C:\Users\malte\Downloads\yet_another_cleaner(2).exe
2013-12-03 06:41 - 2014-01-01 04:27 - 00115602 _____ C:\Windows\PFRO.log
2013-12-03 06:39 - 2013-12-03 06:39 - 01110034 _____ C:\Users\malte\Downloads\adwcleaner(1).exe

==================== One Month Modified Files and Folders =======

2014-01-02 15:21 - 2014-01-02 15:20 - 00020930 _____ C:\Users\malte\Desktop\FRST.txt
2014-01-02 15:20 - 2014-01-02 15:20 - 00000000 ____D C:\Users\malte\Desktop\FRST-OlderVersion
2014-01-02 15:20 - 2014-01-01 21:28 - 00000000 ____D C:\FRST
2014-01-02 15:20 - 2014-01-01 21:27 - 01931426 _____ (Farbar) C:\Users\malte\Desktop\FRST64.exe
2014-01-02 15:18 - 2014-01-02 15:18 - 00003624 _____ C:\Users\malte\Desktop\JRT.txt
2014-01-02 15:13 - 2009-07-14 05:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-02 15:13 - 2009-07-14 05:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-02 15:12 - 2014-01-02 15:12 - 00000000 ____D C:\Windows\ERUNT
2014-01-02 15:12 - 2013-12-21 18:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-02 15:11 - 2014-01-02 15:10 - 01036305 _____ (Thisisu) C:\Users\malte\Downloads\JRT.exe
2014-01-02 15:10 - 2012-06-13 17:45 - 01506808 _____ C:\Windows\WindowsUpdate.log
2014-01-02 15:10 - 2011-05-16 15:04 - 00699682 _____ C:\Windows\system32\perfh007.dat
2014-01-02 15:10 - 2011-05-16 15:04 - 00149790 _____ C:\Windows\system32\perfc007.dat
2014-01-02 15:10 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-02 15:09 - 2012-06-28 13:26 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-02 15:08 - 2013-02-24 17:24 - 00000000 ____D C:\Users\malte\AppData\Local\LogMeIn Hamachi
2014-01-02 15:07 - 2013-07-29 18:57 - 00000000 ____D C:\Users\malte\AppData\Roaming\TS3Client
2014-01-02 15:06 - 2012-06-13 18:24 - 00000000 ____D C:\Users\malte\AppData\Roaming\Skype
2014-01-02 15:04 - 2013-12-02 06:21 - 00004603 _____ C:\Windows\setupact.log
2014-01-02 15:04 - 2012-11-10 22:33 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-02 15:03 - 2011-10-11 13:46 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-02 15:03 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-02 15:01 - 2013-11-15 16:19 - 00000000 ____D C:\AdwCleaner
2014-01-02 14:56 - 2012-11-10 22:33 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-02 08:15 - 2012-06-13 18:41 - 00000000 ____D C:\Users\malte\AppData\Local\PMB Files
2014-01-02 07:51 - 2014-01-02 04:58 - 00004608 _____ C:\Users\malte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-02 07:30 - 2012-06-13 18:41 - 00000000 ____D C:\ProgramData\PMB Files
2014-01-02 05:08 - 2014-01-02 04:53 - 00000000 ____D C:\Users\malte\Documents\Camtasia Studio
2014-01-02 05:01 - 2014-01-02 05:01 - 00000000 ____D C:\Users\malte\AppData\Local\TechSmith
2014-01-02 04:53 - 2014-01-02 04:53 - 00000000 ____D C:\Users\malte\AppData\Roaming\TechSmith
2014-01-02 04:52 - 2012-06-13 17:51 - 00000000 ____D C:\Users\malte
2014-01-02 04:51 - 2014-01-02 04:51 - 00001172 _____ C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2014-01-02 04:51 - 2014-01-02 04:51 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2014-01-02 04:51 - 2014-01-02 04:51 - 00000000 ____D C:\Program Files (x86)\QuickTime
2014-01-02 04:50 - 2014-01-02 04:50 - 00000000 ____D C:\ProgramData\TechSmith
2014-01-02 04:50 - 2014-01-02 04:50 - 00000000 ____D C:\Program Files (x86)\TechSmith
2014-01-02 04:46 - 2014-01-02 04:26 - 251749736 _____ C:\Users\malte\Downloads\camtasiade_8.1.2.exe
2014-01-01 22:31 - 2014-01-01 22:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-01 22:31 - 2014-01-01 22:06 - 00000000 ____D C:\Users\malte\Desktop\mbar
2014-01-01 22:08 - 2014-01-01 22:08 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-01 22:08 - 2014-01-01 22:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-01 22:06 - 2014-01-01 22:06 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-01 22:04 - 2014-01-01 22:03 - 12582688 _____ (Malwarebytes Corp.) C:\Users\malte\Desktop\mbar-1.07.0.1008.exe
2014-01-01 21:31 - 2014-01-01 21:30 - 00034980 _____ C:\Users\malte\Downloads\Addition.txt
2014-01-01 21:31 - 2014-01-01 21:28 - 00067426 _____ C:\Users\malte\Downloads\FRST.txt
2014-01-01 19:49 - 2014-01-01 01:52 - 00028562 _____ C:\Users\malte\Downloads\SystemLook.txt
2014-01-01 04:27 - 2013-12-03 06:41 - 00115602 _____ C:\Windows\PFRO.log
2014-01-01 04:24 - 2014-01-01 04:24 - 01233962 _____ C:\Users\malte\Desktop\adwcleaner.exe
2014-01-01 02:39 - 2014-01-01 02:39 - 00602112 _____ (OldTimer Tools) C:\Users\malte\Downloads\OTL(1).exe
2014-01-01 02:29 - 2014-01-01 02:29 - 00165376 _____ C:\Users\malte\Downloads\SystemLook_x64(1).exe
2014-01-01 02:20 - 2014-01-01 02:20 - 00000000 ____D C:\_OTL
2014-01-01 02:18 - 2014-01-01 02:18 - 00131488 _____ C:\Users\malte\Downloads\Extras.Txt
2014-01-01 02:16 - 2014-01-01 02:16 - 00155764 _____ C:\Users\malte\Downloads\OTL.Txt
2014-01-01 02:01 - 2014-01-01 02:01 - 00602112 _____ (OldTimer Tools) C:\Users\malte\Downloads\OTL.exe
2014-01-01 01:51 - 2014-01-01 01:51 - 00165376 _____ C:\Users\malte\Downloads\SystemLook_x64.exe
2014-01-01 01:41 - 2013-11-27 21:25 - 00000000 ____D C:\Users\malte\AppData\Roaming\eCyber
2013-12-28 15:43 - 2013-12-28 15:37 - 00000000 ____D C:\Users\malte\AppData\Local\NVIDIA
2013-12-28 15:42 - 2013-12-28 15:41 - 00000000 ____D C:\Users\malte\AppData\Local\NVIDIA Corporation
2013-12-28 15:42 - 2011-10-11 13:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-28 15:40 - 2011-10-11 13:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-28 15:40 - 2011-10-11 13:45 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-27 18:20 - 2013-12-09 19:06 - 00055419 _____ C:\Windows\DirectX.log
2013-12-27 16:05 - 2013-12-27 15:47 - 00000000 ____D C:\Users\malte\AppData\Local\Ubisoft Game Launcher
2013-12-27 16:02 - 2013-12-27 16:02 - 00000000 ____D C:\Users\malte\Documents\Rayman Legends
2013-12-27 15:47 - 2013-12-27 15:47 - 00001209 _____ C:\Users\malte\Desktop\Uplay.lnk
2013-12-27 15:47 - 2013-12-27 15:47 - 00000000 ____D C:\Users\malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-12-27 15:47 - 2013-12-27 15:47 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-12-26 13:49 - 2012-07-12 15:07 - 00000000 ____D C:\Users\malte\AppData\Local\PokerStars.EU
2013-12-26 12:01 - 2012-06-15 14:02 - 00000000 ____D C:\Windows\Minidump
2013-12-26 09:42 - 2013-12-05 16:32 - 688538012 _____ C:\Windows\MEMORY.DMP
2013-12-26 09:38 - 2013-12-26 09:38 - 00000000 ____D C:\Users\malte\AppData\Roaming\NVIDIA
2013-12-26 09:28 - 2013-12-26 09:28 - 00000000 ____D C:\Windows\SysWOW64\NV
2013-12-26 09:28 - 2013-12-26 09:28 - 00000000 ____D C:\Windows\system32\NV
2013-12-26 09:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2013-12-26 07:52 - 2013-12-26 07:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-26 07:44 - 2013-12-26 07:44 - 00000000 ____D C:\NVIDIA
2013-12-26 07:43 - 2013-12-26 07:24 - 259887872 _____ (NVIDIA Corporation) C:\Users\malte\Downloads\331.82-notebook-win8-win7-64bit-international-whql.exe
2013-12-26 06:44 - 2013-12-26 06:44 - 00000000 ____D C:\ProgramData\Codemasters
2013-12-26 06:44 - 2013-06-01 12:03 - 00000000 ____D C:\Users\malte\Documents\My Games
2013-12-25 22:19 - 2013-12-25 22:10 - 00000000 ____D C:\Users\malte\Documents\ManiaPlanet
2013-12-25 22:19 - 2013-12-25 22:10 - 00000000 ____D C:\ProgramData\ManiaPlanet
2013-12-25 19:03 - 2013-12-25 18:54 - 00000000 ____D C:\Users\malte\Documents\Mount&Blade Warband Savegames
2013-12-25 18:58 - 2013-12-25 18:52 - 00000000 ____D C:\Users\malte\Documents\Mount&Blade Warband
2013-12-25 18:53 - 2013-12-25 18:52 - 00000000 ____D C:\Users\malte\AppData\Roaming\Mount&Blade Warband
2013-12-22 17:58 - 2013-12-22 17:57 - 09117752 _____ C:\Users\malte\Downloads\yet_another_cleaner(3).exe
2013-12-21 18:48 - 2012-06-13 19:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-21 18:44 - 2013-12-21 18:44 - 00001138 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-21 18:39 - 2012-06-28 18:12 - 00000000 ____D C:\Users\malte\AppData\Local\Adobe
2013-12-21 18:38 - 2013-12-21 18:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-21 18:38 - 2013-12-21 18:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-21 18:38 - 2013-12-21 18:38 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-21 18:18 - 2013-12-21 18:18 - 01587612 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-20 18:15 - 2012-07-12 15:07 - 00000000 ____D C:\Program Files (x86)\PokerStars
2013-12-20 17:22 - 2013-12-20 15:22 - 00000000 ____D C:\Users\malte\AppData\Local\BIT.TRIP RUNNER
2013-12-20 15:22 - 2013-12-20 15:22 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-12-20 15:22 - 2013-12-20 15:22 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-12-20 15:22 - 2013-12-20 15:22 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-12-20 15:22 - 2013-12-20 15:22 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-12-20 15:22 - 2013-12-20 15:22 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-20 15:22 - 2013-12-20 15:22 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-12-19 15:52 - 2012-06-13 17:47 - 00000000 ____D C:\Program Files (x86)\watchmi
2013-12-19 15:20 - 2013-11-27 21:24 - 00000000 ____D C:\Windows\system32\log
2013-12-19 15:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-12-19 15:19 - 2011-04-12 09:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-19 15:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-12-18 19:41 - 2011-07-18 21:54 - 00000000 ____D C:\Windows\Panther
2013-12-15 03:04 - 2013-08-15 09:59 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 03:01 - 2011-07-18 21:31 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 07:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 12:25 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 12:24 - 2009-07-14 05:45 - 00300400 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-10 03:13 - 2013-12-26 09:25 - 01100248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-12-10 03:13 - 2013-12-26 09:25 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-12-05 16:33 - 2013-12-05 16:32 - 00262144 _____ C:\Windows\Minidump\120513-19546-01.dmp
2013-12-05 14:21 - 2013-05-21 10:40 - 00001429 _____ C:\Users\malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-05 14:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-05 12:15 - 2013-12-05 12:06 - 00010671 _____ C:\Windows\IE11_main.log
2013-12-05 12:10 - 2013-12-05 12:10 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-05 12:10 - 2013-12-05 12:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-05 12:10 - 2013-12-05 12:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-05 12:10 - 2013-12-05 12:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-05 12:10 - 2013-12-05 12:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-05 12:10 - 2013-12-05 12:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-05 12:10 - 2013-12-05 12:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-05 12:10 - 2013-12-05 12:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-05 12:10 - 2013-12-05 12:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-05 09:42 - 2013-12-28 15:39 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-05 09:42 - 2013-12-28 15:39 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-05 09:42 - 2013-12-26 09:11 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-12-05 00:49 - 2013-12-05 00:49 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-12-05 00:49 - 2013-02-24 17:24 - 00000930 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2013-12-04 22:50 - 2013-12-04 22:50 - 00001179 _____ C:\Users\malte\Desktop\Blobby Volley 2 Version 1.0RC4.lnk
2013-12-04 22:50 - 2013-12-04 22:50 - 00000000 ____D C:\Program Files (x86)\Blobby Volley 2 Version 1.0RC4
2013-12-04 22:50 - 2013-12-04 22:49 - 02676391 _____ (                                                            ) C:\Users\malte\Downloads\blobby2-win32-1.0rc4-installer.exe
2013-12-03 14:10 - 2013-12-03 14:10 - 00903832 _____ C:\Users\malte\Downloads\yet_another_cleaner(2).exe
2013-12-03 06:39 - 2013-12-03 06:39 - 01110034 _____ C:\Users\malte\Downloads\adwcleaner(1).exe

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.4048.dll


Some content of TEMP:
====================
C:\Users\malte\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-01 10:43

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 02.01.2014, 14:31   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adware:MSIL/Yontoo - Standard

Adware:MSIL/Yontoo



FRST starten, Haken setzen bei additions.txt, auf Scan klicken - neue additions.txt posten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.01.2014, 16:00   #9
Croatis
 
Adware:MSIL/Yontoo - Standard

Adware:MSIL/Yontoo



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2014 01
Ran by malte at 2014-01-02 16:58:17
Running from C:\Users\malte\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adblock IE 1.1 (Version: 1.1.0868 - MGTEK)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.9 (x32 Version:  - )
Blobby Volley 2 Version 1.0RC4 (x32 Version:  - )
Call of Duty: Modern Warfare 2 - Multiplayer (x32 Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (x32 Version:  - Infinity Ward)
Camtasia Studio 8 (x32 Version: 8.1.2.1344 - TechSmith Corporation)
Castle Crashers (x32 Version:  - The Behemoth)
CCleaner (Version: 3.19 - Piriform)
Chivalry: Medieval Warfare (x32 Version:  - Torn Banner Studios)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Counter-Strike: Global Offensive (x32 Version:  - Valve)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.3225.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.3225.52 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink PowerProducer (x32 Version: 5.0.2.3503 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.2.3503 - CyberLink Corp.) Hidden
CyberLink PowerRecover (x32 Version: 5.5.4125 - CyberLink Corp.)
CyberLink PowerRecover (x32 Version: 5.5.4125 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 3.1.4013 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4013 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (x32 Version: 2.6.1.28 - DivX, LLC)
Dolby Home Theater v4 (x32 Version: 7.2.7000.4 - Dolby Laboratories Inc)
Empire: Total War (x32 Version:  - The Creative Assembly)
EVEREST Home Edition v2.20 (x32 Version: 2.20 - Lavalys Inc)
F1 2013 (x32 Version:  - Codemasters Birmingham)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FTL: Faster Than Light (x32 Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Dev Tycoon v1.3.2 (c) Greenheart Games version 1 (x32 Version: 1 - )
Garry's Mod (x32 Version:  - Facepunch Studios)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Ignite (HKCU Version: 1.1.4.125 - OpenCandy, Inc.)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2418 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (Version: 1.0.0.0135 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 1.0.2.0518 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.0.1008 - Intel Corporation)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 26 (64-bit) (Version: 6.0.260 - Oracle)
Java(TM) 6 Update 26 (x32 Version: 6.0.260 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2 - Microsoft Corporation)
League of Legends (x32 Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.) Hidden
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mount & Blade: Warband (x32 Version:  - Tale Worlds)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NVIDIA 3D Vision Treiber 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3182 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)
OpenAL (x32 Version:  - )
Pando Media Booster (x32 Version: 2.6.0.7 - Pando Networks Inc.)
PHotkey (x32 Version: 1.00.0038 - Pegatron Corporation)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PokerStars (x32 Version:  - PokerStars)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Protector Suite 2011 (Version: 5.9.4.6894 - UPEK Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Rayman Legends (x32 Version:  - )
Realtek Ethernet Controller Driver (x32 Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6353 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.16.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.16.0 - Renesas Electronics Corporation) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SpeedFan (remove only) (x32 Version:  - )
Spelling Dictionaries Support For Adobe Reader X (x32 Version: 10.0.0 - Adobe Systems Incorporated)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Super Hexagon (x32 Version:  - Terry Cavanagh)
Synaptics Pointing Device Driver (Version: 15.0.4.0 - Synaptics Incorporated)
TeamSpeak 3 Client (x32 Version: 3.0.13.1 - TeamSpeak Systems GmbH)
The Binding of Isaac (x32 Version:  - )
Uplay (x32 Version: 3.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VVVVVV (x32 Version:  - Terry Cavanagh)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

27-12-2013 17:18:26 DirectX wurde installiert
28-12-2013 14:41:23 DirectX wurde installiert
29-12-2013 22:00:42 Windows-Sicherung
30-12-2013 05:15:27 Windows Update
02-01-2014 03:49:15 Camtasia Studio 8 wird installiert

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-01-01 02:44 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {128FFCC5-E213-476D-B24E-C2367F3A2F9F} - System32\Tasks\{07B605FA-93C8-40B9-B725-09FEBC942889} => Firefox.exe 
Task: {447A246A-D84A-43C3-9FEA-DF9CB48CF7A7} - System32\Tasks\{CDDB4254-5B41-47D3-8591-CB5236C96238} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4CFBBAE2-C924-47F1-86E4-E31CB7E61905} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10] (Google Inc.)
Task: {698931DB-512A-46CE-B3E0-579EF32CB6CD} - System32\Tasks\{FDE9254A-4B5A-4E10-BBFD-798D59728C60} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {804DD3FF-090D-49ED-843A-1CE8E07BEAB2} - System32\Tasks\{53B04E57-3AAD-4E6D-8EAA-89294CA596DE} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.115/de/go/help.faq.installer?LastError=1603
Task: {9FF782BD-6D85-4BF0-BC20-7AF80AF7DC62} - \Scheduled Update for Ask Toolbar No Task File
Task: {AEF14196-0260-4861-8CB4-325B9E03EF35} - System32\Tasks\{DCAAE010-52DE-4F3B-8750-9BA4A4D69371} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BF626A47-304C-4610-AF88-24EEEAAD0C6C} - \BackgroundContainer Startup Task No Task File
Task: {C7B63D84-9614-4206-8C84-D7384174BAF3} - \dsmonitor No Task File
Task: {C8EC00D0-E794-4C13-AADC-992B170FB4A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-21] (Adobe Systems Incorporated)
Task: {CDFAE4D5-22BD-4D9D-86F9-3E4215A5352F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D88F4DDB-C292-40F7-A575-0B15964037BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10] (Google Inc.)
Task: {E76F2826-CCEE-4DBE-AEB2-D5C2C3309221} - System32\Tasks\{72D8A4D7-70BD-4192-93CD-C422D3669133} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {FEB5BE6E-DD3F-4459-B5BB-A5991D97EA27} - \DriverScanner No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-05-02 21:41 - 2011-05-02 21:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-08-30 23:31 - 2009-12-18 23:36 - 00973432 ____R () C:\Program Files (x86)\PHotkey\acAuth.dll
2011-08-30 23:31 - 2009-12-18 23:41 - 00129544 ____R () C:\Program Files (x86)\PHotkey\GFNEX.dll
2010-08-03 23:39 - 2010-08-03 23:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-03 23:39 - 2010-08-03 23:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-02-13 03:38 - 2013-02-13 03:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-08-16 05:46 - 2013-08-16 05:46 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\eb4812681f6ab4406053f3a1803e6da0\IsdiInterop.ni.dll
2011-08-30 23:15 - 2010-11-06 07:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-28 21:04 - 2013-12-17 15:21 - 00126816 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.196\deploy\RiotLauncher.dll
2013-12-21 18:44 - 2013-12-21 18:48 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-03-12 17:10 - 2013-11-06 22:48 - 00691200 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2012-06-28 13:30 - 2013-12-11 20:40 - 01135016 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-06-28 13:30 - 2013-11-06 22:48 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-06-28 13:30 - 2013-06-15 00:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-06-28 13:30 - 2013-06-15 00:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-06-28 13:30 - 2013-06-15 00:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2014 04:16:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CamRecorder.exe, Version: 8.1.2.1344, Zeitstempel: 0x521468e9
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00037dd0
ID des fehlerhaften Prozesses: 0x1af8
Startzeit der fehlerhaften Anwendung: 0xCamRecorder.exe0
Pfad der fehlerhaften Anwendung: CamRecorder.exe1
Pfad des fehlerhaften Moduls: CamRecorder.exe2
Berichtskennung: CamRecorder.exe3

Error: (01/02/2014 03:42:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LolClient.exe, Version: 0.0.0.0, Zeitstempel: 0x515663e0
Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.7.0.1530, Zeitstempel: 0x5156646c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0056447a
ID des fehlerhaften Prozesses: 0x590
Startzeit der fehlerhaften Anwendung: 0xLolClient.exe0
Pfad der fehlerhaften Anwendung: LolClient.exe1
Pfad des fehlerhaften Moduls: LolClient.exe2
Berichtskennung: LolClient.exe3


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (01/02/2014 04:16:22 PM) (Source: Application Error)(User: )
Description: CamRecorder.exe8.1.2.1344521468e9ntdll.dll6.1.7601.18247521ea8e7c000000500037dd01af801cf07c850d3744aC:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamRecorder.exeC:\Windows\SysWOW64\ntdll.dlld63b68f8-73c0-11e3-8d81-4c809317e502

Error: (01/02/2014 03:42:18 PM) (Source: Application Error)(User: )
Description: LolClient.exe0.0.0.0515663e0Adobe AIR.dll3.7.0.15305156646cc00000050056447a59001cf07c6a61df1abC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.63\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.63\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dll140c6a2c-73bc-11e3-8d81-4c809317e502


CodeIntegrity Errors:
===================================
  Date: 2013-02-23 22:31:06.446
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\malte\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-23 22:31:06.415
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\malte\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-23 22:31:06.103
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-23 22:31:06.071
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 61%
Total physical RAM: 4007.05 MB
Available physical RAM: 1545.81 MB
Total Pagefile: 8012.29 MB
Available Pagefile: 4746.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:414.66 GB) (Free:239.08 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:0 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=415 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
         

Alt 03.01.2014, 10:34   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adware:MSIL/Yontoo - Standard

Adware:MSIL/Yontoo



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
FF Plugin HKCU: opencandy.com/Ignite - C:\Users\malte\AppData\Local\Ignite\npOCDM.1.1.4.0.dll (OpenCandy, Inc.)
FF Extension: Search Results Toolbar - C:\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default\Extensions\{fa63398e-322b-4833-9af3-15837ad12138}
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
Task: {9FF782BD-6D85-4BF0-BC20-7AF80AF7DC62} - \Scheduled Update for Ask Toolbar No Task File
Task: {BF626A47-304C-4610-AF88-24EEEAAD0C6C} - \BackgroundContainer Startup Task No Task File
C:\Program Files\Enigma Software Group
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.01.2014, 19:40   #11
Croatis
 
Adware:MSIL/Yontoo - Standard

Adware:MSIL/Yontoo



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2014
Ran by malte at 2014-01-03 20:38:44 Run:1
Running from C:\Users\malte\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF Plugin HKCU: opencandy.com/Ignite - C:\Users\malte\AppData\Local\Ignite\npOCDM.1.1.4.0.dll (OpenCandy, Inc.)
FF Extension: Search Results Toolbar - C:\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default\Extensions\{fa63398e-322b-4833-9af3-15837ad12138}
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
Task: {9FF782BD-6D85-4BF0-BC20-7AF80AF7DC62} - \Scheduled Update for Ask Toolbar No Task File
Task: {BF626A47-304C-4610-AF88-24EEEAAD0C6C} - \BackgroundContainer Startup Task No Task File
C:\Program Files\Enigma Software Group
         
*****************

HKCU\Software\MozillaPlugins\opencandy.com/Ignite => Key deleted successfully.
C:\Users\malte\AppData\Local\Ignite\npOCDM.1.1.4.0.dll => Moved successfully.
C:\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default\Extensions\{fa63398e-322b-4833-9af3-15837ad12138} => Moved successfully.
esgiguard => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FF782BD-6D85-4BF0-BC20-7AF80AF7DC62} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FF782BD-6D85-4BF0-BC20-7AF80AF7DC62} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BF626A47-304C-4610-AF88-24EEEAAD0C6C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF626A47-304C-4610-AF88-24EEEAAD0C6C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => Key deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.

==== End of Fixlog ====
         

Alt 04.01.2014, 11:47   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adware:MSIL/Yontoo - Standard

Adware:MSIL/Yontoo



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.01.2014, 15:29   #13
Croatis
 
Adware:MSIL/Yontoo - Standard

Adware:MSIL/Yontoo



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5a4b6ddb9843c44583de8b1c7de0d9be
# engine=16520
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-04 07:20:28
# local_time=2014-01-04 08:20:28 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777214 33 1 48994437 48994437 0 0
# compatibility_mode=3073 16777214 0 7 7535739 7535739 0 0
# compatibility_mode=5893 16776574 100 94 315995 140493078 0 0
# scanned=90939
# found=4
# cleaned=0
# scan_time=6005
sh=076D45CDA512A91EE12BE4DFEC81681BF7120600 ft=1 fh=5568dbd2d36055a6 vn="a variant of Win32/AdWare.AddLyrics.Y application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Show-Password\Uninstall.exe.vir"
sh=984CDAA7C03EDAA48660D6F8231E233AA9AD6857 ft=1 fh=223ae04b43908e86 vn="a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient.dll.vir"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=D697D0396B6AD1245FA79335D8AAA1B8D3815375 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default\Extensions\plugin@yontoo.com\content\overlay.js.vir"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5a4b6ddb9843c44583de8b1c7de0d9be
# engine=16523
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-05 09:24:30
# local_time=2014-01-05 10:24:30 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777214 33 1 49045079 49045079 0 0
# compatibility_mode=3073 16777214 0 7 7586381 7586381 0 0
# compatibility_mode=5893 16776574 100 94 370237 140543720 0 0
# scanned=207974
# found=11
# cleaned=0
# scan_time=22992
sh=076D45CDA512A91EE12BE4DFEC81681BF7120600 ft=1 fh=5568dbd2d36055a6 vn="a variant of Win32/AdWare.AddLyrics.Y application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Show-Password\Uninstall.exe.vir"
sh=984CDAA7C03EDAA48660D6F8231E233AA9AD6857 ft=1 fh=223ae04b43908e86 vn="a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient.dll.vir"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=D697D0396B6AD1245FA79335D8AAA1B8D3815375 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\malte\AppData\Roaming\Mozilla\Firefox\Profiles\56lcwbxo.default\Extensions\plugin@yontoo.com\content\overlay.js.vir"
sh=D2E75C2ACF578A71866FDF45CF4633835379AAB0 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="D:\MALTE-PC\Backup Set 2013-04-15 160112\Backup Files 2013-05-06 040851\Backup files 1.zip"
sh=EC38B71B635F354431F9BC5C8C17729CBD6CFC43 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\MALTE-PC\Backup Set 2013-04-15 160112\Backup Files 2013-05-12 230003\Backup files 1.zip"
sh=D50F290C5C1DAB315D46EFEFC93AC71D40EF07F6 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\MALTE-PC\Backup Set 2013-05-19 230008\Backup Files 2013-05-19 230008\Backup files 1.zip"
sh=4901A0732EF862D55D26FB61E773FC633F8D8A83 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="D:\MALTE-PC\Backup Set 2013-06-23 230109\Backup Files 2013-06-23 230109\Backup files 1.zip"
sh=3A96487D02E262FE428DCC103C6B96D1E4E58C38 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\MALTE-PC\Backup Set 2013-06-23 230109\Backup Files 2013-06-23 230109\Backup files 2.zip"
sh=9DD093C5F9210AC78321DFA713B97845A944A97B ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="D:\MALTE-PC\Backup Set 2013-07-28 230008\Backup Files 2013-07-28 230008\Backup files 1.zip"
sh=A6914BD227657B63AF12E95454EF8CDCBB9635E1 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\MALTE-PC\Backup Set 2013-07-28 230008\Backup Files 2013-07-28 230008\Backup files 2.zip"
         

Alt 05.01.2014, 19:20   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adware:MSIL/Yontoo - Standard

Adware:MSIL/Yontoo



Log von Malwarebytes fehlt. Logs sind immer zu posten, egal ob Fund oder kein Fund, denn es enthält mehr Infos als nur die Funde.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.01.2014, 19:25   #15
Croatis
 
Adware:MSIL/Yontoo - Standard

Adware:MSIL/Yontoo



Ups,ja... Entschuldigung das habe ich vergessen.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
malte :: MALTE-PC [administrator]

04.01.2014 18:07:48
mbar-log-2014-01-04 (18-07-48).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 237677
Time elapsed: 24 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Antwort

Themen zu Adware:MSIL/Yontoo
ads, adware, andere, anderen, bluescree, bluescreen, brauch, eingefangen, essen, essentials, gefangen, gen, hochfahren, kriege, lange, microsoft, monate, pop-ups, rechner, security, security essentials, verhält, virus, virus eingefangen, überhaupt



Ähnliche Themen: Adware:MSIL/Yontoo


  1. Virus "MSIL/Adware.iBryt.Xa.k.a Win32: I Bryte.......
    Alles rund um Windows - 15.03.2017 (20)
  2. Win8.1 hat 4 Viren:GenericPOP.x , TR/Dropper.MSIL.Gen,ADWARE.Gen7 und Artemis..
    Log-Analyse und Auswertung - 26.06.2015 (13)
  3. Adware Yontoo und mehr auf dem Computer
    Plagegeister aller Art und deren Bekämpfung - 17.06.2015 (13)
  4. Adware/Yontoo.76776
    Log-Analyse und Auswertung - 25.12.2014 (5)
  5. MSIL/Adware.PullUpdate.A application entdeckt
    Plagegeister aller Art und deren Bekämpfung - 28.03.2014 (9)
  6. win32/adware.yontoo.b anwendung
    Plagegeister aller Art und deren Bekämpfung - 13.03.2014 (7)
  7. Windows 7: Avira findet Trojaner TR/MSIL.Agent.cfgz und ADWARE/DomaIQ.AD
    Log-Analyse und Auswertung - 08.11.2013 (11)
  8. v9.com und adware yontoo.gen
    Log-Analyse und Auswertung - 07.07.2013 (14)
  9. AdWare.IS.Yontoo.a
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (11)
  10. ADWARE/InstallCore.Gen, ADWARE/Yontoo.Gen und ADWARE/InstallCore.E von AVIRA gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  11. Avira meldet ADWARE/Yontoo.E.1
    Plagegeister aller Art und deren Bekämpfung - 13.04.2013 (10)
  12. AVIRA meldet ADWARE/Yontoo.Gen Fund
    Log-Analyse und Auswertung - 13.04.2013 (7)
  13. ADWARE/Yontoo.H Virus/Trojaner wie werde ich das Los? WIN XP
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (1)
  14. ADWARE/Yontoo.E.1 gefunden
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (15)
  15. Virus wurde erkannt: ADWARE/Yontoo.E.1
    Log-Analyse und Auswertung - 12.02.2013 (4)
  16. Fund: EXP/CVE-2012-1723.Z und ADWARE/Yontoo.E.1
    Plagegeister aller Art und deren Bekämpfung - 27.01.2013 (9)
  17. Avira meldet ADWARE/Yontoo.E.1
    Plagegeister aller Art und deren Bekämpfung - 04.01.2013 (12)

Zum Thema Adware:MSIL/Yontoo - Hey, Mein Microsoft Security Essentials zeigt mir an,dass ich Yontoo auf mein PC habe.Die Ads und Pop-ups wurden allerdings mit Hilfe des adwCleaner schon vor 1-2 Monaten behoben und ich - Adware:MSIL/Yontoo...
Archiv
Du betrachtest: Adware:MSIL/Yontoo auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.