Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 15.02.2014, 22:27   #1
Nesk1
 
Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht - Standard

Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht



Hallo,

ich habe vor einigen Tagen versucht das Windowsupdate Programm zu starten, da mein Rechner meiner Meinung nach zuwenig der automatischen Updates installiert hat (im Vergleich zu meinem Rechner auf Arbeit). Und wir ich sehe öffnet sich zwar das Fenster, aber ich sehe sogut wie nichts. Nur einige kryptische Zeichenketten an Stellen wo normalerweise Buttons und Auswahlfelder etc. sein müssten.

Als Virenscanner benutze ich Kaspersky IS 2012. Leider hat er nichts gefunden.
Ich habe danach noch MWBAM laufen lassen. Dieser hat zwar etwas gefunden und entfernt, PUP.Optional.SweetIM.A bzw. PUP.Optional.Conduit.A, aber das Problem bestand immernoch.

Deswegen habe ich noch MWBAR suchen lassen und interressehalber noch aswMBR.

Da die ganzen Logfiles zu gross sind hänge ich das MWBAR und aswMBR Log an.


Und hier die Logs aus eurer Anleitung:

defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:21 on 15/02/2014 (ml)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:AlcoholAutomount -> Removed

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by ml (administrator) on ATLAN on 15-02-2014 22:30:58
Running from C:\Users\ml\Desktop\logs
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files\AMD\OverDrive\AODAssist.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
() C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
() C:\Windows\system32\PnkBstrA.exe
() C:\Windows\system32\PnkBstrB.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(StarWind Software) C:\Program Files\alcohol\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
(Uniblue Systems Limited) C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Creative Technology Ltd.) C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
(Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Windows\System32\CTHELPER.EXE
(Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Corsair Components  Inc) C:\Maus_M90\M90Hid.exe
(Creative Technology Ltd) C:\Windows\SYSTEM32\CTXFISPI.EXE
(Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Creative Technology Ltd) C:\Windows\System32\Ctxfihlp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Pando Networks\Media Booster\PMB.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Creative Technology Ltd) C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
() C:\Program Files\HiSuite\HiSuite.exe
() C:\Users\ml\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Corsair Components  Inc) C:\Maus_M90\CorsTra.exe
(Creative Technology Ltd.) C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
() C:\Users\ml\AppData\Local\HiSuite\userdata\hwtools\hwtransport.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RCSystem] - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [57344 2006-11-22] (Creative Technology Ltd.)
HKLM\...\Run: [AudioDrvEmulator] - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [57344 2006-11-22] (Creative Technology Ltd.)
HKLM\...\Run: [VolPanel] - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [180224 2006-12-06] (Creative Technology Ltd)
HKLM\...\Run: [CTHelper] - C:\Windows\system32\CTHELPER.EXE [19456 2007-03-05] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [ProfilerU] - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [237568 2009-09-11] (Saitek)
HKLM\...\Run: [SaiMfd] - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [131072 2009-09-11] (Saitek)
HKLM\...\Run: [ Malwarebytes Anti-Malware  (reboot)] - "C:\Program Files\Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
HKLM\...\Run: [NPSStartup] - [X]
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [Corsair Garros] - C:\Maus_M90\M90Hid.exe [1768960 2012-05-22] (Corsair Components  Inc)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [CTxfiHlp] - C:\Windows\system32\CTXFIHLP.EXE [25600 2010-05-05] (Creative Technology Ltd)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO)
HKU\.DEFAULT\...\Run: [CtxfiReg] - CTXFIREG.exe /FAIL1
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-27] ()
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Creative MediaSource Go] - C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe [204800 2006-11-09] (Creative Technology Ltd)
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Mobile Partner] - C:\Program Files\HiSuite\HiSuite.exe [583488 2013-07-11] ()
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Amazon Cloud Player] - C:\Users\ml\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\MountPoints2: D - D:\ASRSetup.exe
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\MountPoints2: {cb124b1d-2f7c-11df-997d-6cf04902646e} - F:\Setup.exe
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\MountPoints2: {f4c6a2a3-3b33-11e3-817b-bc5ff40f2dd2} - G:\autorun.exe
Startup: C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Profiler.lnk
ShortcutTarget: Profiler.lnk -> C:\Windows\Installer\{46A219BA-FA02-43B6-8E46-4704B39251DD}\Profiler.exe (Saitek)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10005’
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’
SearchScopes: HKCU - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://tbsearch.ask.com/redirect?client=ie&tb=BTV5&o=10148&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKCU - {47802076-0332-47D7-AB21-698498446961} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.109.121.2 62.109.121.1

FireFox:
========
FF ProfilePath: C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default
FF user.js: detected! => C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\user.js
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1))%20%7B%20return%20'PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\ml\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FT DeepDark - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-02-11]
FF Extension: Firebug - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\firebug@software.joehewitt.com.xpi [2012-12-14]
FF Extension: YouTube MP3 Download - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\jid0-Z0Vu9hJlqV0fhIAPqPfmUCNubYQ@jetpack.xpi [2013-07-20]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-10-19]
FF Extension: TinEye Reverse Image Search - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\tineye@ideeinc.com.xpi [2013-04-19]
FF Extension: NoScript - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-12-14]
FF Extension: FireFTP - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-12-14]
FF Extension: Adblock Plus - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-14]
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011-11-01]
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011-11-01]
FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011-11-01]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-01]

========================== Services (Whitelisted) =================

R2 AODService; C:\Program Files\AMD\OverDrive\AODAssist.exe [136616 2010-04-23] ()
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-03-05] (Creative Labs)
R2 HiSuiteOuc.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe [116032 2013-07-11] ()
R2 HuaweiHiSuiteService.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe [158208 2013-05-02] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [192832 2011-09-19] (NVIDIA)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2014-01-02] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [107832 2014-01-02] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
R2 StarWindServiceAE; C:\Program Files\alcohol\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
S3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [X]

==================== Drivers (Whitelisted) ====================

R3 AmdTools; C:\Windows\System32\DRIVERS\AmdTools.sys [42552 2008-04-28] (AMD, Inc.)
R3 AODDriver2; C:\Program Files\AMD\OverDrive\i386\AODDriver2.sys [36864 2010-04-23] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-07-07] ()
S3 CamDrL; C:\Windows\System32\DRIVERS\Camdrl.sys [1075360 2007-02-03] (Logitech Inc.)
S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [98616 2007-03-05] (Creative Technology Ltd)
R3 CORSGMS; C:\Windows\System32\Drivers\CORSGMS.sys [18432 2012-03-27] ( )
S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [552248 2007-03-05] (Creative Technology Ltd)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2010-05-05] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [174392 2007-03-05] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [286520 2007-03-05] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [134968 2007-03-05] (Creative Technology Ltd)
R3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [329528 2007-03-05] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [101176 2007-03-05] (Creative Technology Ltd)
S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [566584 2007-03-05] (Creative Technology Ltd)
S3 dbustrcm; C:\Users\ml\AppData\Local\Temp\dbustrcm.sys [31744 2013-09-01] ()
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [32384 2011-02-08] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [52352 2011-02-08] (Etron Technology Inc)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [586072 2012-10-31] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [23856 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-07-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-02-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 RivaTuner32; C:\Program Files\RivaTuner\RivaTuner32.sys [9088 2009-08-22] ()
R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [104960 2008-01-21] (Saitek)
S3 SaiK0CEA; C:\Windows\System32\DRIVERS\SaiK0CEA.sys [104960 2008-04-04] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [20744 2009-09-14] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [43656 2009-09-14] (Saitek)
S3 SaiU0CEA; C:\Windows\System32\DRIVERS\SaiU0CEA.sys [28544 2008-04-04] (Saitek)
R1 SAVRKBootTasks; C:\Windows\system32\SAVRKBootTasks.sys [18816 2010-05-26] (Sophos Plc)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-03-14] (Duplex Secure Ltd.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 V0260VID; C:\Windows\System32\DRIVERS\V0260Vid.sys [154560 2007-05-25] (Creative Technology Ltd.)
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [X]
S3 atillk64; \??\C:\Program Files\AMD GPU Clock Tool\atillk64.sys [X]
S3 CT20XUT.DLL; system32\CT20XUT.DLL [X]
S3 CTEXFIFX.DLL; system32\CTEXFIFX.DLL [X]
S3 CTHWIUT.DLL; system32\CTHWIUT.DLL [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2011-10-24] (Huawei Technologies Co., Ltd.)
S3 MEMSWEEP2; \??\C:\Windows\system32\34.tmp [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-15 21:15 - 2014-02-15 21:15 - 00293592 _____ () C:\Users\linuel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-15 21:10 - 2014-02-16 07:08 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-15 21:10 - 2014-02-16 07:08 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-15 21:10 - 2014-02-16 07:08 - 00000000 ____D () C:\Users\linuel
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Startmenü
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Netzwerkumgebung
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Druckumgebung
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Musik
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Bilder
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Local\Verlauf
2014-02-15 15:08 - 2014-02-15 22:22 - 00000340 _____ () C:\Users\ml\defogger_reenable
2014-02-15 13:00 - 2014-02-15 22:30 - 00000000 ____D () C:\FRST
2014-02-13 21:40 - 2014-02-13 22:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-13 21:18 - 2014-02-13 21:19 - 00000109 _____ () C:\Users\ml\Documents\mwb-am.TXT
2014-02-11 23:54 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-11 23:54 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-11 23:54 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-11 23:54 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-11 23:54 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-11 23:54 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-11 23:54 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-11 23:54 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-11 23:54 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-11 23:54 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-11 23:54 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-11 23:54 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-11 23:54 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-11 23:54 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-11 23:54 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-11 23:54 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-11 23:54 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-11 23:54 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-11 23:54 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-11 23:54 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-11 23:54 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-11 23:44 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-11 22:41 - 2014-02-11 22:41 - 04745728 _____ (AVAST Software) C:\Users\ml\Downloads\aswMBR.exe
2014-02-11 22:14 - 2014-02-11 22:15 - 00267492 _____ () C:\Windows\msxml4-KB2758694-deu.LOG
2014-02-11 21:51 - 2014-02-12 18:43 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-11 21:50 - 2014-02-11 21:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ml\Downloads\mbar-1.07.0.1009.exe
2014-02-11 21:49 - 2014-02-11 21:50 - 00000000 ____D () C:\Program Files\Malwarebytes_Anti-Rootkit
2014-02-11 21:45 - 2014-02-11 21:52 - 451422799 _____ (WinFuture) C:\Users\ml\Downloads\WinFuture_7SP1_x86_UpdatePack_2.34_Januar_2014-Vollversion.exe
2014-02-11 21:29 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-11 21:29 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-11 21:29 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 21:29 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-11 21:29 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-11 21:29 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-11 21:29 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-11 21:29 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-11 21:29 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-11 21:29 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-11 21:29 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-11 21:29 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-11 21:29 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-11 21:29 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 20:16 - 2014-02-11 20:32 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-11 20:15 - 2014-02-11 20:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ATLAN-Microsoft-Windows-7-Professional-(32-bit).dat
2014-02-11 20:13 - 2014-02-11 20:13 - 00000000 ____D () C:\RegBackup
2014-02-11 18:23 - 2014-02-11 18:23 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-11 18:20 - 2014-02-11 18:20 - 00000000 ____D () C:\Program Files\Tweaking
2014-02-11 18:17 - 2014-02-11 18:23 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-11 18:17 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-06 18:31 - 2014-02-06 18:31 - 00924173 _____ () C:\Users\ml\Downloads\BrMain480.exe
2014-02-06 18:04 - 2014-02-16 07:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-02 01:10 - 2014-02-02 01:10 - 00000000 ____D () C:\Users\ml\AppData\Local\BigHugeEngine
2014-01-26 00:47 - 2014-01-26 00:47 - 22607745 _____ () C:\Users\ml\Downloads\ufoaftershock_patch_1_2-including_previous_patch.zip
2014-01-26 00:45 - 2014-01-26 00:45 - 03123262 _____ () C:\Users\ml\Downloads\ufo_aftershock_patch_1_3.zip
2014-01-26 00:45 - 2014-01-26 00:45 - 03122287 _____ () C:\Users\ml\Downloads\Ufo-Aftershock-Patch-1.3.zip
2014-01-26 00:44 - 2014-01-26 00:44 - 02028396 _____ () C:\Users\ml\Downloads\UFO_Aftershock_v1.2.1_Patch.zip
2014-01-26 00:41 - 2014-01-27 21:52 - 00000635 _____ () C:\Users\Public\Desktop\UFO Aftershock.lnk
2014-01-21 21:29 - 2014-01-21 21:29 - 03669884 _____ () C:\Users\ml\Downloads\DarkHorizon_v1.0.6.0_Patch.zip
2014-01-21 18:57 - 2014-02-16 07:09 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-01-21 18:57 - 2014-01-30 20:41 - 00001159 _____ () C:\Users\ml\Desktop\Amazon Cloud Player.lnk
2014-01-21 18:57 - 2014-01-30 20:41 - 00000000 ____D () C:\Users\ml\AppData\Local\Amazon Cloud Player
2014-01-20 21:46 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-20 21:46 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-20 21:46 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-20 21:46 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-20 21:45 - 2014-01-20 21:46 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log

==================== One Month Modified Files and Folders =======

2014-02-16 07:09 - 2014-02-06 18:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-16 07:09 - 2014-01-21 18:57 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-02-16 07:09 - 2013-05-18 01:29 - 00000000 ____D () C:\Users\ml\Downloads\sound
2014-02-16 07:09 - 2012-08-16 19:31 - 00000000 ____D () C:\Users\ml\AppData\Local\CCP
2014-02-16 07:09 - 2012-07-01 19:20 - 00000000 ____D () C:\Users\ml\Downloads\ydkj
2014-02-16 07:09 - 2012-05-05 06:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-16 07:09 - 2012-04-21 23:27 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision
2014-02-16 07:09 - 2012-03-02 17:00 - 00000000 ____D () C:\Users\ml\Downloads\mflpro
2014-02-16 07:09 - 2011-12-13 17:50 - 00000000 ____D () C:\Users\ml\Downloads\cpu-z
2014-02-16 07:09 - 2011-12-10 17:16 - 00000000 ____D () C:\Program Files\CrystalDiskInfo
2014-02-16 07:09 - 2011-12-05 23:24 - 00000000 ____D () C:\Users\ml\Downloads\RoT
2014-02-16 07:09 - 2011-07-17 00:33 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
2014-02-16 07:09 - 2011-06-12 21:35 - 00000000 ____D () C:\Users\ml\Downloads\directx9c
2014-02-16 07:09 - 2011-03-06 01:01 - 00000000 ____D () C:\Users\ml\Downloads\xbox360ce
2014-02-16 07:09 - 2010-10-03 09:05 - 00000000 ____D () C:\Users\ml\Downloads\gpg
2014-02-16 07:09 - 2010-07-28 18:08 - 00000000 ____D () C:\Users\ml\AppData\Roaming\vlc
2014-02-16 07:09 - 2010-05-02 09:31 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-16 07:09 - 2010-04-28 19:40 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-16 07:09 - 2010-04-06 18:55 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2014-02-16 07:09 - 2010-03-20 12:57 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-16 07:09 - 2010-03-20 12:55 - 00000000 ____D () C:\Program Files\Steam
2014-02-16 07:09 - 2010-03-05 01:04 - 00000000 ____D () C:\Windows\system32\Data
2014-02-16 07:09 - 2010-03-05 00:14 - 00000000 ___RD () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-16 07:09 - 2010-03-05 00:14 - 00000000 ___RD () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-16 07:09 - 2010-03-05 00:14 - 00000000 ____D () C:\Users\ml
2014-02-16 07:09 - 2010-02-08 23:40 - 00000000 ____D () C:\spiele
2014-02-16 07:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-02-16 07:08 - 2014-02-15 21:10 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-16 07:08 - 2014-02-15 21:10 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-16 07:08 - 2014-02-15 21:10 - 00000000 ____D () C:\Users\linuel
2014-02-16 07:08 - 2013-10-30 23:57 - 00000000 ____D () C:\Users\ml\Downloads\simc-540-5-win32
2014-02-16 07:08 - 2012-11-11 11:45 - 00000000 ____D () C:\Users\ml\Downloads\Sine.Mora-SKIDROW-LaVerta.part1
2014-02-16 07:08 - 2012-11-04 10:41 - 00000000 ____D () C:\Users\ml\Downloads\wordpress_342-de
2014-02-16 07:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-02-16 07:07 - 2013-10-22 22:39 - 00000000 ____D () C:\Users\ml\Downloads\HiSuiteSetup_v1.8.10.1706
2014-02-16 07:07 - 2012-11-10 13:29 - 00000000 ____D () C:\Users\ml\Downloads\contact-form-7331
2014-02-16 07:07 - 2011-05-17 18:33 - 00000000 ____D () C:\Users\ml\Downloads\Mainboard_Treiber
2014-02-16 07:07 - 2010-07-23 19:04 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Malwarebytes
2014-02-15 22:31 - 2011-01-01 10:54 - 00000000 ____D () C:\Users\ml\AppData\Local\PMB Files
2014-02-15 22:30 - 2014-02-15 13:00 - 00000000 ____D () C:\FRST
2014-02-15 22:30 - 2010-03-05 00:07 - 01738313 _____ () C:\Windows\WindowsUpdate.log
2014-02-15 22:30 - 2009-07-14 05:34 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-15 22:30 - 2009-07-14 05:34 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-15 22:29 - 2010-03-05 00:16 - 01644414 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-15 22:28 - 2010-03-05 00:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-15 22:25 - 2011-12-10 17:37 - 00000322 _____ () C:\Windows\Tasks\DriverScanner.job
2014-02-15 22:25 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-15 22:24 - 2012-04-21 23:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-15 22:24 - 2009-07-14 05:39 - 00179220 _____ () C:\Windows\setupact.log
2014-02-15 22:22 - 2014-02-15 15:08 - 00000340 _____ () C:\Users\ml\defogger_reenable
2014-02-15 21:15 - 2014-02-15 21:15 - 00293592 _____ () C:\Users\linuel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Startmenü
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Netzwerkumgebung
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Druckumgebung
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Musik
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Bilder
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Local\Verlauf
2014-02-13 22:52 - 2014-02-13 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-13 21:19 - 2014-02-13 21:18 - 00000109 _____ () C:\Users\ml\Documents\mwb-am.TXT
2014-02-12 19:55 - 2012-07-05 16:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-12 19:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 18:43 - 2014-02-11 21:51 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-11 22:41 - 2014-02-11 22:41 - 04745728 _____ (AVAST Software) C:\Users\ml\Downloads\aswMBR.exe
2014-02-11 22:15 - 2014-02-11 22:14 - 00267492 _____ () C:\Windows\msxml4-KB2758694-deu.LOG
2014-02-11 22:14 - 2011-04-03 13:47 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-11 22:08 - 2011-07-19 19:14 - 00086016 ___SH () C:\Users\ml\Documents\Thumbs.db
2014-02-11 21:56 - 2013-11-24 02:17 - 00012248 _____ () C:\Windows\IE11_main.log
2014-02-11 21:52 - 2014-02-11 21:45 - 451422799 _____ (WinFuture) C:\Users\ml\Downloads\WinFuture_7SP1_x86_UpdatePack_2.34_Januar_2014-Vollversion.exe
2014-02-11 21:50 - 2014-02-11 21:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ml\Downloads\mbar-1.07.0.1009.exe
2014-02-11 21:50 - 2014-02-11 21:49 - 00000000 ____D () C:\Program Files\Malwarebytes_Anti-Rootkit
2014-02-11 21:25 - 2010-03-05 01:56 - 00293592 _____ () C:\Users\ml\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-11 21:13 - 2009-07-14 05:33 - 02828184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-11 21:12 - 2010-03-05 01:45 - 00234518 _____ () C:\Windows\PFRO.log
2014-02-11 20:32 - 2014-02-11 20:16 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-11 20:15 - 2014-02-11 20:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ATLAN-Microsoft-Windows-7-Professional-(32-bit).dat
2014-02-11 20:13 - 2014-02-11 20:13 - 00000000 ____D () C:\RegBackup
2014-02-11 18:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-02-11 18:44 - 2012-04-01 10:50 - 00000000 ____D () C:\Program Files\SweetIM
2014-02-11 18:23 - 2014-02-11 18:23 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-11 18:23 - 2014-02-11 18:17 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-11 18:20 - 2014-02-11 18:20 - 00000000 ____D () C:\Program Files\Tweaking
2014-02-09 12:25 - 2010-03-14 13:28 - 00000354 _____ () C:\Windows\Tasks\At1.job
2014-02-08 23:15 - 2014-01-10 18:09 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Awesomium
2014-02-06 19:23 - 2012-04-11 19:14 - 00000000 ____D () C:\ProgramData\Origin
2014-02-06 19:21 - 2012-04-11 19:18 - 00000000 ____D () C:\Program Files\Origin
2014-02-06 18:31 - 2014-02-06 18:31 - 00924173 _____ () C:\Users\ml\Downloads\BrMain480.exe
2014-02-06 18:24 - 2010-03-20 09:32 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-02-06 18:04 - 2013-12-16 21:18 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-06 11:38 - 2014-02-11 23:54 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:20 - 2014-02-11 23:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:19 - 2014-02-11 23:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:01 - 2014-02-11 23:54 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:00 - 2014-02-11 23:54 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-11 23:54 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 10:52 - 2014-02-11 23:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:52 - 2014-02-11 23:54 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:49 - 2014-02-11 23:54 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:47 - 2014-02-11 23:54 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:47 - 2014-02-11 23:54 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:46 - 2014-02-11 23:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:34 - 2014-02-11 23:54 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:25 - 2014-02-11 23:54 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:25 - 2014-02-11 23:54 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:13 - 2014-02-11 23:54 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:09 - 2014-02-11 23:54 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:03 - 2014-02-11 23:54 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:41 - 2014-02-11 23:54 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:36 - 2014-02-11 23:54 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:34 - 2014-02-11 23:54 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-05 21:55 - 2012-05-14 23:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-05 21:55 - 2011-05-19 18:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-03 23:24 - 2010-03-05 16:33 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Skype
2014-02-03 20:14 - 2010-03-06 14:47 - 00000000 ____D () C:\Users\ml\AppData\Roaming\TS3Client
2014-02-02 20:56 - 2013-10-04 19:02 - 00000000 ____D () C:\Users\ml\AppData\Local\Battle.net
2014-02-02 01:10 - 2014-02-02 01:10 - 00000000 ____D () C:\Users\ml\AppData\Local\BigHugeEngine
2014-01-30 20:41 - 2014-01-21 18:57 - 00001159 _____ () C:\Users\ml\Desktop\Amazon Cloud Player.lnk
2014-01-30 20:41 - 2014-01-21 18:57 - 00000000 ____D () C:\Users\ml\AppData\Local\Amazon Cloud Player
2014-01-29 22:08 - 2010-03-20 12:55 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-01-27 21:52 - 2014-01-26 00:41 - 00000635 _____ () C:\Users\Public\Desktop\UFO Aftershock.lnk
2014-01-26 00:47 - 2014-01-26 00:47 - 22607745 _____ () C:\Users\ml\Downloads\ufoaftershock_patch_1_2-including_previous_patch.zip
2014-01-26 00:45 - 2014-01-26 00:45 - 03123262 _____ () C:\Users\ml\Downloads\ufo_aftershock_patch_1_3.zip
2014-01-26 00:45 - 2014-01-26 00:45 - 03122287 _____ () C:\Users\ml\Downloads\Ufo-Aftershock-Patch-1.3.zip
2014-01-26 00:44 - 2014-01-26 00:44 - 02028396 _____ () C:\Users\ml\Downloads\UFO_Aftershock_v1.2.1_Patch.zip
2014-01-26 00:40 - 2010-03-05 00:40 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-01-21 21:29 - 2014-01-21 21:29 - 03669884 _____ () C:\Users\ml\Downloads\DarkHorizon_v1.0.6.0_Patch.zip
2014-01-20 21:46 - 2014-01-20 21:45 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-20 21:46 - 2013-10-17 21:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-20 21:46 - 2012-03-18 15:32 - 00000000 ____D () C:\Program Files\Java
2014-01-20 21:43 - 2010-03-14 16:43 - 00000000 ____D () C:\Users\ml\AppData\Local\Adobe
2014-01-18 18:21 - 2013-10-09 18:16 - 00000000 ____D () C:\Program Files\Hearthstone
2014-01-17 22:32 - 2013-10-04 19:02 - 00000000 ____D () C:\Program Files\Battle.net
2014-01-17 22:32 - 2012-05-14 18:11 - 00000000 ____D () C:\Program Files\Diablo III
2014-01-17 16:58 - 2012-11-21 21:56 - 00015726 _____ () C:\Users\ml\Documents\Geburtstage_Adressen.odt
2014-01-17 16:36 - 2010-03-05 01:02 - 00073312 _____ () C:\Windows\DirectX.log
2014-01-17 00:10 - 2010-03-05 01:58 - 00000000 ____D () C:\Windows\system32\directx
2014-01-17 00:09 - 2010-10-03 09:06 - 00000000 ____D () C:\Program Files\THQ

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Users\ml\AppData\Local\Temp\11-8_vista32_win7_32_dd_ccc_ocl.exe
C:\Users\ml\AppData\Local\Temp\CheatEngine63Clean.exe
C:\Users\ml\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\ml\AppData\Local\Temp\CTPBSeq.exe
C:\Users\ml\AppData\Local\Temp\devcon.exe
C:\Users\ml\AppData\Local\Temp\DivXSetup.exe
C:\Users\ml\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\ml\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\ml\AppData\Local\Temp\GdiPlus.dll
C:\Users\ml\AppData\Local\Temp\installerdll.dll
C:\Users\ml\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\ml\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\mbam-setup.exe
C:\Users\ml\AppData\Local\Temp\MSVBVM60.DLL
C:\Users\ml\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\ml\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Users\ml\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\ml\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\ml\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\ml\AppData\Local\Temp\nvStInst.exe
C:\Users\ml\AppData\Local\Temp\patchw32.dll
C:\Users\ml\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\ml\AppData\Local\Temp\SIntf16.dll
C:\Users\ml\AppData\Local\Temp\SIntf32.dll
C:\Users\ml\AppData\Local\Temp\SIntfNT.dll
C:\Users\ml\AppData\Local\Temp\SkypeSetup.exe
C:\Users\ml\AppData\Local\Temp\tmp4CE7.exe
C:\Users\ml\AppData\Local\Temp\tmp508F.exe
C:\Users\ml\AppData\Local\Temp\tmp5F8D.exe
C:\Users\ml\AppData\Local\Temp\tmp61AF.exe
C:\Users\ml\AppData\Local\Temp\tmp7010.exe
C:\Users\ml\AppData\Local\Temp\tmp96A3.exe
C:\Users\ml\AppData\Local\Temp\Uninst.exe
C:\Users\ml\AppData\Local\Temp\_is77CF.exe
C:\Users\ml\AppData\Local\Temp\_isE495.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 13:54

==================== End Of Log ============================
         
--- --- ---




Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01
Ran by ml at 2014-02-15 22:31:35
Running from C:\Users\ml\Desktop\logs
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

[translation missing: EVERemoveOnly] (Version:  - CCP Games Ltd.)
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Director 11.5 (Version: 11.5 - Adobe Systems Incorporated)
Adobe Director 11.5 (Version: 11.5 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (Version: 1.1 - Adobe Systems Incorporated)
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) - Deutsch (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 11.5 (Version: 11.5.6.606 - Adobe Systems, Inc.)
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Age of Empires Online (Version:  - Microsoft)
Amazon Cloud Player (HKCU Version: 2.3.0.422 - Amazon Services LLC)
Amazon MP3-Downloader 1.0.17 (Version: 1.0.17 - Amazon Services LLC)
AMD Catalyst Install Manager (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
AMD GPU Clock Tool (Version: 0.9.26.0 - Advanced Micro Devices Inc.)
AMD OverDrive (Version: 3.2.1.0439 - Advanced Micro Devices, Inc.)
Apple Application Support (Version: 2.3 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.35 - Atheros Communications Inc.)
Bastion (Version:  - Supergiant Games)
Battle.net (Version:  - Blizzard Entertainment)
Binary Domain (Version:  - Sega)
BioShock 2 (Version:  - 2K Games)
BitTorrent (Version: 6.4.0 - BitTorrent, Inc)
Brother MFL-Pro Suite MFC-260C (Version: 1.0.2.0 - Brother Industries, Ltd.)
Brütal Legend (Version:  - Double Fine Productions)
Bundled software uninstaller (Version:  - ) <==== ATTENTION
Catalyst Control Center InstallProxy (Version: 2012.0309.43.976 - Advanced Micro Devices, Inc.) Hidden
Cheat Engine 6.3 (Version:  - Cheat Engine)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Corsair M90 Firmware Update Application (Version:  - )
Corsair M90 Maustreiber V1.0 (Version: 1.00.00.25 - )
Creative ALchemy (Version: 1.41 - Creative Technology Limited)
Creative Audio-Systemsteuerung (Version: 2.00 - Creative Technology Limited)
Creative Konsole Starter (Version:  - Creative Technology Limited)
Creative Live! Cam Center (Version:  - )
Creative Live! Cam Vista IM Driver (1.10.04.00) (Version:  - )
Creative MediaSource 5 (Version: 5.00 - )
Creative Software AutoUpdate (Version: 1.40 - Creative Technology Limited)
Creative WaveStudio 7 (Version: 7.14 - Creative Technology Limited)
CrystalDiskInfo 4.1.4 (Version: 4.1.4 - Crystal Dew World)
Dark Horizon (Version:  - Paradox Interactive)
Darksiders II (Version:  - Vigil Games)
DarksidersInstaller (Version: 1.00.1000 - Ihr Firmenname)
Dead Space™ 2 (Version: 1.0.941.0 - Electronic Arts)
Deus Ex: Human Revolution - The Missing Link (Version:  - Eidos Montreal)
Deus Ex: Human Revolution (Version:  - Eidos Montreal)
Devil May Cry 4 (Version:  - Capcom)
Diablo III (Version:  - Blizzard Entertainment)
Disciples III: Renaissance (Version:  - Akella)
Dishonored (Version: 1.0 - Bethesda Softworks)
DivX Converter (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (Version:  - DivX, Inc.)
DivX Version Checker (Version: 7.1.0.9 - DivX, Inc.)
DivX-Setup (Version: 2.6.1.44 - DivX, LLC)
Duke Nukem Forever (Version:  - Gearbox Software)
Eigenschaften von Creative Sound Blaster (Version: 1.02 - Creative Technology Limited)
ElsterFormular (Version: 14.1.11318 - Landesfinanzdirektion Thüringen)
Endless Space (Version:  - Amplitude Studios)
Essential XML Editor (Version:  - Dieter Köhler)
Essential XML Editor (Version: 1.6.4 - Dieter Köhler) Hidden
Etron USB3.0 Host Controller (Version: 0.96 - Etron Technology)
Etron USB3.0 Host Controller (Version: 0.96 - Etron Technology) Hidden
EVEREST Home Edition v2.20 (Version: 2.20 - Lavalys Inc)
EVGA Precision 2.0.4 (Version: 2.0.4 - EVGA Corporation)
Fallout: New Vegas (Version:  - Bethesda Softworks)
Far Cry 2 (Version:  - Ubisoft Montreal)
FileZilla Client 3.6.0.2 (Version: 3.6.0.2 - FileZilla Project)
Fraps (Version:  - )
GECK - New Vegas Edition (Version:  - )
GPGNet (Version: 1.0.0 - Gas Powered Games)
HiSuite (Version: 32.610.20.00.06 - Huawei Technologies Co.,Ltd)
Hydrophobia: Prophecy (Version:  - Dark Energy Digital)
Impulse (Version: 1.0 - Stardock Corporation) Hidden
Impulse (Version: 1.0 - Stardock)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 29 (Version: 6.0.290 - Oracle)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kaspersky Internet Security 2012 (Version: 12.0.0.374 - Kaspersky Lab)
Kaspersky Internet Security 2012 (Version: 12.0.0.374 - Kaspersky Lab) Hidden
Kingdoms of Amalur: Reckoning™ (Version:  - Big Huge Games)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Legendary (Version:  - Gamecock)
LOST PLANET 2 (Version: 1.0.0.129 - CAPCOM CO., LTD.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mass Effect (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (Version: 1.01 - Electronic Arts, Inc.)
Mass Effect™ 3 (Version: 1.05.0.0 - Electronic Arts)
MechWarrior Online (HKCU Version: 1.2.0.0 - Piranha Games Inc.)
MechWarrior Online (Version: 1.2.0.0 - Piranha Games Inc.) Hidden
Metro 2033 (Version:  - THQ)
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0 - Microsoft Corporation)
Might & Magic Heroes VI (Version: 1.1.1 - Ubisoft)
Mozilla Firefox 27.0 (x86 de) (Version: 27.0 - Mozilla)
Mozilla Maintenance Service (Version: 27.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (Version: 24.3.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA Drivers (Version: 1.10 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA Performance (Version: 6.5 - NVIDIA Corporation)
NVIDIA Performance (Version: 6.5 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA System Monitor (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Monitor (Version: 6.5 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
OpenAL (Version:  - )
OpenOffice.org 3.3 (Version: 3.3.9567 - OpenOffice.org)
Origin (Version: 8.5.2.23 - Electronic Arts, Inc.)
Overlord II (Version:  - Codemasters)
oZone3D.Net FurMark v1.8.2 (Version:  - oZone3D.Net)
Pando Media Booster (Version: 2.3.6.0 - Pando Networks Inc.)
PC Connectivity Solution (Version: 8.15.0.0 - Nokia)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Pflanzen gegen Zombies Version 1.0.4.7924 (Version: 1.0.4.7924 - UGP)
Pharao (Version:  - )
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Portal (Version:  - Valve)
Portal 2 (Version:  - Valve)
PSPad editor (Version:  - Jan Fiala)
PunkBuster Services (Version: 0.986 - Even Balance, Inc.)
QuickTime (Version: 7.74.80.86 - Apple Inc.)
RAGE (Version:  - id Software)
Realtek Ethernet Controller  Driver (Version: 1.00.0008 - Realtek)
Red Faction Guerrilla (Version: 1.00.0000 - Volition Inc.)
Red Faction Guerrilla (Version: 1.00.0000 - Volition Inc.) Hidden
Red Faction: Armageddon (Version:  - Volition)
Rise of the Triad (Version:  - Interceptor Entertainment)
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (Version: v2.24 MSI Master Overclocking Arena 2009 edition - Alexey Nicolaychuk)
Saitek SD6 Programming Software 6.7.5.2 (Version: 6.7.5.2 - Saitek)
Samsung Mobile phone USB driver Drive Software (Version:  - )
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung New PC Studio USB Driver Installer (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio USB Driver Installer (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
SamsungConnectivityCableDriver (Version: 6.83.6.2.1 - Samsung)
Scan2PDF 1.6 (Version:  - Koma-Code)
Sine Mora (Version:  - )
Sins of a Solar Empire - Diplomacy (Version:  - Stardock Corporation)
Sins of a Solar Empire - Entrenchment (Version:  - Stardock Corporation)
Sins of a Solar Empire (Version:  - Stardock Corporation)
Sins of a Solar Empire: Rebellion Beta (Version:  - )
Skype Click to Call (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
Sound Blaster X-Fi (Version: 1.0 - )
Star Conflict (Version:  - )
Star Wars(TM): Knights of the Old Republic (TM) (Version:  - )
Steam (Version: 1.0.0.0 - Valve Corporation)
Strike Suit Zero (Version:  - )
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
SweetIM for Messenger 3.6 (Version: 3.6.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
SweetPacks Toolbar for Internet Explorer 4.4 (Version: 4.4.0001 - SweetIM Technologies Ltd.) <==== ATTENTION
TeamSpeak 2 RC2 (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TeamViewer 9 (Version: 9.0.24951 - TeamViewer)
The Bureau: XCOM Declassified (Version:  - 2K Marin)
The Elder Scrolls Online Beta (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (Version:  - Bethesda Game Studios)
Thief - Deadly Shadows (Version: 1.0 - )
Tomb Raider (Version:  - Crystal Dynamics)
Tweaking.com - Windows Repair (All in One) (Version: 2.3.0 - Tweaking.com)
Ubisoft Game Launcher (Version: 1.0.0.0 - UBISOFT)
UFO Aftermath (Version: 1.4 - )
UFO Aftershock (Version: 1.0 - )
UFO Aftershock Patch 1.2.1 (Version:  - 1C Publishing EU)
UFO: Afterlight (Version:  - Altar Games)
Uniblue DriverScanner (Version: 4.0.3.4 - Uniblue Systems Ltd)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update Manager B09.0908.1 (Version: 1.00.0000 - GIGABYTE)
Update Manager B09.0908.1 (Version: 1.00.0000 - GIGABYTE) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.8 (Version: 2.0.8 - VideoLAN)
Warhammer 40,000 Space Marine (Version:  - Relic)
Warhammer® 40,000®: Dawn of War® II – Retribution™ (Version:  - Relic)
Warhammer® 40,000™: Dawn of War® II (Version:  - Relic)
WinAce Archiver (Version: 2.69 - e-merge GmbH)
Windows Live Communications Platform (Version: 14.0.8098.930 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0 - Nokia)
WinRAR (Version:  - )
World of Logs Client (4.2) (HKCU Version:  - Digibites Technology)
World of Warcraft (Version:  - Blizzard Entertainment)
XCOM: Enemy Unknown (Version:  - Firaxis Games)

==================== Restore Points  =========================

11-02-2014 17:14:59 Windows Update
11-02-2014 19:13:31 Tweaking.com - Windows Repair
11-02-2014 22:40:54 Windows Update
12-02-2014 19:46:59 Malwarebytes Anti-Rootkit Restore Point
15-02-2014 21:17:51 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2014-02-11 20:29 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1550374E-B1F1-438A-9332-79E0ACA35FB7} - \At1 No Task File
Task: {2EC1CB48-68BF-4F58-AB5A-016EE4A259D2} - System32\Tasks\DriverScanner => C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe [2011-10-20] (Uniblue Systems Limited)
Task: {45FD44A8-359B-433D-B834-D0888E959F68} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {99344698-6568-444F-9F70-24F618621AF1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CA5BEFE0-E91B-41B4-A3FB-B808E63B79FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => C:\Windows\system32\compaact.exe
Task: C:\Windows\Tasks\DriverScanner.job => C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe

==================== Loaded Modules (whitelisted) =============

2012-11-29 22:59 - 2012-11-29 22:59 - 00093696 _____ () C:\Program Files\FileZilla\fzshellext.dll
2010-03-08 23:12 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2010-03-05 01:03 - 2009-02-06 17:52 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2010-03-05 01:03 - 2009-03-26 13:46 - 00148480 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2011-04-24 23:13 - 2011-04-24 23:13 - 02118032 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 07008656 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 02089360 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 01270160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00192912 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00758160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
2011-04-20 19:56 - 2011-04-20 19:56 - 00025088 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
2012-07-10 19:22 - 2012-05-14 11:43 - 00043008 _____ () C:\Maus_M90\hidGetKey.dll
2013-02-13 03:37 - 2013-02-13 03:37 - 01263952 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-02-13 03:38 - 2013-02-13 03:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2010-03-05 01:04 - 2006-06-09 14:20 - 00003072 _____ () C:\Windows\CTXFIGER.DLL
2011-01-01 10:54 - 2011-08-27 00:16 - 03077528 _____ () C:\Program Files\Pando Networks\Media Booster\PMB.exe
2013-07-11 15:46 - 2013-07-11 15:46 - 00583488 _____ () C:\Program Files\HiSuite\HiSuite.exe
2013-07-11 15:47 - 2013-07-11 15:47 - 00634176 _____ () C:\Program Files\HiSuite\core.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00302912 _____ () C:\Program Files\HiSuite\sdk.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00017832 _____ () C:\Program Files\HiSuite\mingwm10.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00049472 _____ () C:\Program Files\HiSuite\libgcc_s_dw2-1.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 02421568 _____ () C:\Program Files\HiSuite\QtCore4.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00911168 _____ () C:\Program Files\HiSuite\QtNetwork4.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 07723328 _____ () C:\Program Files\HiSuite\QtGui4.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 12326208 _____ () C:\Program Files\HiSuite\QtWebKit4.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00262464 _____ () C:\Program Files\HiSuite\phonon4.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00855872 _____ () C:\Program Files\HiSuite\Proxy.DLL
2013-07-11 15:47 - 2013-07-11 15:47 - 00764224 _____ () C:\Program Files\HiSuite\Common.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00535360 _____ () C:\Program Files\HiSuite\Trace.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00596288 _____ () C:\Program Files\HiSuite\PluginContainer.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 01475392 _____ () C:\Program Files\HiSuite\AtComm.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00759616 _____ () C:\Program Files\HiSuite\AddrBookSrvPlugin.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00751424 _____ () C:\Program Files\HiSuite\vCardvCalPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00105792 _____ () C:\Program Files\HiSuite\CryptPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00586560 _____ () C:\Program Files\HiSuite\CalendarPlugin.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00558400 _____ () C:\Program Files\HiSuite\XCodec.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00953664 _____ () C:\Program Files\HiSuite\DeviceAppPlugin.dll
2013-07-11 15:46 - 2013-07-11 15:46 - 00635200 _____ () C:\Program Files\HiSuite\ADB.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00504640 _____ () C:\Program Files\HiSuite\OSPowerMgr.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00768832 _____ () C:\Program Files\HiSuite\XObex.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00070976 _____ () C:\Program Files\HiSuite\obex.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00613184 _____ () C:\Program Files\HiSuite\ADBAdapt.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00637760 _____ () C:\Program Files\HiSuite\OSAdapt.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00108864 _____ () C:\Program Files\HiSuite\SmsSrvPlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00687936 _____ () C:\Program Files\HiSuite\SmsAppPlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00844608 _____ () C:\Program Files\HiSuite\SyncPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00540480 _____ () C:\Program Files\HiSuite\APKManagerPlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00572736 _____ () C:\Program Files\HiSuite\MusicPlaySrvPlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00551744 _____ () C:\Program Files\HiSuite\ImageMgrSrvPlugin.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00089408 _____ () C:\Program Files\HiSuite\plugins\imageformats\qgif4.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00088384 _____ () C:\Program Files\HiSuite\plugins\imageformats\qico4.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00198464 _____ () C:\Program Files\HiSuite\plugins\imageformats\qjpeg4.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00357184 _____ () C:\Program Files\HiSuite\plugins\imageformats\qmng4.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00078656 _____ () C:\Program Files\HiSuite\plugins\imageformats\qsvg4.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00305984 _____ () C:\Program Files\HiSuite\QtSvg4.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00376640 _____ () C:\Program Files\HiSuite\plugins\imageformats\qtiff4.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00253248 _____ () C:\Program Files\HiSuite\XFramePlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00332096 _____ () C:\Program Files\HiSuite\QtXml4.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00222016 _____ () C:\Program Files\HiSuite\QtSql4.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00147264 _____ () C:\Program Files\HiSuite\StatusBarMgrPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 01233216 _____ () C:\Program Files\HiSuite\AddrBookUIPlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00208704 _____ () C:\Program Files\HiSuite\SettingUIPlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00170304 _____ () C:\Program Files\HiSuite\RelationPlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 01483072 _____ () C:\Program Files\HiSuite\SMSUIPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00598336 _____ () C:\Program Files\HiSuite\CalendarUIPlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00273216 _____ () C:\Program Files\HiSuite\TaskUIPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00222528 _____ () C:\Program Files\HiSuite\DownLoadPlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00106816 _____ () C:\Program Files\HiSuite\NotifyServicePlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 01455936 _____ () C:\Program Files\HiSuite\ImExportUIPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00159040 _____ () C:\Program Files\HiSuite\GmailOperation.DLL
2013-07-11 15:48 - 2013-07-11 15:48 - 00993600 _____ () C:\Program Files\HiSuite\libxml2.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00084288 _____ () C:\Program Files\HiSuite\zlib1.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00211264 _____ () C:\Program Files\HiSuite\Outlook.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00137536 _____ () C:\Program Files\HiSuite\OutlookExpress.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00119616 _____ () C:\Program Files\HiSuite\LayoutPlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00227136 _____ () C:\Program Files\HiSuite\ModuleTreePlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00274752 _____ () C:\Program Files\HiSuite\HomeUIPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00897344 _____ () C:\Program Files\HiSuite\AppManagerUIPlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 01560896 _____ () C:\Program Files\HiSuite\QtScript4.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 01182528 _____ () C:\Program Files\HiSuite\MusicMgrUIPlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00713024 _____ () C:\Program Files\HiSuite\ImageMgrUIPlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00239424 _____ () C:\Program Files\HiSuite\ScreenShotUIPlugin.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 02308928 _____ () C:\Program Files\HiSuite\UpdateUIPlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00087360 _____ () C:\Program Files\HiSuite\HWEMUIEditToolsUIPlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00083264 _____ () C:\Program Files\HiSuite\LogoPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00916288 _____ () C:\Program Files\HiSuite\DeviceMgrUIPlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00552768 _____ () C:\Program Files\HiSuite\SyncUIPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 02282304 _____ () C:\Program Files\HiSuite\BackUpUIPlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00203584 _____ () C:\Program Files\HiSuite\MenuMgrPlugin.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00364864 _____ () C:\Program Files\HiSuite\WebKitUIPlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00171328 _____ () C:\Program Files\HiSuite\KuwoWebUIPlugin.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00832320 _____ () C:\Program Files\HiSuite\UpdateSrvPlugin.dll
2014-01-21 18:57 - 2014-01-14 20:46 - 03140608 _____ () C:\Users\ml\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2013-10-22 22:42 - 2013-07-11 15:50 - 00821568 _____ () C:\Users\ml\AppData\Local\HiSuite\userdata\hwtools\hwtransport.exe
2014-02-15 12:16 - 2014-02-06 18:04 - 03583600 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: AODDriver4.01
Description: AODDriver4.01
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.01
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2014 10:26:11 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ProfilerU.exe, Version: 6.7.5.2, Zeitstempel: 0x4aaa3efd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00381874
ID des fehlerhaften Prozesses: 0x105c
Startzeit der fehlerhaften Anwendung: 0xProfilerU.exe0
Pfad der fehlerhaften Anwendung: ProfilerU.exe1
Pfad des fehlerhaften Moduls: ProfilerU.exe2
Berichtskennung: ProfilerU.exe3

Error: (02/15/2014 10:01:14 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80040154, Klasse nicht registriert
.


Vorgang:
   Generator wird abonniert

Kontext:
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {828bf9ee-08b7-401d-b79d-69d30233d473}

Error: (02/15/2014 10:01:14 PM) (Source: VSS) (User: )
Description: Fehler im Volumenschattenkopie-Dienst: Eine vom Volumenschattenkopie-Dienst benötigte kritische Komponente ist nicht registriert.
Dies kann geschehen, wenn bei der Windows-Installation oder bei der Installation eines Schattenkopieanbieters ein Fehler aufgetreten ist.
Der von CoCreateInstance für die Klasse mit CLSID "{4e14fba2-2e22-11d1-9964-00c04fbbb345}" und dem Namen "CEventSystem" zurückgegebene Fehler ist [0x80040154, Klasse nicht registriert
].


Vorgang:
   Generator wird abonniert

Kontext:
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {828bf9ee-08b7-401d-b79d-69d30233d473}

Error: (02/15/2014 10:01:14 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.MapPI> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	(HRESULT : 0x80040154) (0x80040154)

Error: (02/15/2014 10:01:06 PM) (Source: SecurityCenter) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.

Error: (02/15/2014 09:42:47 PM) (Source: WinMgmt) (User: )
Description: 0x80041014

Error: (02/15/2014 09:42:42 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	(HRESULT : 0x80040154) (0x80040154)

Error: (02/15/2014 09:42:42 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	(HRESULT : 0x80040154) (0x80040154)

Error: (02/15/2014 09:42:42 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	(HRESULT : 0x80040154) (0x80040154)

Error: (02/15/2014 09:42:39 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.MapPI> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	(HRESULT : 0x80040154) (0x80040154)


System errors:
=============
Error: (02/15/2014 10:25:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (02/15/2014 10:11:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (02/15/2014 10:01:22 PM) (Source: DCOM) (User: )
Description: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

Error: (02/15/2014 10:00:54 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Skype Updater erreicht.

Error: (02/15/2014 10:00:53 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Center-Planerdienst erreicht.

Error: (02/15/2014 10:00:53 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Center-Empfängerdienst erreicht.

Error: (02/15/2014 10:00:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (02/15/2014 10:00:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Benachrichtigungsdienst für Systemereignisse" ist vom Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (02/15/2014 10:00:53 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{89115307-8248-448F-ADA0-F3F3718A9B2A}Nicht verfügbarNT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (02/15/2014 10:00:53 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{89115307-8248-448F-ADA0-F3F3718A9B2A}Nicht verfügbarNT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (02/15/2014 10:26:11 PM) (Source: Application Error)(User: )
Description: ProfilerU.exe6.7.5.24aaa3efdunknown0.0.0.000000000c000000500381874105c01cf2a94884c3a3fC:\Program Files\Saitek\SD6\Software\ProfilerU.exeunknownca27f059-9687-11e3-99e6-bc5ff40f2dd2

Error: (02/15/2014 10:01:14 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154, Klasse nicht registriert


Vorgang:
   Generator wird abonniert

Kontext:
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {828bf9ee-08b7-401d-b79d-69d30233d473}

Error: (02/15/2014 10:01:14 PM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80040154, Klasse nicht registriert


Vorgang:
   Generator wird abonniert

Kontext:
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {828bf9ee-08b7-401d-b79d-69d30233d473}

Error: (02/15/2014 10:01:14 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	(HRESULT : 0x80040154) (0x80040154)
Search.MapPI

Error: (02/15/2014 10:01:06 PM) (Source: SecurityCenter)(User: )
Description: 

Error: (02/15/2014 09:42:47 PM) (Source: WinMgmt)(User: )
Description: 0x80041014

Error: (02/15/2014 09:42:42 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
	(HRESULT : 0x80040154) (0x80040154)

Error: (02/15/2014 09:42:42 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	(HRESULT : 0x80040154) (0x80040154)

Error: (02/15/2014 09:42:42 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	(HRESULT : 0x80040154) (0x80040154)

Error: (02/15/2014 09:42:39 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	(HRESULT : 0x80040154) (0x80040154)
Search.MapPI


==================== Memory info =========================== 

Percentage of memory in use: 56%
Total physical RAM: 3323.64 MB
Available physical RAM: 1441.06 MB
Total Pagefile: 6645.58 MB
Available Pagefile: 4453.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.5 GB) (Free:225.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 08C308C2)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
GMER:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-15 22:50:25
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-1CH162 rev.CC44 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\ml\AppData\Local\Temp\axldrpow.sys


---- System - GMER 2.1 ----

SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwAdjustPrivilegesToken [0x92472392]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwAlpcConnectPort [0x9248D24A]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwAlpcCreatePort [0x9248D580]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwAlpcSendWaitReceivePort [0x9248D8F6]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwClose [0x92472E0C]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwConnectPort [0x9248CF32]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwCreateEvent [0x9247337E]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwCreateMutant [0x9247326C]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwCreatePort [0x9248D3F0]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwCreateSection [0x9247214E]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwCreateSemaphore [0x92473496]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwCreateThread [0x924729C2]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwCreateThreadEx [0x92472B32]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwCreateUserProcess [0x924735AE]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwCreateWaitablePort [0x9248D4B8]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwDebugActiveProcess [0x92473856]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwDeviceIoControlFile [0x92472E4E]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwDuplicateObject [0x92474858]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwLoadDriver [0x92473948]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwMapViewOfSection [0x92473EB4]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwNotifyChangeKey [0x9248B722]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwOpenEvent [0x92473410]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwOpenMutant [0x924732F8]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwOpenProcess [0x924725CC]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwOpenSection [0x92473C98]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwOpenSemaphore [0x92473528]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwOpenThread [0x924724C0]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwQueryDirectoryObject [0x92473664]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwQueryObject [0x9248B91A]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwQuerySection [0x924741DA]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwQueueApcThread [0x92473AE8]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwReplyPort [0x9248D6E4]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwReplyWaitReceivePort [0x9248D632]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwRequestWaitReplyPort [0x9248D750]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwResumeThread [0x924746FA]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwSecureConnectPort [0x9248D0BA]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwSetContextThread [0x92472CAC]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwSetInformationToken [0x92473702]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwSetSystemInformation [0x9247432A]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwSuspendProcess [0x9247441E]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwSuspendThread [0x92474558]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwSystemDebugControl [0x92473778]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwTerminateProcess [0x9247276C]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwTerminateThread [0x924726C2]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwUnmapViewOfSection [0x92474092]
SSDT   \SystemRoot\system32\DRIVERS\klif.sys                                                                                 ZwWriteVirtualMemory [0x92472858]

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                              83A5AA15 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                83A94212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 10D7                                                                                   83A9B46C 4 Bytes  [92, 23, 47, 92] {XCHG EDX, EAX; AND EAX, [EDI-0x6e]}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                                   83A9B494 8 Bytes  [4A, D2, 48, 92, 80, D5, 48, ...] {DEC EDX; ROR [EAX-0x6e], CL; ADC CH, 0x48; XCHG EDX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                                                   83A9B4D8 4 Bytes  [F6, D8, 48, 92] {NEG AL; DEC EAX; XCHG EDX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 116F                                                                                   83A9B504 4 Bytes  [0C, 2E, 47, 92] {OR AL, 0x2e; INC EDI; XCHG EDX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                                                   83A9B528 4 Bytes  [32, CF, 48, 92] {XOR CL, BH; DEC EAX; XCHG EDX, EAX}
.text  ...                                                                                                                   
.text  C:\Windows\system32\DRIVERS\atksgt.sys                                                                                section is writeable [0xAB829300, 0x3B6D8, 0xE8000020]
.text  C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                section is writeable [0xAB86C300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 2.1 ----

?      C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[332] C:\Windows\SYSTEM32\ntdll.dll            time/date stamp mismatch; 
.text  C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[332] ntdll.dll!NtProtectVirtualMemory         77AF5F58 5 Bytes  JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll
?      C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[332] C:\Windows\system32\kernel32.dll         time/date stamp mismatch; unknown module: KERNELBASE.dll
.text  C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[332] USER32.dll!NotifyWinEvent + 6AE          75F5D66C 4 Bytes  [E0, 13, 54, 67]
.text  C:\Program Files\Pando Networks\Media Booster\PMB.exe[4176] kernel32.dll!SetUnhandledExceptionFilter                  769BF4EB 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
?      C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll           time/date stamp mismatch; 
.text  C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4592] ntdll.dll!NtProtectVirtualMemory        77AF5F58 5 Bytes  JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll
?      C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4592] C:\Windows\system32\kernel32.dll        time/date stamp mismatch; unknown module: KERNELBASE.dll
.text  C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4592] USER32.dll!NotifyWinEvent + 6AE         75F5D66C 4 Bytes  [E0, 13, 54, 67]
.text  C:\Program Files\Mozilla Firefox\firefox.exe[4936] ntdll.dll!LdrGetProcedureAddress + 26                              77B122A9 7 Bytes  JMP 716F1FFD C:\Program Files\Mozilla Firefox\mozglue.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[4936] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D                      769B941E 7 Bytes  JMP 63DA09D3 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[4936] kernel32.dll!QueryPerformanceCounter + 13                          769BC425 7 Bytes  JMP 63DA098B C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[4936] kernel32.dll!LoadAppInitDlls + 355                                 769BF4E6 7 Bytes  JMP 639B5CC6 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[4936] GDI32.dll!GetViewportOrgEx + 26C                                   77BF884B 7 Bytes  JMP 63DA09FA C:\Program Files\Mozilla Firefox\xul.dll

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                             
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                       0x0F 0x68 0xFB 0x75 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                      
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0x4E 0x7F 0x91 0x7F ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x0F 0x68 0xFB 0x75 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0x4E 0x7F 0x91 0x7F ...

---- EOF - GMER 2.1 ----
         
Momentan weiss ich nicht weiter. Ich hoffe Ihr könnt mir helfen.
Angehängte Dateien
Dateityp: txt mbar-log-2014-02-12 (18-44-04).txt (2,5 KB, 111x aufgerufen)
Dateityp: txt aswMBR_15.02.txt (25,3 KB, 117x aufgerufen)

Alt 16.02.2014, 05:48   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht - Standard

Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht



hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 16.02.2014, 09:31   #3
Nesk1
 
Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht - Standard

Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht



Guten Morgen

hier die Logs:

MBAM:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.16.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
ml :: ATLAN [Administrator]

Schutz: Aktiviert

16.02.2014 08:46:19
mbam-log-2014-02-16 (08-46-19).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 265564
Laufzeit: 11 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
adwCleaner:
Code:
ATTFilter
# AdwCleaner v3.018 - Bericht erstellt am 16/02/2014 um 09:49:27
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : ml - ATLAN
# Gestartet von : C:\Users\ml\Desktop\logs\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\ProgramData\Uniblue\DriverScanner
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\DriverScanner
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\Program Files\Uniblue\DriverScanner
Ordner Gelöscht : C:\Users\ml\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\ml\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\ml\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\ml\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\ml\AppData\Roaming\Uniblue\DriverScanner
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\user.js
Datei Gelöscht : C:\Windows\Tasks\driverscanner.job
Datei Gelöscht : C:\Windows\System32\Tasks\driverscanner

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EC1CB48-68BF-4F58-AB5A-016EE4A259D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2EC1CB48-68BF-4F58-AB5A-016EE4A259D2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_scan2pdf_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_scan2pdf_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyricspal
Schlüssel Gelöscht : HKLM\Software\Uniblue\DriverScanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v27.0 (de)

[ Datei : C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [14571 octets] - [16/02/2014 09:29:50]
AdwCleaner[S0].txt - [14432 octets] - [16/02/2014 09:49:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14493 octets] ##########
         
zu JRT muss ich noch erwähnen das es nach dem Reboot schneller losgescannt hat als ich die Schutzsoftware deaktivieren konnte. Und da beim RegistryCheck der Zugang teilweise verweigert wurde habe ich vermutet das es mit der Schutzsoftware zusammenhängt. Also habe ich es nochmal ausgeführt. Leider hat es das Logfile überschrieben anstatt ein neues zu erstellen im ersten hat er einige Registry Schlüssel und Files gelöscht und das neue ist dementsprechend leer -.-
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x86
Ran by ml on 16.02.2014 at 10:10:15,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.02.2014 at 10:13:16,46
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Ist es eigentlich normal das nach einem JRT Scan einige namenlose Ordner, Verknüpfungen und Dateien auf dem Desktop erscheinen?

FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by ml (administrator) on ATLAN on 16-02-2014 10:17:15
Running from C:\Users\ml\Desktop\logs
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files\AMD\OverDrive\AODAssist.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
() C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Windows\system32\PnkBstrA.exe
() C:\Windows\system32\PnkBstrB.exe
(StarWind Software) C:\Program Files\alcohol\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
(Creative Technology Ltd.) C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
(Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Windows\System32\CTHELPER.EXE
(Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
(Creative Technology Ltd) C:\Windows\SYSTEM32\CTXFISPI.EXE
(Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Creative Technology Ltd.) C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
(Corsair Components  Inc) C:\Maus_M90\M90Hid.exe
(Corsair Components  Inc) C:\Maus_M90\CorsTra.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Creative Technology Ltd) C:\Windows\System32\Ctxfihlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Pando Networks\Media Booster\PMB.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Creative Technology Ltd) C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
() C:\Program Files\HiSuite\HiSuite.exe
() C:\Users\ml\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
() C:\Users\ml\AppData\Local\HiSuite\userdata\hwtools\hwtransport.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RCSystem] - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [57344 2006-11-22] (Creative Technology Ltd.)
HKLM\...\Run: [AudioDrvEmulator] - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [57344 2006-11-22] (Creative Technology Ltd.)
HKLM\...\Run: [VolPanel] - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [180224 2006-12-06] (Creative Technology Ltd)
HKLM\...\Run: [CTHelper] - C:\Windows\system32\CTHELPER.EXE [19456 2007-03-05] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [ProfilerU] - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [237568 2009-09-11] (Saitek)
HKLM\...\Run: [SaiMfd] - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [131072 2009-09-11] (Saitek)
HKLM\...\Run: [ Malwarebytes Anti-Malware  (reboot)] - "C:\Program Files\Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
HKLM\...\Run: [NPSStartup] - [X]
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [Corsair Garros] - C:\Maus_M90\M90Hid.exe [1768960 2012-05-22] (Corsair Components  Inc)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [CTxfiHlp] - C:\Windows\system32\CTXFIHLP.EXE [25600 2010-05-05] (Creative Technology Ltd)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO)
HKU\.DEFAULT\...\Run: [CtxfiReg] - CTXFIREG.exe /FAIL1
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-27] ()
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Creative MediaSource Go] - C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe [204800 2006-11-09] (Creative Technology Ltd)
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Mobile Partner] - C:\Program Files\HiSuite\HiSuite.exe [583488 2013-07-11] ()
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Amazon Cloud Player] - C:\Users\ml\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\MountPoints2: D - D:\ASRSetup.exe
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\MountPoints2: {cb124b1d-2f7c-11df-997d-6cf04902646e} - F:\Setup.exe
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\MountPoints2: {f4c6a2a3-3b33-11e3-817b-bc5ff40f2dd2} - G:\autorun.exe
Startup: C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Profiler.lnk
ShortcutTarget: Profiler.lnk -> C:\Windows\Installer\{46A219BA-FA02-43B6-8E46-4704B39251DD}\Profiler.exe (Saitek)

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {47802076-0332-47D7-AB21-698498446961} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.109.121.2 62.109.121.1

FireFox:
========
FF ProfilePath: C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1))%20%7B%20return%20'PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\ml\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FT DeepDark - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-02-11]
FF Extension: Firebug - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\firebug@software.joehewitt.com.xpi [2012-12-14]
FF Extension: YouTube MP3 Download - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\jid0-Z0Vu9hJlqV0fhIAPqPfmUCNubYQ@jetpack.xpi [2013-07-20]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-10-19]
FF Extension: TinEye Reverse Image Search - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\tineye@ideeinc.com.xpi [2013-04-19]
FF Extension: NoScript - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-12-14]
FF Extension: FireFTP - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-12-14]
FF Extension: Adblock Plus - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-14]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011-11-01]
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011-11-01]
FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011-11-01]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-01]

========================== Services (Whitelisted) =================

R2 AODService; C:\Program Files\AMD\OverDrive\AODAssist.exe [136616 2010-04-23] ()
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-03-05] (Creative Labs)
R2 HiSuiteOuc.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe [116032 2013-07-11] ()
R2 HuaweiHiSuiteService.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe [158208 2013-05-02] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [192832 2011-09-19] (NVIDIA)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2014-01-02] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [107832 2014-01-02] ()
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
R2 StarWindServiceAE; C:\Program Files\alcohol\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
S3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [X]

==================== Drivers (Whitelisted) ====================

R3 AmdTools; C:\Windows\System32\DRIVERS\AmdTools.sys [42552 2008-04-28] (AMD, Inc.)
R3 AODDriver2; C:\Program Files\AMD\OverDrive\i386\AODDriver2.sys [36864 2010-04-23] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-07-07] ()
S3 CamDrL; C:\Windows\System32\DRIVERS\Camdrl.sys [1075360 2007-02-03] (Logitech Inc.)
S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [98616 2007-03-05] (Creative Technology Ltd)
R3 CORSGMS; C:\Windows\System32\Drivers\CORSGMS.sys [18432 2012-03-27] ( )
S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [552248 2007-03-05] (Creative Technology Ltd)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2010-05-05] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [174392 2007-03-05] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [286520 2007-03-05] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [134968 2007-03-05] (Creative Technology Ltd)
R3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [329528 2007-03-05] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [101176 2007-03-05] (Creative Technology Ltd)
S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [566584 2007-03-05] (Creative Technology Ltd)
S3 dbustrcm; C:\Users\ml\AppData\Local\Temp\dbustrcm.sys [31744 2013-09-01] ()
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [32384 2011-02-08] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [52352 2011-02-08] (Etron Technology Inc)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [586072 2012-10-31] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [23856 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-07-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-02-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 RivaTuner32; C:\Program Files\RivaTuner\RivaTuner32.sys [9088 2009-08-22] ()
R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [104960 2008-01-21] (Saitek)
S3 SaiK0CEA; C:\Windows\System32\DRIVERS\SaiK0CEA.sys [104960 2008-04-04] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [20744 2009-09-14] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [43656 2009-09-14] (Saitek)
S3 SaiU0CEA; C:\Windows\System32\DRIVERS\SaiU0CEA.sys [28544 2008-04-04] (Saitek)
R1 SAVRKBootTasks; C:\Windows\system32\SAVRKBootTasks.sys [18816 2010-05-26] (Sophos Plc)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-03-14] (Duplex Secure Ltd.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 V0260VID; C:\Windows\System32\DRIVERS\V0260Vid.sys [154560 2007-05-25] (Creative Technology Ltd.)
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [X]
S3 atillk64; \??\C:\Program Files\AMD GPU Clock Tool\atillk64.sys [X]
S3 CT20XUT.DLL; system32\CT20XUT.DLL [X]
S3 CTEXFIFX.DLL; system32\CTEXFIFX.DLL [X]
S3 CTHWIUT.DLL; system32\CTHWIUT.DLL [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2011-10-24] (Huawei Technologies Co., Ltd.)
S3 MEMSWEEP2; \??\C:\Windows\system32\34.tmp [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-16 10:13 - 2014-02-16 10:13 - 00000645 _____ () C:\Users\ml\Desktop\JRT.txt
2014-02-16 10:05 - 2014-02-16 10:05 - 00000000 ____D () C:\Users\ml\Desktop\zeug
2014-02-16 09:54 - 2014-02-16 09:54 - 00000000 ____D () C:\Windows\ERUNT
2014-02-16 09:27 - 2014-02-16 09:49 - 00000000 ____D () C:\AdwCleaner
2014-02-16 08:33 - 2014-02-16 08:33 - 00000000 ____D () C:\Program Files\Skype
2014-02-15 21:15 - 2014-02-15 21:15 - 00293592 _____ () C:\Users\linuel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-15 21:10 - 2014-02-16 07:08 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-15 21:10 - 2014-02-16 07:08 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-15 21:10 - 2014-02-16 07:08 - 00000000 ____D () C:\Users\linuel
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Startmenü
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Netzwerkumgebung
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Druckumgebung
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Musik
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Bilder
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Local\Verlauf
2014-02-15 15:08 - 2014-02-15 22:22 - 00000340 _____ () C:\Users\ml\defogger_reenable
2014-02-15 13:00 - 2014-02-16 10:17 - 00000000 ____D () C:\FRST
2014-02-13 21:40 - 2014-02-13 22:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-13 21:18 - 2014-02-13 21:19 - 00000109 _____ () C:\Users\ml\Documents\mwb-am.TXT
2014-02-11 23:54 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-11 23:54 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-11 23:54 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-11 23:54 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-11 23:54 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-11 23:54 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-11 23:54 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-11 23:54 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-11 23:54 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-11 23:54 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-11 23:54 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-11 23:54 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-11 23:54 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-11 23:54 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-11 23:54 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-11 23:54 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-11 23:54 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-11 23:54 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-11 23:54 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-11 23:54 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-11 23:54 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-11 23:44 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-11 22:41 - 2014-02-11 22:41 - 04745728 _____ (AVAST Software) C:\Users\ml\Downloads\aswMBR.exe
2014-02-11 22:14 - 2014-02-11 22:15 - 00267492 _____ () C:\Windows\msxml4-KB2758694-deu.LOG
2014-02-11 21:51 - 2014-02-12 18:43 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-11 21:50 - 2014-02-11 21:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ml\Downloads\mbar-1.07.0.1009.exe
2014-02-11 21:49 - 2014-02-11 21:50 - 00000000 ____D () C:\Program Files\Malwarebytes_Anti-Rootkit
2014-02-11 21:45 - 2014-02-11 21:52 - 451422799 _____ (WinFuture) C:\Users\ml\Downloads\WinFuture_7SP1_x86_UpdatePack_2.34_Januar_2014-Vollversion.exe
2014-02-11 21:29 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-11 21:29 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-11 21:29 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 21:29 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-11 21:29 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-11 21:29 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-11 21:29 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-11 21:29 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-11 21:29 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-11 21:29 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-11 21:29 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-11 21:29 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-11 21:29 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-11 21:29 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 20:16 - 2014-02-11 20:32 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-11 20:15 - 2014-02-11 20:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ATLAN-Microsoft-Windows-7-Professional-(32-bit).dat
2014-02-11 20:13 - 2014-02-11 20:13 - 00000000 ____D () C:\RegBackup
2014-02-11 18:23 - 2014-02-11 18:23 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-11 18:20 - 2014-02-11 18:20 - 00000000 ____D () C:\Program Files\Tweaking
2014-02-11 18:17 - 2014-02-11 18:23 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-11 18:17 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-06 18:31 - 2014-02-06 18:31 - 00924173 _____ () C:\Users\ml\Downloads\BrMain480.exe
2014-02-06 18:04 - 2014-02-16 07:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-02 01:10 - 2014-02-02 01:10 - 00000000 ____D () C:\Users\ml\AppData\Local\BigHugeEngine
2014-01-26 00:47 - 2014-01-26 00:47 - 22607745 _____ () C:\Users\ml\Downloads\ufoaftershock_patch_1_2-including_previous_patch.zip
2014-01-26 00:45 - 2014-01-26 00:45 - 03123262 _____ () C:\Users\ml\Downloads\ufo_aftershock_patch_1_3.zip
2014-01-26 00:45 - 2014-01-26 00:45 - 03122287 _____ () C:\Users\ml\Downloads\Ufo-Aftershock-Patch-1.3.zip
2014-01-26 00:44 - 2014-01-26 00:44 - 02028396 _____ () C:\Users\ml\Downloads\UFO_Aftershock_v1.2.1_Patch.zip
2014-01-26 00:41 - 2014-01-27 21:52 - 00000635 _____ () C:\Users\Public\Desktop\UFO Aftershock.lnk
2014-01-21 21:29 - 2014-01-21 21:29 - 03669884 _____ () C:\Users\ml\Downloads\DarkHorizon_v1.0.6.0_Patch.zip
2014-01-21 18:57 - 2014-02-16 07:09 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-01-21 18:57 - 2014-01-30 20:41 - 00001159 _____ () C:\Users\ml\Desktop\Amazon Cloud Player.lnk
2014-01-21 18:57 - 2014-01-30 20:41 - 00000000 ____D () C:\Users\ml\AppData\Local\Amazon Cloud Player
2014-01-20 21:46 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-20 21:46 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-20 21:46 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-20 21:46 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-20 21:45 - 2014-01-20 21:46 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log

==================== One Month Modified Files and Folders =======

2014-02-16 10:17 - 2014-02-15 13:00 - 00000000 ____D () C:\FRST
2014-02-16 10:17 - 2011-01-01 10:54 - 00000000 ____D () C:\Users\ml\AppData\Local\PMB Files
2014-02-16 10:17 - 2010-03-05 00:07 - 01058915 _____ () C:\Windows\WindowsUpdate.log
2014-02-16 10:13 - 2014-02-16 10:13 - 00000645 _____ () C:\Users\ml\Desktop\JRT.txt
2014-02-16 10:13 - 2009-07-14 05:34 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-16 10:13 - 2009-07-14 05:34 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-16 10:10 - 2010-03-05 00:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-16 10:08 - 2012-04-21 23:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-16 10:08 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-16 10:08 - 2009-07-14 05:39 - 00179444 _____ () C:\Windows\setupact.log
2014-02-16 10:05 - 2014-02-16 10:05 - 00000000 ____D () C:\Users\ml\Desktop\zeug
2014-02-16 09:55 - 2012-07-05 16:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-16 09:54 - 2014-02-16 09:54 - 00000000 ____D () C:\Windows\ERUNT
2014-02-16 09:49 - 2014-02-16 09:27 - 00000000 ____D () C:\AdwCleaner
2014-02-16 09:49 - 2011-12-10 17:36 - 00000000 ____D () C:\ProgramData\Uniblue
2014-02-16 09:49 - 2011-12-10 17:16 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Uniblue
2014-02-16 09:49 - 2011-12-10 17:16 - 00000000 ____D () C:\Program Files\Uniblue
2014-02-16 08:33 - 2014-02-16 08:33 - 00000000 ____D () C:\Program Files\Skype
2014-02-16 08:33 - 2010-06-10 19:28 - 00000000 ____D () C:\ProgramData\Skype
2014-02-16 07:09 - 2014-02-06 18:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-16 07:09 - 2014-01-21 18:57 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-02-16 07:09 - 2013-05-18 01:29 - 00000000 ____D () C:\Users\ml\Downloads\sound
2014-02-16 07:09 - 2012-08-16 19:31 - 00000000 ____D () C:\Users\ml\AppData\Local\CCP
2014-02-16 07:09 - 2012-07-01 19:20 - 00000000 ____D () C:\Users\ml\Downloads\ydkj
2014-02-16 07:09 - 2012-05-05 06:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-16 07:09 - 2012-04-21 23:27 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision
2014-02-16 07:09 - 2012-03-02 17:00 - 00000000 ____D () C:\Users\ml\Downloads\mflpro
2014-02-16 07:09 - 2011-12-13 17:50 - 00000000 ____D () C:\Users\ml\Downloads\cpu-z
2014-02-16 07:09 - 2011-12-10 17:16 - 00000000 ____D () C:\Program Files\CrystalDiskInfo
2014-02-16 07:09 - 2011-12-05 23:24 - 00000000 ____D () C:\Users\ml\Downloads\RoT
2014-02-16 07:09 - 2011-07-17 00:33 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
2014-02-16 07:09 - 2011-06-12 21:35 - 00000000 ____D () C:\Users\ml\Downloads\directx9c
2014-02-16 07:09 - 2011-03-06 01:01 - 00000000 ____D () C:\Users\ml\Downloads\xbox360ce
2014-02-16 07:09 - 2010-10-03 09:05 - 00000000 ____D () C:\Users\ml\Downloads\gpg
2014-02-16 07:09 - 2010-07-28 18:08 - 00000000 ____D () C:\Users\ml\AppData\Roaming\vlc
2014-02-16 07:09 - 2010-05-02 09:31 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-16 07:09 - 2010-04-28 19:40 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-16 07:09 - 2010-04-06 18:55 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2014-02-16 07:09 - 2010-03-20 12:57 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-16 07:09 - 2010-03-05 01:04 - 00000000 ____D () C:\Windows\system32\Data
2014-02-16 07:09 - 2010-03-05 00:14 - 00000000 ___RD () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-16 07:09 - 2010-03-05 00:14 - 00000000 ___RD () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-16 07:09 - 2010-03-05 00:14 - 00000000 ____D () C:\Users\ml
2014-02-16 07:09 - 2010-02-08 23:40 - 00000000 ____D () C:\spiele
2014-02-16 07:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-02-16 07:08 - 2014-02-15 21:10 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-16 07:08 - 2014-02-15 21:10 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-16 07:08 - 2014-02-15 21:10 - 00000000 ____D () C:\Users\linuel
2014-02-16 07:08 - 2013-10-30 23:57 - 00000000 ____D () C:\Users\ml\Downloads\simc-540-5-win32
2014-02-16 07:08 - 2012-11-11 11:45 - 00000000 ____D () C:\Users\ml\Downloads\Sine.Mora-SKIDROW-LaVerta.part1
2014-02-16 07:08 - 2012-11-04 10:41 - 00000000 ____D () C:\Users\ml\Downloads\wordpress_342-de
2014-02-16 07:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-02-16 07:07 - 2013-10-22 22:39 - 00000000 ____D () C:\Users\ml\Downloads\HiSuiteSetup_v1.8.10.1706
2014-02-16 07:07 - 2012-11-10 13:29 - 00000000 ____D () C:\Users\ml\Downloads\contact-form-7331
2014-02-16 07:07 - 2011-05-17 18:33 - 00000000 ____D () C:\Users\ml\Downloads\Mainboard_Treiber
2014-02-16 07:07 - 2010-07-23 19:04 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Malwarebytes
2014-02-16 02:26 - 2010-03-20 12:55 - 00000000 ____D () C:\Program Files\Steam
2014-02-15 22:29 - 2010-03-05 00:16 - 01644414 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-15 22:22 - 2014-02-15 15:08 - 00000340 _____ () C:\Users\ml\defogger_reenable
2014-02-15 21:15 - 2014-02-15 21:15 - 00293592 _____ () C:\Users\linuel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Startmenü
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Netzwerkumgebung
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Druckumgebung
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Musik
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Bilder
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Local\Verlauf
2014-02-13 22:52 - 2014-02-13 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-13 21:19 - 2014-02-13 21:18 - 00000109 _____ () C:\Users\ml\Documents\mwb-am.TXT
2014-02-12 19:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 18:43 - 2014-02-11 21:51 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-11 22:41 - 2014-02-11 22:41 - 04745728 _____ (AVAST Software) C:\Users\ml\Downloads\aswMBR.exe
2014-02-11 22:15 - 2014-02-11 22:14 - 00267492 _____ () C:\Windows\msxml4-KB2758694-deu.LOG
2014-02-11 22:14 - 2011-04-03 13:47 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-11 22:08 - 2011-07-19 19:14 - 00086016 ___SH () C:\Users\ml\Documents\Thumbs.db
2014-02-11 21:56 - 2013-11-24 02:17 - 00012248 _____ () C:\Windows\IE11_main.log
2014-02-11 21:52 - 2014-02-11 21:45 - 451422799 _____ (WinFuture) C:\Users\ml\Downloads\WinFuture_7SP1_x86_UpdatePack_2.34_Januar_2014-Vollversion.exe
2014-02-11 21:50 - 2014-02-11 21:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ml\Downloads\mbar-1.07.0.1009.exe
2014-02-11 21:50 - 2014-02-11 21:49 - 00000000 ____D () C:\Program Files\Malwarebytes_Anti-Rootkit
2014-02-11 21:25 - 2010-03-05 01:56 - 00293592 _____ () C:\Users\ml\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-11 21:13 - 2009-07-14 05:33 - 02828184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-11 21:12 - 2010-03-05 01:45 - 00234518 _____ () C:\Windows\PFRO.log
2014-02-11 20:32 - 2014-02-11 20:16 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-11 20:15 - 2014-02-11 20:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ATLAN-Microsoft-Windows-7-Professional-(32-bit).dat
2014-02-11 20:13 - 2014-02-11 20:13 - 00000000 ____D () C:\RegBackup
2014-02-11 18:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-02-11 18:23 - 2014-02-11 18:23 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-11 18:23 - 2014-02-11 18:17 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-11 18:20 - 2014-02-11 18:20 - 00000000 ____D () C:\Program Files\Tweaking
2014-02-09 12:25 - 2010-03-14 13:28 - 00000354 _____ () C:\Windows\Tasks\At1.job
2014-02-08 23:15 - 2014-01-10 18:09 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Awesomium
2014-02-06 19:23 - 2012-04-11 19:14 - 00000000 ____D () C:\ProgramData\Origin
2014-02-06 19:21 - 2012-04-11 19:18 - 00000000 ____D () C:\Program Files\Origin
2014-02-06 18:31 - 2014-02-06 18:31 - 00924173 _____ () C:\Users\ml\Downloads\BrMain480.exe
2014-02-06 18:24 - 2010-03-20 09:32 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-02-06 18:04 - 2013-12-16 21:18 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-06 11:38 - 2014-02-11 23:54 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:20 - 2014-02-11 23:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:19 - 2014-02-11 23:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:01 - 2014-02-11 23:54 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:00 - 2014-02-11 23:54 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-11 23:54 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 10:52 - 2014-02-11 23:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:52 - 2014-02-11 23:54 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:49 - 2014-02-11 23:54 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:47 - 2014-02-11 23:54 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:47 - 2014-02-11 23:54 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:46 - 2014-02-11 23:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:34 - 2014-02-11 23:54 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:25 - 2014-02-11 23:54 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:25 - 2014-02-11 23:54 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:13 - 2014-02-11 23:54 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:09 - 2014-02-11 23:54 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:03 - 2014-02-11 23:54 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:41 - 2014-02-11 23:54 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:36 - 2014-02-11 23:54 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:34 - 2014-02-11 23:54 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-05 21:55 - 2012-05-14 23:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-05 21:55 - 2011-05-19 18:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-03 23:24 - 2010-03-05 16:33 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Skype
2014-02-03 20:14 - 2010-03-06 14:47 - 00000000 ____D () C:\Users\ml\AppData\Roaming\TS3Client
2014-02-02 20:56 - 2013-10-04 19:02 - 00000000 ____D () C:\Users\ml\AppData\Local\Battle.net
2014-02-02 01:10 - 2014-02-02 01:10 - 00000000 ____D () C:\Users\ml\AppData\Local\BigHugeEngine
2014-01-30 20:41 - 2014-01-21 18:57 - 00001159 _____ () C:\Users\ml\Desktop\Amazon Cloud Player.lnk
2014-01-30 20:41 - 2014-01-21 18:57 - 00000000 ____D () C:\Users\ml\AppData\Local\Amazon Cloud Player
2014-01-29 22:08 - 2010-03-20 12:55 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-01-27 21:52 - 2014-01-26 00:41 - 00000635 _____ () C:\Users\Public\Desktop\UFO Aftershock.lnk
2014-01-26 00:47 - 2014-01-26 00:47 - 22607745 _____ () C:\Users\ml\Downloads\ufoaftershock_patch_1_2-including_previous_patch.zip
2014-01-26 00:45 - 2014-01-26 00:45 - 03123262 _____ () C:\Users\ml\Downloads\ufo_aftershock_patch_1_3.zip
2014-01-26 00:45 - 2014-01-26 00:45 - 03122287 _____ () C:\Users\ml\Downloads\Ufo-Aftershock-Patch-1.3.zip
2014-01-26 00:44 - 2014-01-26 00:44 - 02028396 _____ () C:\Users\ml\Downloads\UFO_Aftershock_v1.2.1_Patch.zip
2014-01-26 00:40 - 2010-03-05 00:40 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-01-21 21:29 - 2014-01-21 21:29 - 03669884 _____ () C:\Users\ml\Downloads\DarkHorizon_v1.0.6.0_Patch.zip
2014-01-20 21:46 - 2014-01-20 21:45 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-20 21:46 - 2013-10-17 21:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-20 21:46 - 2012-03-18 15:32 - 00000000 ____D () C:\Program Files\Java
2014-01-20 21:43 - 2010-03-14 16:43 - 00000000 ____D () C:\Users\ml\AppData\Local\Adobe
2014-01-18 18:21 - 2013-10-09 18:16 - 00000000 ____D () C:\Program Files\Hearthstone
2014-01-17 22:32 - 2013-10-04 19:02 - 00000000 ____D () C:\Program Files\Battle.net
2014-01-17 22:32 - 2012-05-14 18:11 - 00000000 ____D () C:\Program Files\Diablo III
2014-01-17 16:58 - 2012-11-21 21:56 - 00015726 _____ () C:\Users\ml\Documents\Geburtstage_Adressen.odt
2014-01-17 16:36 - 2010-03-05 01:02 - 00073312 _____ () C:\Windows\DirectX.log
2014-01-17 00:10 - 2010-03-05 01:58 - 00000000 ____D () C:\Windows\system32\directx
2014-01-17 00:09 - 2010-10-03 09:06 - 00000000 ____D () C:\Program Files\THQ

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Users\ml\AppData\Local\Temp\11-8_vista32_win7_32_dd_ccc_ocl.exe
C:\Users\ml\AppData\Local\Temp\CheatEngine63Clean.exe
C:\Users\ml\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\ml\AppData\Local\Temp\CTPBSeq.exe
C:\Users\ml\AppData\Local\Temp\devcon.exe
C:\Users\ml\AppData\Local\Temp\DivXSetup.exe
C:\Users\ml\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\ml\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\ml\AppData\Local\Temp\GdiPlus.dll
C:\Users\ml\AppData\Local\Temp\installerdll.dll
C:\Users\ml\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\ml\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\mbam-setup.exe
C:\Users\ml\AppData\Local\Temp\MSVBVM60.DLL
C:\Users\ml\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\ml\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Users\ml\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\ml\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\ml\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\ml\AppData\Local\Temp\nvStInst.exe
C:\Users\ml\AppData\Local\Temp\patchw32.dll
C:\Users\ml\AppData\Local\Temp\Quarantine.exe
C:\Users\ml\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\ml\AppData\Local\Temp\SIntf16.dll
C:\Users\ml\AppData\Local\Temp\SIntf32.dll
C:\Users\ml\AppData\Local\Temp\SIntfNT.dll
C:\Users\ml\AppData\Local\Temp\SkypeSetup.exe
C:\Users\ml\AppData\Local\Temp\tmp4CE7.exe
C:\Users\ml\AppData\Local\Temp\tmp508F.exe
C:\Users\ml\AppData\Local\Temp\tmp5F8D.exe
C:\Users\ml\AppData\Local\Temp\tmp61AF.exe
C:\Users\ml\AppData\Local\Temp\tmp7010.exe
C:\Users\ml\AppData\Local\Temp\tmp96A3.exe
C:\Users\ml\AppData\Local\Temp\Uninst.exe
C:\Users\ml\AppData\Local\Temp\_is77CF.exe
C:\Users\ml\AppData\Local\Temp\_isE495.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 13:54

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---
__________________

Geändert von Nesk1 (16.02.2014 um 09:37 Uhr)

Alt 17.02.2014, 09:10   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht - Standard

Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht



Das sind bestimmt versteckte DAteien und Ordner. Screenshot bitte.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.02.2014, 21:34   #5
Nesk1
 
Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht - Standard

Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht



Ok hier die Logs:

Eset:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d65fe67596c5d6478189be3a34fa2c98
# engine=17108
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-17 10:12:48
# local_time=2014-02-17 11:12:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1285 16777213 100 100 8302 89323080 0 0
# compatibility_mode=5893 16776573 100 94 114289 144306359 0 0
# scanned=291805
# found=0
# cleaned=0
# scan_time=5907
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d65fe67596c5d6478189be3a34fa2c98
# engine=17123
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-18 09:05:26
# local_time=2014-02-18 10:05:26 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1285 16777213 100 100 12869 89405438 0 0
# compatibility_mode=5893 16776573 100 94 196647 144388717 0 0
# scanned=492124
# found=0
# cleaned=0
# scan_time=12557
         
SecurityCheck:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 22  
 Java(TM) 6 Update 29  
 Java 7 Update 51  
 Adobe Flash Player 	12.0.0.44  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (27.0.1) 
 Mozilla Thunderbird (24.3.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Kaspersky Lab Kaspersky Internet Security 2012 avp.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014
Ran by ml (administrator) on ATLAN on 18-02-2014 22:22:45
Running from C:\Users\ml\Desktop\logs
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files\AMD\OverDrive\AODAssist.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
() C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
() C:\Windows\system32\PnkBstrA.exe
() C:\Windows\system32\PnkBstrB.exe
(StarWind Software) C:\Program Files\alcohol\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Creative Technology Ltd.) C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
(Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Windows\System32\CTHELPER.EXE
(Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Creative Technology Ltd) C:\Windows\SYSTEM32\CTXFISPI.EXE
(Corsair Components  Inc) C:\Maus_M90\M90Hid.exe
(Corsair Components  Inc) C:\Maus_M90\CorsTra.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Creative Technology Ltd) C:\Windows\System32\Ctxfihlp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Creative Technology Ltd) C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
() C:\Program Files\HiSuite\HiSuite.exe
() C:\Users\ml\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
(Creative Technology Ltd.) C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
() C:\Users\ml\AppData\Local\HiSuite\userdata\hwtools\hwtransport.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RCSystem] - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [57344 2006-11-22] (Creative Technology Ltd.)
HKLM\...\Run: [AudioDrvEmulator] - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [57344 2006-11-22] (Creative Technology Ltd.)
HKLM\...\Run: [VolPanel] - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [180224 2006-12-06] (Creative Technology Ltd)
HKLM\...\Run: [CTHelper] - C:\Windows\system32\CTHELPER.EXE [19456 2007-03-05] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [ProfilerU] - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [237568 2009-09-11] (Saitek)
HKLM\...\Run: [SaiMfd] - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [131072 2009-09-11] (Saitek)
HKLM\...\Run: [ Malwarebytes Anti-Malware  (reboot)] - "C:\Program Files\Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
HKLM\...\Run: [NPSStartup] - [X]
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [Corsair Garros] - C:\Maus_M90\M90Hid.exe [1768960 2012-05-22] (Corsair Components  Inc)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [CTxfiHlp] - C:\Windows\system32\CTXFIHLP.EXE [25600 2010-05-05] (Creative Technology Ltd)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO)
HKU\.DEFAULT\...\Run: [CtxfiReg] - CTXFIREG.exe /FAIL1
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [AlcoholAutomount] - C:\Program Files\alcohol\AxAutoMntSrv.exe [33120 2009-11-15] (Alcohol Soft Development Team)
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-27] ()
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Creative MediaSource Go] - C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe [204800 2006-11-09] (Creative Technology Ltd)
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Mobile Partner] - C:\Program Files\HiSuite\HiSuite.exe [583488 2013-07-11] ()
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Amazon Cloud Player] - C:\Users\ml\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\MountPoints2: D - D:\ASRSetup.exe
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\MountPoints2: {cb124b1d-2f7c-11df-997d-6cf04902646e} - F:\Setup.exe
HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\MountPoints2: {f4c6a2a3-3b33-11e3-817b-bc5ff40f2dd2} - G:\autorun.exe
Startup: C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Profiler.lnk
ShortcutTarget: Profiler.lnk -> C:\Windows\Installer\{46A219BA-FA02-43B6-8E46-4704B39251DD}\Profiler.exe (Saitek)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10005’
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’
SearchScopes: HKCU - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://tbsearch.ask.com/redirect?client=ie&tb=BTV5&o=10148&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKCU - {47802076-0332-47D7-AB21-698498446961} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.109.121.1 62.109.121.2

FireFox:
========
FF ProfilePath: C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default
FF user.js: detected! => C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\user.js
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1))%20%7B%20return%20'PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\ml\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\staged [2014-02-18]
FF Extension: FT DeepDark - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-02-11]
FF Extension: Firebug - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\firebug@software.joehewitt.com.xpi [2012-12-14]
FF Extension: YouTube MP3 Download - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\jid0-Z0Vu9hJlqV0fhIAPqPfmUCNubYQ@jetpack.xpi [2013-07-20]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-10-19]
FF Extension: TinEye Reverse Image Search - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\tineye@ideeinc.com.xpi [2013-04-19]
FF Extension: NoScript - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-12-14]
FF Extension: FireFTP - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-12-14]
FF Extension: Adblock Plus - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-14]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-02-16]
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011-11-01]
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011-11-01]
FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011-11-01]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-01]

========================== Services (Whitelisted) =================

R2 AODService; C:\Program Files\AMD\OverDrive\AODAssist.exe [136616 2010-04-23] ()
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-03-05] (Creative Labs)
R2 HiSuiteOuc.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe [116032 2013-07-11] ()
R2 HuaweiHiSuiteService.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe [158208 2013-05-02] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [192832 2011-09-19] (NVIDIA)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2014-01-02] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [107832 2014-01-02] ()
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
R2 StarWindServiceAE; C:\Program Files\alcohol\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
S3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [X]

==================== Drivers (Whitelisted) ====================

R3 AmdTools; C:\Windows\System32\DRIVERS\AmdTools.sys [42552 2008-04-28] (AMD, Inc.)
R3 AODDriver2; C:\Program Files\AMD\OverDrive\i386\AODDriver2.sys [36864 2010-04-23] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-07-07] ()
S3 CamDrL; C:\Windows\System32\DRIVERS\Camdrl.sys [1075360 2007-02-03] (Logitech Inc.)
S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [98616 2007-03-05] (Creative Technology Ltd)
R3 CORSGMS; C:\Windows\System32\Drivers\CORSGMS.sys [18432 2012-03-27] ( )
S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [552248 2007-03-05] (Creative Technology Ltd)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2010-05-05] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [174392 2007-03-05] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [286520 2007-03-05] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [134968 2007-03-05] (Creative Technology Ltd)
R3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [329528 2007-03-05] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [101176 2007-03-05] (Creative Technology Ltd)
S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [566584 2007-03-05] (Creative Technology Ltd)
S3 dbustrcm; C:\Users\ml\AppData\Local\Temp\dbustrcm.sys [31744 2013-09-01] ()
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [32384 2011-02-08] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [52352 2011-02-08] (Etron Technology Inc)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [586072 2012-10-31] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [23856 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-07-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-02-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 RivaTuner32; C:\Program Files\RivaTuner\RivaTuner32.sys [9088 2009-08-22] ()
R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [104960 2008-01-21] (Saitek)
S3 SaiK0CEA; C:\Windows\System32\DRIVERS\SaiK0CEA.sys [104960 2008-04-04] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [20744 2009-09-14] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [43656 2009-09-14] (Saitek)
S3 SaiU0CEA; C:\Windows\System32\DRIVERS\SaiU0CEA.sys [28544 2008-04-04] (Saitek)
R1 SAVRKBootTasks; C:\Windows\system32\SAVRKBootTasks.sys [18816 2010-05-26] (Sophos Plc)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-03-14] ()
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 V0260VID; C:\Windows\System32\DRIVERS\V0260Vid.sys [154560 2007-05-25] (Creative Technology Ltd.)
U3 agr3p5sn; C:\Windows\system32\Drivers\agr3p5sn.sys [0 ] (Microsoft Corporation)
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [X]
S3 atillk64; \??\C:\Program Files\AMD GPU Clock Tool\atillk64.sys [X]
S3 CT20XUT.DLL; system32\CT20XUT.DLL [X]
S3 CTEXFIFX.DLL; system32\CTEXFIFX.DLL [X]
S3 CTHWIUT.DLL; system32\CTHWIUT.DLL [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2011-10-24] (Huawei Technologies Co., Ltd.)
S3 MEMSWEEP2; \??\C:\Windows\system32\34.tmp [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-18 22:22 - 2014-02-18 22:22 - 01141248 _____ (Farbar) C:\Users\ml\Downloads\FRST.exe
2014-02-18 22:11 - 2014-02-18 22:11 - 00987425 _____ () C:\Users\ml\Downloads\SecurityCheck.exe
2014-02-17 21:27 - 2014-02-17 21:27 - 02347384 _____ (ESET) C:\Users\ml\Downloads\esetsmartinstaller_enu.exe
2014-02-16 18:02 - 2014-02-16 18:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-16 14:56 - 2014-02-17 00:16 - 00000000 ___RD () C:\Users\linuel.atlan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-16 14:56 - 2014-02-17 00:16 - 00000000 ___RD () C:\Users\linuel.atlan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-16 14:56 - 2014-02-17 00:16 - 00000000 ____D () C:\Users\linuel.atlan
2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Startmenü
2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Netzwerkumgebung
2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Druckumgebung
2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Documents\Eigene Musik
2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Documents\Eigene Bilder
2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\AppData\Local\Verlauf
2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 ____D () C:\Users\linuel.atlan\AppData\Local\VirtualStore
2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 ____D () C:\Users\linuel.atlan\AppData\Local\NVIDIA Corporation
2014-02-16 09:27 - 2014-02-17 00:16 - 00000000 ____D () C:\AdwCleaner
2014-02-16 08:33 - 2014-02-16 08:33 - 00000000 ____D () C:\Program Files\Skype
2014-02-15 22:19 - 2014-02-15 22:19 - 00050477 _____ () C:\Users\ml\Downloads\Defogger.exe
2014-02-15 21:15 - 2014-02-15 21:15 - 00293592 _____ () C:\Users\linuel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-15 21:10 - 2014-02-16 07:08 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-15 21:10 - 2014-02-16 07:08 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-15 21:10 - 2014-02-16 07:08 - 00000000 ____D () C:\Users\linuel
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Startmenü
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Netzwerkumgebung
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Druckumgebung
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Musik
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Bilder
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Local\Verlauf
2014-02-15 15:08 - 2014-02-15 22:22 - 00000340 _____ () C:\Users\ml\defogger_reenable
2014-02-15 13:00 - 2014-02-18 22:22 - 00000000 ____D () C:\FRST
2014-02-13 21:40 - 2014-02-13 22:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-13 21:18 - 2014-02-13 21:19 - 00000109 _____ () C:\Users\ml\Documents\mwb-am.TXT
2014-02-11 23:54 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-11 23:54 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-11 23:54 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-11 23:54 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-11 23:54 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-11 23:54 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-11 23:54 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-11 23:54 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-11 23:54 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-11 23:54 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-11 23:54 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-11 23:54 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-11 23:54 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-11 23:54 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-11 23:54 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-11 23:54 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-11 23:54 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-11 23:54 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-11 23:54 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-11 23:54 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-11 23:54 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-11 23:44 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-11 22:41 - 2014-02-11 22:41 - 04745728 _____ (AVAST Software) C:\Users\ml\Downloads\aswMBR.exe
2014-02-11 22:14 - 2014-02-11 22:15 - 00267492 _____ () C:\Windows\msxml4-KB2758694-deu.LOG
2014-02-11 21:51 - 2014-02-12 18:43 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-11 21:50 - 2014-02-11 21:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ml\Downloads\mbar-1.07.0.1009.exe
2014-02-11 21:49 - 2014-02-11 21:50 - 00000000 ____D () C:\Program Files\Malwarebytes_Anti-Rootkit
2014-02-11 21:45 - 2014-02-11 21:52 - 451422799 _____ (WinFuture) C:\Users\ml\Downloads\WinFuture_7SP1_x86_UpdatePack_2.34_Januar_2014-Vollversion.exe
2014-02-11 21:29 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-11 21:29 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-11 21:29 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 21:29 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-11 21:29 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-11 21:29 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-11 21:29 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-11 21:29 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-11 21:29 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-11 21:29 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-11 21:29 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-11 21:29 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-11 21:29 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-11 21:29 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 20:16 - 2014-02-11 20:32 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-11 20:15 - 2014-02-11 20:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ATLAN-Microsoft-Windows-7-Professional-(32-bit).dat
2014-02-11 20:13 - 2014-02-11 20:13 - 00000000 ____D () C:\RegBackup
2014-02-11 18:23 - 2014-02-11 18:23 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-11 18:20 - 2014-02-11 18:20 - 00000000 ____D () C:\Program Files\Tweaking
2014-02-11 18:17 - 2014-02-11 18:23 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-11 18:17 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-06 18:31 - 2014-02-06 18:31 - 00924173 _____ () C:\Users\ml\Downloads\BrMain480.exe
2014-02-02 01:10 - 2014-02-02 01:10 - 00000000 ____D () C:\Users\ml\AppData\Local\BigHugeEngine
2014-01-26 00:47 - 2014-01-26 00:47 - 22607745 _____ () C:\Users\ml\Downloads\ufoaftershock_patch_1_2-including_previous_patch.zip
2014-01-26 00:45 - 2014-01-26 00:45 - 03123262 _____ () C:\Users\ml\Downloads\ufo_aftershock_patch_1_3.zip
2014-01-26 00:45 - 2014-01-26 00:45 - 03122287 _____ () C:\Users\ml\Downloads\Ufo-Aftershock-Patch-1.3.zip
2014-01-26 00:44 - 2014-01-26 00:44 - 02028396 _____ () C:\Users\ml\Downloads\UFO_Aftershock_v1.2.1_Patch.zip
2014-01-26 00:41 - 2014-01-27 21:52 - 00000635 _____ () C:\Users\Public\Desktop\UFO Aftershock.lnk
2014-01-21 21:29 - 2014-01-21 21:29 - 03669884 _____ () C:\Users\ml\Downloads\DarkHorizon_v1.0.6.0_Patch.zip
2014-01-21 18:57 - 2014-02-17 00:16 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-01-21 18:57 - 2014-01-30 20:41 - 00001159 _____ () C:\Users\ml\Desktop\Amazon Cloud Player.lnk
2014-01-21 18:57 - 2014-01-30 20:41 - 00000000 ____D () C:\Users\ml\AppData\Local\Amazon Cloud Player
2014-01-20 21:46 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-20 21:46 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-20 21:46 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-20 21:46 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-20 21:45 - 2014-01-20 21:46 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log

==================== One Month Modified Files and Folders =======

2014-02-18 22:23 - 2010-03-05 00:07 - 01629824 _____ () C:\Windows\WindowsUpdate.log
2014-02-18 22:22 - 2014-02-18 22:22 - 01141248 _____ (Farbar) C:\Users\ml\Downloads\FRST.exe
2014-02-18 22:22 - 2014-02-15 13:00 - 00000000 ____D () C:\FRST
2014-02-18 22:11 - 2014-02-18 22:11 - 00987425 _____ () C:\Users\ml\Downloads\SecurityCheck.exe
2014-02-18 22:06 - 2010-03-05 00:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-18 21:55 - 2012-07-05 16:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-18 19:02 - 2011-01-01 10:54 - 00000000 ____D () C:\Users\ml\AppData\Local\PMB Files
2014-02-18 18:36 - 2009-07-14 05:34 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-18 18:36 - 2009-07-14 05:34 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-18 18:35 - 2010-03-05 00:16 - 01644414 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-18 18:31 - 2011-12-10 17:37 - 00000322 _____ () C:\Windows\Tasks\DriverScanner.job
2014-02-18 18:30 - 2012-04-21 23:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-18 18:30 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-18 18:30 - 2009-07-14 05:39 - 00179388 _____ () C:\Windows\setupact.log
2014-02-17 21:27 - 2014-02-17 21:27 - 02347384 _____ (ESET) C:\Users\ml\Downloads\esetsmartinstaller_enu.exe
2014-02-17 20:54 - 2012-05-05 06:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-17 00:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-02-17 00:16 - 2014-02-16 14:56 - 00000000 ___RD () C:\Users\linuel.atlan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-17 00:16 - 2014-02-16 14:56 - 00000000 ___RD () C:\Users\linuel.atlan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-17 00:16 - 2014-02-16 14:56 - 00000000 ____D () C:\Users\linuel.atlan
2014-02-17 00:16 - 2014-02-16 09:27 - 00000000 ____D () C:\AdwCleaner
2014-02-17 00:16 - 2014-01-21 18:57 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-02-17 00:16 - 2012-08-16 19:31 - 00000000 ____D () C:\Users\ml\AppData\Local\CCP
2014-02-17 00:16 - 2012-04-21 23:27 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision
2014-02-17 00:16 - 2012-04-01 10:50 - 00000000 ____D () C:\ProgramData\SweetIM
2014-02-17 00:16 - 2012-04-01 10:50 - 00000000 ____D () C:\Program Files\SweetIM
2014-02-17 00:16 - 2011-12-10 17:16 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Uniblue
2014-02-17 00:16 - 2011-12-10 17:16 - 00000000 ____D () C:\Program Files\Uniblue
2014-02-17 00:16 - 2011-07-17 00:33 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
2014-02-17 00:16 - 2010-05-02 09:31 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-17 00:16 - 2010-04-28 19:40 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-17 00:16 - 2010-04-06 18:55 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2014-02-17 00:16 - 2010-03-20 12:57 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-17 00:16 - 2010-03-05 00:14 - 00000000 ___RD () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-17 00:16 - 2010-03-05 00:14 - 00000000 ___RD () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-17 00:16 - 2010-02-08 23:40 - 00000000 ____D () C:\spiele
2014-02-17 00:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-02-17 00:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-02-16 22:41 - 2010-03-20 12:55 - 00000000 ____D () C:\Program Files\Steam
2014-02-16 18:03 - 2014-02-16 18:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-16 15:22 - 2010-06-10 19:28 - 00000000 ____D () C:\ProgramData\Skype
2014-02-16 15:19 - 2010-03-05 00:14 - 00000000 ____D () C:\Users\ml
2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Startmenü
2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Netzwerkumgebung
2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Druckumgebung
2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Documents\Eigene Musik
2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Documents\Eigene Bilder
2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\AppData\Local\Verlauf
2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 ____D () C:\Users\linuel.atlan\AppData\Local\VirtualStore
2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 ____D () C:\Users\linuel.atlan\AppData\Local\NVIDIA Corporation
2014-02-16 09:49 - 2011-12-10 17:36 - 00000000 ____D () C:\ProgramData\Uniblue
2014-02-16 08:33 - 2014-02-16 08:33 - 00000000 ____D () C:\Program Files\Skype
2014-02-16 07:09 - 2013-05-18 01:29 - 00000000 ____D () C:\Users\ml\Downloads\sound
2014-02-16 07:09 - 2012-07-01 19:20 - 00000000 ____D () C:\Users\ml\Downloads\ydkj
2014-02-16 07:09 - 2012-03-02 17:00 - 00000000 ____D () C:\Users\ml\Downloads\mflpro
2014-02-16 07:09 - 2011-12-13 17:50 - 00000000 ____D () C:\Users\ml\Downloads\cpu-z
2014-02-16 07:09 - 2011-12-10 17:16 - 00000000 ____D () C:\Program Files\CrystalDiskInfo
2014-02-16 07:09 - 2011-12-05 23:24 - 00000000 ____D () C:\Users\ml\Downloads\RoT
2014-02-16 07:09 - 2011-06-12 21:35 - 00000000 ____D () C:\Users\ml\Downloads\directx9c
2014-02-16 07:09 - 2011-03-06 01:01 - 00000000 ____D () C:\Users\ml\Downloads\xbox360ce
2014-02-16 07:09 - 2010-10-03 09:05 - 00000000 ____D () C:\Users\ml\Downloads\gpg
2014-02-16 07:09 - 2010-07-28 18:08 - 00000000 ____D () C:\Users\ml\AppData\Roaming\vlc
2014-02-16 07:09 - 2010-03-05 01:04 - 00000000 ____D () C:\Windows\system32\Data
2014-02-16 07:08 - 2014-02-15 21:10 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-16 07:08 - 2014-02-15 21:10 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-16 07:08 - 2014-02-15 21:10 - 00000000 ____D () C:\Users\linuel
2014-02-16 07:08 - 2013-10-30 23:57 - 00000000 ____D () C:\Users\ml\Downloads\simc-540-5-win32
2014-02-16 07:08 - 2012-11-11 11:45 - 00000000 ____D () C:\Users\ml\Downloads\Sine.Mora-SKIDROW-LaVerta.part1
2014-02-16 07:08 - 2012-11-04 10:41 - 00000000 ____D () C:\Users\ml\Downloads\wordpress_342-de
2014-02-16 07:07 - 2013-10-22 22:39 - 00000000 ____D () C:\Users\ml\Downloads\HiSuiteSetup_v1.8.10.1706
2014-02-16 07:07 - 2012-11-10 13:29 - 00000000 ____D () C:\Users\ml\Downloads\contact-form-7331
2014-02-16 07:07 - 2011-05-17 18:33 - 00000000 ____D () C:\Users\ml\Downloads\Mainboard_Treiber
2014-02-16 07:07 - 2010-07-23 19:04 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Malwarebytes
2014-02-15 22:22 - 2014-02-15 15:08 - 00000340 _____ () C:\Users\ml\defogger_reenable
2014-02-15 22:19 - 2014-02-15 22:19 - 00050477 _____ () C:\Users\ml\Downloads\Defogger.exe
2014-02-15 21:15 - 2014-02-15 21:15 - 00293592 _____ () C:\Users\linuel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Startmenü
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Netzwerkumgebung
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Druckumgebung
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Musik
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Bilder
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Local\Verlauf
2014-02-13 22:52 - 2014-02-13 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-13 21:19 - 2014-02-13 21:18 - 00000109 _____ () C:\Users\ml\Documents\mwb-am.TXT
2014-02-12 19:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 18:43 - 2014-02-11 21:51 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-11 22:41 - 2014-02-11 22:41 - 04745728 _____ (AVAST Software) C:\Users\ml\Downloads\aswMBR.exe
2014-02-11 22:15 - 2014-02-11 22:14 - 00267492 _____ () C:\Windows\msxml4-KB2758694-deu.LOG
2014-02-11 22:14 - 2011-04-03 13:47 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-02-11 22:08 - 2011-07-19 19:14 - 00086016 ___SH () C:\Users\ml\Documents\Thumbs.db
2014-02-11 21:56 - 2013-11-24 02:17 - 00012248 _____ () C:\Windows\IE11_main.log
2014-02-11 21:52 - 2014-02-11 21:45 - 451422799 _____ (WinFuture) C:\Users\ml\Downloads\WinFuture_7SP1_x86_UpdatePack_2.34_Januar_2014-Vollversion.exe
2014-02-11 21:50 - 2014-02-11 21:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ml\Downloads\mbar-1.07.0.1009.exe
2014-02-11 21:50 - 2014-02-11 21:49 - 00000000 ____D () C:\Program Files\Malwarebytes_Anti-Rootkit
2014-02-11 21:25 - 2010-03-05 01:56 - 00293592 _____ () C:\Users\ml\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-11 21:13 - 2009-07-14 05:33 - 02828184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-11 21:12 - 2010-03-05 01:45 - 00234518 _____ () C:\Windows\PFRO.log
2014-02-11 20:32 - 2014-02-11 20:16 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-11 20:15 - 2014-02-11 20:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ATLAN-Microsoft-Windows-7-Professional-(32-bit).dat
2014-02-11 20:13 - 2014-02-11 20:13 - 00000000 ____D () C:\RegBackup
2014-02-11 18:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-02-11 18:23 - 2014-02-11 18:23 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-11 18:23 - 2014-02-11 18:17 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-11 18:20 - 2014-02-11 18:20 - 00000000 ____D () C:\Program Files\Tweaking
2014-02-09 12:25 - 2010-03-14 13:28 - 00000354 _____ () C:\Windows\Tasks\At1.job
2014-02-08 23:15 - 2014-01-10 18:09 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Awesomium
2014-02-06 19:23 - 2012-04-11 19:14 - 00000000 ____D () C:\ProgramData\Origin
2014-02-06 19:21 - 2012-04-11 19:18 - 00000000 ____D () C:\Program Files\Origin
2014-02-06 18:31 - 2014-02-06 18:31 - 00924173 _____ () C:\Users\ml\Downloads\BrMain480.exe
2014-02-06 18:24 - 2010-03-20 09:32 - 00000425 _____ () C:\Windows\BRWMARK.INI
2014-02-06 18:04 - 2013-12-16 21:18 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-06 11:38 - 2014-02-11 23:54 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:20 - 2014-02-11 23:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:19 - 2014-02-11 23:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:01 - 2014-02-11 23:54 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:00 - 2014-02-11 23:54 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-11 23:54 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 10:52 - 2014-02-11 23:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:52 - 2014-02-11 23:54 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:49 - 2014-02-11 23:54 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:47 - 2014-02-11 23:54 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:47 - 2014-02-11 23:54 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:46 - 2014-02-11 23:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:34 - 2014-02-11 23:54 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:25 - 2014-02-11 23:54 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:25 - 2014-02-11 23:54 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:13 - 2014-02-11 23:54 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:09 - 2014-02-11 23:54 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:03 - 2014-02-11 23:54 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:41 - 2014-02-11 23:54 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:36 - 2014-02-11 23:54 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:34 - 2014-02-11 23:54 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-05 21:55 - 2012-05-14 23:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-05 21:55 - 2011-05-19 18:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-03 23:24 - 2010-03-05 16:33 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Skype
2014-02-03 20:14 - 2010-03-06 14:47 - 00000000 ____D () C:\Users\ml\AppData\Roaming\TS3Client
2014-02-02 20:56 - 2013-10-04 19:02 - 00000000 ____D () C:\Users\ml\AppData\Local\Battle.net
2014-02-02 01:10 - 2014-02-02 01:10 - 00000000 ____D () C:\Users\ml\AppData\Local\BigHugeEngine
2014-01-30 20:41 - 2014-01-21 18:57 - 00001159 _____ () C:\Users\ml\Desktop\Amazon Cloud Player.lnk
2014-01-30 20:41 - 2014-01-21 18:57 - 00000000 ____D () C:\Users\ml\AppData\Local\Amazon Cloud Player
2014-01-29 22:08 - 2010-03-20 12:55 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-01-27 21:52 - 2014-01-26 00:41 - 00000635 _____ () C:\Users\Public\Desktop\UFO Aftershock.lnk
2014-01-26 00:47 - 2014-01-26 00:47 - 22607745 _____ () C:\Users\ml\Downloads\ufoaftershock_patch_1_2-including_previous_patch.zip
2014-01-26 00:45 - 2014-01-26 00:45 - 03123262 _____ () C:\Users\ml\Downloads\ufo_aftershock_patch_1_3.zip
2014-01-26 00:45 - 2014-01-26 00:45 - 03122287 _____ () C:\Users\ml\Downloads\Ufo-Aftershock-Patch-1.3.zip
2014-01-26 00:44 - 2014-01-26 00:44 - 02028396 _____ () C:\Users\ml\Downloads\UFO_Aftershock_v1.2.1_Patch.zip
2014-01-26 00:40 - 2010-03-05 00:40 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-01-21 21:29 - 2014-01-21 21:29 - 03669884 _____ () C:\Users\ml\Downloads\DarkHorizon_v1.0.6.0_Patch.zip
2014-01-20 21:46 - 2014-01-20 21:45 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-20 21:46 - 2013-10-17 21:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-20 21:46 - 2012-03-18 15:32 - 00000000 ____D () C:\Program Files\Java
2014-01-20 21:43 - 2010-03-14 16:43 - 00000000 ____D () C:\Users\ml\AppData\Local\Adobe

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Users\ml\AppData\Local\Temp\11-8_vista32_win7_32_dd_ccc_ocl.exe
C:\Users\ml\AppData\Local\Temp\CheatEngine63Clean.exe
C:\Users\ml\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\ml\AppData\Local\Temp\CTPBSeq.exe
C:\Users\ml\AppData\Local\Temp\devcon.exe
C:\Users\ml\AppData\Local\Temp\DivXSetup.exe
C:\Users\ml\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\ml\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\ml\AppData\Local\Temp\GdiPlus.dll
C:\Users\ml\AppData\Local\Temp\installerdll.dll
C:\Users\ml\AppData\Local\Temp\InstallerMessageBox.exe
C:\Users\ml\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\ml\AppData\Local\Temp\mbam-setup.exe
C:\Users\ml\AppData\Local\Temp\MSVBVM60.DLL
C:\Users\ml\AppData\Local\Temp\NPSInstallerProxy.exe
C:\Users\ml\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Users\ml\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\ml\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\ml\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\ml\AppData\Local\Temp\nvStInst.exe
C:\Users\ml\AppData\Local\Temp\patchw32.dll
C:\Users\ml\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\ml\AppData\Local\Temp\SIntf16.dll
C:\Users\ml\AppData\Local\Temp\SIntf32.dll
C:\Users\ml\AppData\Local\Temp\SIntfNT.dll
C:\Users\ml\AppData\Local\Temp\SkypeSetup.exe
C:\Users\ml\AppData\Local\Temp\tmp4CE7.exe
C:\Users\ml\AppData\Local\Temp\tmp508F.exe
C:\Users\ml\AppData\Local\Temp\tmp5F8D.exe
C:\Users\ml\AppData\Local\Temp\tmp61AF.exe
C:\Users\ml\AppData\Local\Temp\tmp7010.exe
C:\Users\ml\AppData\Local\Temp\tmp96A3.exe
C:\Users\ml\AppData\Local\Temp\Uninst.exe
C:\Users\ml\AppData\Local\Temp\_is77CF.exe
C:\Users\ml\AppData\Local\Temp\_isE495.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 13:54

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Das Problem mit dem WindowsUpdate besteht aber immernoch. Anbei mal ein Screenshot.
Und noch einer von den Namenlosen Ordnern. Wenn ich sie versuche zu löschen, verschwinden sie zwar aber tauchen kurze Zeit später wieder auf. Erst nach einem Neustart sind sie ganz weg.

Miniaturansicht angehängter Grafiken
-windowsupdate.jpg   -ordner.jpg  

Geändert von Nesk1 (18.02.2014 um 21:55 Uhr)

Alt 19.02.2014, 15:36   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht - Standard

Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht



Downloade dir bitte Windows Repair (All In One) von hier.
  • Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
  • Klicke auf Step 2 und drücke unter Check Disk auf Do It.

  • Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.

  • Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.

  • Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
  • Hake Restart System when Finished an.
  • Drücke Start.

__________________
--> Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht

Alt 19.02.2014, 20:49   #7
Nesk1
 
Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht - Standard

Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht



Hat leider nicht geholfen. Scheint wohl kein Malware Problem zu sein

Alt 20.02.2014, 13:38   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht - Standard

Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht



Windows DVD zur Hand?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.02.2014, 17:29   #9
Nesk1
 
Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht - Standard

Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht



Ja die habe ich da.

Alt 21.02.2014, 13:59   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht - Standard

Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht



"In Place Upgrade"

Bitte machen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.02.2014, 06:32   #11
Nesk1
 
Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht - Standard

Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht



Das In Place Update hat nicht funktioniert, da sich das SP1 nicht richtig deinstallieren lies.

Ich habe dann kurzerhand das ganze System neu aufgesetzt. War zwar nicht geplant aber so sind wenigstens die Probleme weg.

Dank deiner Hilfe hatte ich immerhin eine saubere Datensicherung.
Vielen Dank für die Hilfe!

Alt 25.02.2014, 08:42   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht - Standard

Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht
amplitude, benachrichtigungsdienst, browser, converter, desktop, error, firefox, flash player, installation, kaspersky, maus, mozilla, ntdll.dll, performance, problem, programm, registry, required, rundll, scan, security, services.exe, software, starten, svchost.exe, system, systemereignisse, updates, vista, vista32, windows



Ähnliche Themen: Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht


  1. Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 16.02.2018 (27)
  2. Malware/AdWare beschädigt Drucker(?) (Windows 8.1)
    Plagegeister aller Art und deren Bekämpfung - 01.07.2015 (3)
  3. Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen
    Log-Analyse und Auswertung - 04.11.2014 (3)
  4. Problem mit WindowsUpdate (IE 11 für Windows 7 x64)
    Alles rund um Windows - 06.01.2014 (9)
  5. Windows 7 64 bit: Kaspersky Virensoftware schaltet sich ab, Suchläufe werden abgebrochen, Bluescreens, Malwarefunde!
    Log-Analyse und Auswertung - 07.11.2013 (10)
  6. Bundestrojaner, Malwarefunde: Exploit.Drop.2 , PUP.InstallBrain , Adware.Shopper
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (13)
  7. Browserprobleme, Viren-/Malwarefunde: PSW.Delf.OCM , Black.F , Trash.Gen
    Log-Analyse und Auswertung - 13.08.2012 (12)
  8. Windows XP, Internetexplorer, kein zugriff auf Windowsupdate
    Log-Analyse und Auswertung - 06.07.2012 (15)
  9. Windows Installer beschädigt? Zerschossen?
    Alles rund um Windows - 24.03.2012 (4)
  10. fake alert virus, einige Aktionen laut forum erledigt, immer noch einige Ordner "unsichtbar"
    Log-Analyse und Auswertung - 14.03.2012 (3)
  11. Windows Xp - update.exe: Windowsupdate oder trojaner
    Plagegeister aller Art und deren Bekämpfung - 03.12.2011 (1)
  12. Windows 7 Festplatte beschädigt
    Log-Analyse und Auswertung - 17.07.2011 (12)
  13. Maleware Verdacht: Recovery-Aufforderung mit Meldung "Festplatte beschädigt"
    Mülltonne - 16.06.2011 (1)
  14. Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 21.04.2011 (1)
  15. Unbekanter Virus hat Windows beschädigt!
    Plagegeister aller Art und deren Bekämpfung - 08.04.2009 (1)
  16. Virus noch drauf oder Windows beschädigt?
    Log-Analyse und Auswertung - 07.04.2009 (0)
  17. c:/Windows/System32/config beschädigt
    Alles rund um Windows - 15.06.2007 (1)

Zum Thema Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht - Hallo, ich habe vor einigen Tagen versucht das Windowsupdate Programm zu starten, da mein Rechner meiner Meinung nach zuwenig der automatischen Updates installiert hat (im Vergleich zu meinem Rechner auf - Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht...
Archiv
Du betrachtest: Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.