| |
| |||||||
Log-Analyse und Auswertung: Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. VerdachtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.02.2014, 23:27
| #1 |
| |  Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht Hallo, ich habe vor einigen Tagen versucht das Windowsupdate Programm zu starten, da mein Rechner meiner Meinung nach zuwenig der automatischen Updates installiert hat (im Vergleich zu meinem Rechner auf Arbeit). Und wir ich sehe öffnet sich zwar das Fenster, aber ich sehe sogut wie nichts. Nur einige kryptische Zeichenketten an Stellen wo normalerweise Buttons und Auswahlfelder etc. sein müssten. Als Virenscanner benutze ich Kaspersky IS 2012. Leider hat er nichts gefunden. Ich habe danach noch MWBAM laufen lassen. Dieser hat zwar etwas gefunden und entfernt, PUP.Optional.SweetIM.A bzw. PUP.Optional.Conduit.A, aber das Problem bestand immernoch. Deswegen habe ich noch MWBAR suchen lassen und interressehalber noch aswMBR. Da die ganzen Logfiles zu gross sind hänge ich das MWBAR und aswMBR Log an. Und hier die Logs aus eurer Anleitung: defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:21 on 15/02/2014 (ml)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:AlcoholAutomount -> Removed
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01 Ran by ml (administrator) on ATLAN on 15-02-2014 22:30:58 Running from C:\Users\ml\Desktop\logs Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\system32\atiesrxx.exe (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe (AMD) C:\Windows\system32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe () C:\Program Files\AMD\OverDrive\AODAssist.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Teruten) C:\Windows\system32\FsUsbExService.Exe () C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe () C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe () C:\Windows\system32\PnkBstrA.exe () C:\Windows\system32\PnkBstrB.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (StarWind Software) C:\Program Files\alcohol\StarWind\StarWindServiceAE.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (Uniblue Systems Limited) C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Creative Technology Ltd.) C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) C:\Windows\System32\CTHELPER.EXE (Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Corsair Components Inc) C:\Maus_M90\M90Hid.exe (Creative Technology Ltd) C:\Windows\SYSTEM32\CTXFISPI.EXE (Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Creative Technology Ltd) C:\Windows\System32\Ctxfihlp.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\Program Files\Pando Networks\Media Booster\PMB.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Creative Technology Ltd) C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe () C:\Program Files\HiSuite\HiSuite.exe () C:\Users\ml\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (Corsair Components Inc) C:\Maus_M90\CorsTra.exe (Creative Technology Ltd.) C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe () C:\Users\ml\AppData\Local\HiSuite\userdata\hwtools\hwtransport.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RCSystem] - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [57344 2006-11-22] (Creative Technology Ltd.) HKLM\...\Run: [AudioDrvEmulator] - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [57344 2006-11-22] (Creative Technology Ltd.) HKLM\...\Run: [VolPanel] - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [180224 2006-12-06] (Creative Technology Ltd) HKLM\...\Run: [CTHelper] - C:\Windows\system32\CTHELPER.EXE [19456 2007-03-05] (Creative Technology Ltd) HKLM\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated) HKLM\...\Run: [ProfilerU] - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [237568 2009-09-11] (Saitek) HKLM\...\Run: [SaiMfd] - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [131072 2009-09-11] (Saitek) HKLM\...\Run: [ Malwarebytes Anti-Malware (reboot)] - "C:\Program Files\Anti-Malware\mbam.exe" /runcleanupscript HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO) HKLM\...\Run: [NPSStartup] - [X] HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM\...\Run: [Corsair Garros] - C:\Maus_M90\M90Hid.exe [1768960 2012-05-22] (Corsair Components Inc) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC) HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] () HKLM\...\Run: [CTxfiHlp] - C:\Windows\system32\CTXFIHLP.EXE [25600 2010-05-05] (Creative Technology Ltd) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO) HKU\.DEFAULT\...\Run: [CtxfiReg] - CTXFIREG.exe /FAIL1 HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-27] () HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Creative MediaSource Go] - C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe [204800 2006-11-09] (Creative Technology Ltd) HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Mobile Partner] - C:\Program Files\HiSuite\HiSuite.exe [583488 2013-07-11] () HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Amazon Cloud Player] - C:\Users\ml\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] () HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\MountPoints2: D - D:\ASRSetup.exe HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\MountPoints2: {cb124b1d-2f7c-11df-997d-6cf04902646e} - F:\Setup.exe HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\MountPoints2: {f4c6a2a3-3b33-11e3-817b-bc5ff40f2dd2} - G:\autorun.exe Startup: C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Profiler.lnk ShortcutTarget: Profiler.lnk -> C:\Windows\Installer\{46A219BA-FA02-43B6-8E46-4704B39251DD}\Profiler.exe (Saitek) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10005’ SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’ SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’ SearchScopes: HKCU - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’ SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://tbsearch.ask.com/redirect?client=ie&tb=BTV5&o=10148&src=crm&q={searchTerms}&locale=en_US SearchScopes: HKCU - {47802076-0332-47D7-AB21-698498446961} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’ BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 62.109.121.2 62.109.121.1 FireFox: ======== FF ProfilePath: C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default FF user.js: detected! => C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\user.js FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1))%20%7B%20return%20'PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\ml\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: FT DeepDark - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-02-11] FF Extension: Firebug - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\firebug@software.joehewitt.com.xpi [2012-12-14] FF Extension: YouTube MP3 Download - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\jid0-Z0Vu9hJlqV0fhIAPqPfmUCNubYQ@jetpack.xpi [2013-07-20] FF Extension: ProxMate - Proxy on steroids! - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-10-19] FF Extension: TinEye Reverse Image Search - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\tineye@ideeinc.com.xpi [2013-04-19] FF Extension: NoScript - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-12-14] FF Extension: FireFTP - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-12-14] FF Extension: Adblock Plus - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-14] FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF Extension: Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011-11-01] FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011-11-01] FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011-11-01] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-01] ========================== Services (Whitelisted) ================= R2 AODService; C:\Program Files\AMD\OverDrive\AODAssist.exe [136616 2010-04-23] () R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-03-05] (Creative Labs) R2 HiSuiteOuc.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe [116032 2013-07-11] () R2 HuaweiHiSuiteService.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe [158208 2013-05-02] () R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [192832 2011-09-19] (NVIDIA) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2014-01-02] () R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [107832 2014-01-02] () R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.) S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies) R2 StarWindServiceAE; C:\Program Files\alcohol\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) S3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [X] ==================== Drivers (Whitelisted) ==================== R3 AmdTools; C:\Windows\System32\DRIVERS\AmdTools.sys [42552 2008-04-28] (AMD, Inc.) R3 AODDriver2; C:\Program Files\AMD\OverDrive\i386\AODDriver2.sys [36864 2010-04-23] (Advanced Micro Devices) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-07-07] () S3 CamDrL; C:\Windows\System32\DRIVERS\Camdrl.sys [1075360 2007-02-03] (Logitech Inc.) S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [98616 2007-03-05] (Creative Technology Ltd) R3 CORSGMS; C:\Windows\System32\Drivers\CORSGMS.sys [18432 2012-03-27] ( ) S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [552248 2007-03-05] (Creative Technology Ltd) S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2010-05-05] (Creative Technology Ltd) S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [174392 2007-03-05] (Creative Technology Ltd) S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [286520 2007-03-05] (Creative Technology Ltd) S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [134968 2007-03-05] (Creative Technology Ltd) R3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [329528 2007-03-05] (Creative Technology Ltd) S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [101176 2007-03-05] (Creative Technology Ltd) S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [566584 2007-03-05] (Creative Technology Ltd) S3 dbustrcm; C:\Users\ml\AppData\Local\Temp\dbustrcm.sys [31744 2013-09-01] () R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [32384 2011-02-08] (Etron Technology Inc) R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [52352 2011-02-08] (Etron Technology Inc) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [586072 2012-10-31] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [23856 2011-03-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-07-07] () R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-02-12] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 RivaTuner32; C:\Program Files\RivaTuner\RivaTuner32.sys [9088 2009-08-22] () R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [104960 2008-01-21] (Saitek) S3 SaiK0CEA; C:\Windows\System32\DRIVERS\SaiK0CEA.sys [104960 2008-04-04] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [20744 2009-09-14] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [43656 2009-09-14] (Saitek) S3 SaiU0CEA; C:\Windows\System32\DRIVERS\SaiU0CEA.sys [28544 2008-04-04] (Saitek) R1 SAVRKBootTasks; C:\Windows\system32\SAVRKBootTasks.sys [18816 2010-05-26] (Sophos Plc) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-03-14] (Duplex Secure Ltd.) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation) R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () R3 V0260VID; C:\Windows\System32\DRIVERS\V0260Vid.sys [154560 2007-05-25] (Creative Technology Ltd.) S3 amdiox86; system32\DRIVERS\amdiox86.sys [X] S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [X] S3 atillk64; \??\C:\Program Files\AMD GPU Clock Tool\atillk64.sys [X] S3 CT20XUT.DLL; system32\CT20XUT.DLL [X] S3 CTEXFIFX.DLL; system32\CTEXFIFX.DLL [X] S3 CTHWIUT.DLL; system32\CTHWIUT.DLL [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2011-10-24] (Huawei Technologies Co., Ltd.) S3 MEMSWEEP2; \??\C:\Windows\system32\34.tmp [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-15 21:15 - 2014-02-15 21:15 - 00293592 _____ () C:\Users\linuel\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-15 21:10 - 2014-02-16 07:08 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-15 21:10 - 2014-02-16 07:08 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-15 21:10 - 2014-02-16 07:08 - 00000000 ____D () C:\Users\linuel 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Startmenü 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Netzwerkumgebung 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Druckumgebung 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Musik 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Bilder 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Local\Verlauf 2014-02-15 15:08 - 2014-02-15 22:22 - 00000340 _____ () C:\Users\ml\defogger_reenable 2014-02-15 13:00 - 2014-02-15 22:30 - 00000000 ____D () C:\FRST 2014-02-13 21:40 - 2014-02-13 22:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-02-13 21:18 - 2014-02-13 21:19 - 00000109 _____ () C:\Users\ml\Documents\mwb-am.TXT 2014-02-11 23:54 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-11 23:54 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-11 23:54 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-11 23:54 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-11 23:54 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-11 23:54 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-11 23:54 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-11 23:54 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-11 23:54 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-11 23:54 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-11 23:54 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-11 23:54 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-11 23:54 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-11 23:54 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-11 23:54 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-11 23:54 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-11 23:54 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-11 23:54 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-11 23:54 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-11 23:54 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-11 23:54 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-11 23:44 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-11 22:41 - 2014-02-11 22:41 - 04745728 _____ (AVAST Software) C:\Users\ml\Downloads\aswMBR.exe 2014-02-11 22:14 - 2014-02-11 22:15 - 00267492 _____ () C:\Windows\msxml4-KB2758694-deu.LOG 2014-02-11 21:51 - 2014-02-12 18:43 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-02-11 21:50 - 2014-02-11 21:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ml\Downloads\mbar-1.07.0.1009.exe 2014-02-11 21:49 - 2014-02-11 21:50 - 00000000 ____D () C:\Program Files\Malwarebytes_Anti-Rootkit 2014-02-11 21:45 - 2014-02-11 21:52 - 451422799 _____ (WinFuture) C:\Users\ml\Downloads\WinFuture_7SP1_x86_UpdatePack_2.34_Januar_2014-Vollversion.exe 2014-02-11 21:29 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-11 21:29 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-11 21:29 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-11 21:29 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-11 21:29 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-11 21:29 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-11 21:29 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-11 21:29 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-11 21:29 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-11 21:29 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-11 21:29 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-11 21:29 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-11 21:29 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-11 21:29 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-11 20:16 - 2014-02-11 20:32 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE 2014-02-11 20:15 - 2014-02-11 20:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ATLAN-Microsoft-Windows-7-Professional-(32-bit).dat 2014-02-11 20:13 - 2014-02-11 20:13 - 00000000 ____D () C:\RegBackup 2014-02-11 18:23 - 2014-02-11 18:23 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-11 18:20 - 2014-02-11 18:20 - 00000000 ____D () C:\Program Files\Tweaking 2014-02-11 18:17 - 2014-02-11 18:23 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-11 18:17 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-06 18:31 - 2014-02-06 18:31 - 00924173 _____ () C:\Users\ml\Downloads\BrMain480.exe 2014-02-06 18:04 - 2014-02-16 07:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-02 01:10 - 2014-02-02 01:10 - 00000000 ____D () C:\Users\ml\AppData\Local\BigHugeEngine 2014-01-26 00:47 - 2014-01-26 00:47 - 22607745 _____ () C:\Users\ml\Downloads\ufoaftershock_patch_1_2-including_previous_patch.zip 2014-01-26 00:45 - 2014-01-26 00:45 - 03123262 _____ () C:\Users\ml\Downloads\ufo_aftershock_patch_1_3.zip 2014-01-26 00:45 - 2014-01-26 00:45 - 03122287 _____ () C:\Users\ml\Downloads\Ufo-Aftershock-Patch-1.3.zip 2014-01-26 00:44 - 2014-01-26 00:44 - 02028396 _____ () C:\Users\ml\Downloads\UFO_Aftershock_v1.2.1_Patch.zip 2014-01-26 00:41 - 2014-01-27 21:52 - 00000635 _____ () C:\Users\Public\Desktop\UFO Aftershock.lnk 2014-01-21 21:29 - 2014-01-21 21:29 - 03669884 _____ () C:\Users\ml\Downloads\DarkHorizon_v1.0.6.0_Patch.zip 2014-01-21 18:57 - 2014-02-16 07:09 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player 2014-01-21 18:57 - 2014-01-30 20:41 - 00001159 _____ () C:\Users\ml\Desktop\Amazon Cloud Player.lnk 2014-01-21 18:57 - 2014-01-30 20:41 - 00000000 ____D () C:\Users\ml\AppData\Local\Amazon Cloud Player 2014-01-20 21:46 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-01-20 21:46 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-20 21:46 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-20 21:46 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-20 21:45 - 2014-01-20 21:46 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log ==================== One Month Modified Files and Folders ======= 2014-02-16 07:09 - 2014-02-06 18:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-16 07:09 - 2014-01-21 18:57 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player 2014-02-16 07:09 - 2013-05-18 01:29 - 00000000 ____D () C:\Users\ml\Downloads\sound 2014-02-16 07:09 - 2012-08-16 19:31 - 00000000 ____D () C:\Users\ml\AppData\Local\CCP 2014-02-16 07:09 - 2012-07-01 19:20 - 00000000 ____D () C:\Users\ml\Downloads\ydkj 2014-02-16 07:09 - 2012-05-05 06:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-16 07:09 - 2012-04-21 23:27 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision 2014-02-16 07:09 - 2012-03-02 17:00 - 00000000 ____D () C:\Users\ml\Downloads\mflpro 2014-02-16 07:09 - 2011-12-13 17:50 - 00000000 ____D () C:\Users\ml\Downloads\cpu-z 2014-02-16 07:09 - 2011-12-10 17:16 - 00000000 ____D () C:\Program Files\CrystalDiskInfo 2014-02-16 07:09 - 2011-12-05 23:24 - 00000000 ____D () C:\Users\ml\Downloads\RoT 2014-02-16 07:09 - 2011-07-17 00:33 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps 2014-02-16 07:09 - 2011-06-12 21:35 - 00000000 ____D () C:\Users\ml\Downloads\directx9c 2014-02-16 07:09 - 2011-03-06 01:01 - 00000000 ____D () C:\Users\ml\Downloads\xbox360ce 2014-02-16 07:09 - 2010-10-03 09:05 - 00000000 ____D () C:\Users\ml\Downloads\gpg 2014-02-16 07:09 - 2010-07-28 18:08 - 00000000 ____D () C:\Users\ml\AppData\Roaming\vlc 2014-02-16 07:09 - 2010-05-02 09:31 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-02-16 07:09 - 2010-04-28 19:40 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-02-16 07:09 - 2010-04-06 18:55 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition 2014-02-16 07:09 - 2010-03-20 12:57 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-02-16 07:09 - 2010-03-20 12:55 - 00000000 ____D () C:\Program Files\Steam 2014-02-16 07:09 - 2010-03-05 01:04 - 00000000 ____D () C:\Windows\system32\Data 2014-02-16 07:09 - 2010-03-05 00:14 - 00000000 ___RD () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-16 07:09 - 2010-03-05 00:14 - 00000000 ___RD () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-16 07:09 - 2010-03-05 00:14 - 00000000 ____D () C:\Users\ml 2014-02-16 07:09 - 2010-02-08 23:40 - 00000000 ____D () C:\spiele 2014-02-16 07:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-02-16 07:08 - 2014-02-15 21:10 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-16 07:08 - 2014-02-15 21:10 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-16 07:08 - 2014-02-15 21:10 - 00000000 ____D () C:\Users\linuel 2014-02-16 07:08 - 2013-10-30 23:57 - 00000000 ____D () C:\Users\ml\Downloads\simc-540-5-win32 2014-02-16 07:08 - 2012-11-11 11:45 - 00000000 ____D () C:\Users\ml\Downloads\Sine.Mora-SKIDROW-LaVerta.part1 2014-02-16 07:08 - 2012-11-04 10:41 - 00000000 ____D () C:\Users\ml\Downloads\wordpress_342-de 2014-02-16 07:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2014-02-16 07:07 - 2013-10-22 22:39 - 00000000 ____D () C:\Users\ml\Downloads\HiSuiteSetup_v1.8.10.1706 2014-02-16 07:07 - 2012-11-10 13:29 - 00000000 ____D () C:\Users\ml\Downloads\contact-form-7331 2014-02-16 07:07 - 2011-05-17 18:33 - 00000000 ____D () C:\Users\ml\Downloads\Mainboard_Treiber 2014-02-16 07:07 - 2010-07-23 19:04 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Malwarebytes 2014-02-15 22:31 - 2011-01-01 10:54 - 00000000 ____D () C:\Users\ml\AppData\Local\PMB Files 2014-02-15 22:30 - 2014-02-15 13:00 - 00000000 ____D () C:\FRST 2014-02-15 22:30 - 2010-03-05 00:07 - 01738313 _____ () C:\Windows\WindowsUpdate.log 2014-02-15 22:30 - 2009-07-14 05:34 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-15 22:30 - 2009-07-14 05:34 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-15 22:29 - 2010-03-05 00:16 - 01644414 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-15 22:28 - 2010-03-05 00:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-02-15 22:25 - 2011-12-10 17:37 - 00000322 _____ () C:\Windows\Tasks\DriverScanner.job 2014-02-15 22:25 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-15 22:24 - 2012-04-21 23:17 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-02-15 22:24 - 2009-07-14 05:39 - 00179220 _____ () C:\Windows\setupact.log 2014-02-15 22:22 - 2014-02-15 15:08 - 00000340 _____ () C:\Users\ml\defogger_reenable 2014-02-15 21:15 - 2014-02-15 21:15 - 00293592 _____ () C:\Users\linuel\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Startmenü 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Netzwerkumgebung 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Druckumgebung 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Musik 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Bilder 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Local\Verlauf 2014-02-13 22:52 - 2014-02-13 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-02-13 21:19 - 2014-02-13 21:18 - 00000109 _____ () C:\Users\ml\Documents\mwb-am.TXT 2014-02-12 19:55 - 2012-07-05 16:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-12 19:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-12 18:43 - 2014-02-11 21:51 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-02-11 22:41 - 2014-02-11 22:41 - 04745728 _____ (AVAST Software) C:\Users\ml\Downloads\aswMBR.exe 2014-02-11 22:15 - 2014-02-11 22:14 - 00267492 _____ () C:\Windows\msxml4-KB2758694-deu.LOG 2014-02-11 22:14 - 2011-04-03 13:47 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-02-11 22:08 - 2011-07-19 19:14 - 00086016 ___SH () C:\Users\ml\Documents\Thumbs.db 2014-02-11 21:56 - 2013-11-24 02:17 - 00012248 _____ () C:\Windows\IE11_main.log 2014-02-11 21:52 - 2014-02-11 21:45 - 451422799 _____ (WinFuture) C:\Users\ml\Downloads\WinFuture_7SP1_x86_UpdatePack_2.34_Januar_2014-Vollversion.exe 2014-02-11 21:50 - 2014-02-11 21:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ml\Downloads\mbar-1.07.0.1009.exe 2014-02-11 21:50 - 2014-02-11 21:49 - 00000000 ____D () C:\Program Files\Malwarebytes_Anti-Rootkit 2014-02-11 21:25 - 2010-03-05 01:56 - 00293592 _____ () C:\Users\ml\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-11 21:13 - 2009-07-14 05:33 - 02828184 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-11 21:12 - 2010-03-05 01:45 - 00234518 _____ () C:\Windows\PFRO.log 2014-02-11 20:32 - 2014-02-11 20:16 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE 2014-02-11 20:15 - 2014-02-11 20:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ATLAN-Microsoft-Windows-7-Professional-(32-bit).dat 2014-02-11 20:13 - 2014-02-11 20:13 - 00000000 ____D () C:\RegBackup 2014-02-11 18:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-02-11 18:44 - 2012-04-01 10:50 - 00000000 ____D () C:\Program Files\SweetIM 2014-02-11 18:23 - 2014-02-11 18:23 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-11 18:23 - 2014-02-11 18:17 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-11 18:20 - 2014-02-11 18:20 - 00000000 ____D () C:\Program Files\Tweaking 2014-02-09 12:25 - 2010-03-14 13:28 - 00000354 _____ () C:\Windows\Tasks\At1.job 2014-02-08 23:15 - 2014-01-10 18:09 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Awesomium 2014-02-06 19:23 - 2012-04-11 19:14 - 00000000 ____D () C:\ProgramData\Origin 2014-02-06 19:21 - 2012-04-11 19:18 - 00000000 ____D () C:\Program Files\Origin 2014-02-06 18:31 - 2014-02-06 18:31 - 00924173 _____ () C:\Users\ml\Downloads\BrMain480.exe 2014-02-06 18:24 - 2010-03-20 09:32 - 00000425 _____ () C:\Windows\BRWMARK.INI 2014-02-06 18:04 - 2013-12-16 21:18 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-02-06 11:38 - 2014-02-11 23:54 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-06 11:20 - 2014-02-11 23:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-06 11:19 - 2014-02-11 23:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-06 11:01 - 2014-02-11 23:54 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-06 11:00 - 2014-02-11 23:54 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-06 10:57 - 2014-02-11 23:54 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-06 10:52 - 2014-02-11 23:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-06 10:52 - 2014-02-11 23:54 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-06 10:49 - 2014-02-11 23:54 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-06 10:47 - 2014-02-11 23:54 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-06 10:47 - 2014-02-11 23:54 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-06 10:46 - 2014-02-11 23:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-06 10:34 - 2014-02-11 23:54 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-06 10:25 - 2014-02-11 23:54 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-06 10:25 - 2014-02-11 23:54 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-06 10:13 - 2014-02-11 23:54 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-06 10:09 - 2014-02-11 23:54 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-06 10:03 - 2014-02-11 23:54 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-06 09:41 - 2014-02-11 23:54 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-06 09:36 - 2014-02-11 23:54 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-06 09:34 - 2014-02-11 23:54 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-05 21:55 - 2012-05-14 23:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-05 21:55 - 2011-05-19 18:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-03 23:24 - 2010-03-05 16:33 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Skype 2014-02-03 20:14 - 2010-03-06 14:47 - 00000000 ____D () C:\Users\ml\AppData\Roaming\TS3Client 2014-02-02 20:56 - 2013-10-04 19:02 - 00000000 ____D () C:\Users\ml\AppData\Local\Battle.net 2014-02-02 01:10 - 2014-02-02 01:10 - 00000000 ____D () C:\Users\ml\AppData\Local\BigHugeEngine 2014-01-30 20:41 - 2014-01-21 18:57 - 00001159 _____ () C:\Users\ml\Desktop\Amazon Cloud Player.lnk 2014-01-30 20:41 - 2014-01-21 18:57 - 00000000 ____D () C:\Users\ml\AppData\Local\Amazon Cloud Player 2014-01-29 22:08 - 2010-03-20 12:55 - 00000000 ____D () C:\Program Files\Common Files\Steam 2014-01-27 21:52 - 2014-01-26 00:41 - 00000635 _____ () C:\Users\Public\Desktop\UFO Aftershock.lnk 2014-01-26 00:47 - 2014-01-26 00:47 - 22607745 _____ () C:\Users\ml\Downloads\ufoaftershock_patch_1_2-including_previous_patch.zip 2014-01-26 00:45 - 2014-01-26 00:45 - 03123262 _____ () C:\Users\ml\Downloads\ufo_aftershock_patch_1_3.zip 2014-01-26 00:45 - 2014-01-26 00:45 - 03122287 _____ () C:\Users\ml\Downloads\Ufo-Aftershock-Patch-1.3.zip 2014-01-26 00:44 - 2014-01-26 00:44 - 02028396 _____ () C:\Users\ml\Downloads\UFO_Aftershock_v1.2.1_Patch.zip 2014-01-26 00:40 - 2010-03-05 00:40 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-01-21 21:29 - 2014-01-21 21:29 - 03669884 _____ () C:\Users\ml\Downloads\DarkHorizon_v1.0.6.0_Patch.zip 2014-01-20 21:46 - 2014-01-20 21:45 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-20 21:46 - 2013-10-17 21:24 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-20 21:46 - 2012-03-18 15:32 - 00000000 ____D () C:\Program Files\Java 2014-01-20 21:43 - 2010-03-14 16:43 - 00000000 ____D () C:\Users\ml\AppData\Local\Adobe 2014-01-18 18:21 - 2013-10-09 18:16 - 00000000 ____D () C:\Program Files\Hearthstone 2014-01-17 22:32 - 2013-10-04 19:02 - 00000000 ____D () C:\Program Files\Battle.net 2014-01-17 22:32 - 2012-05-14 18:11 - 00000000 ____D () C:\Program Files\Diablo III 2014-01-17 16:58 - 2012-11-21 21:56 - 00015726 _____ () C:\Users\ml\Documents\Geburtstage_Adressen.odt 2014-01-17 16:36 - 2010-03-05 01:02 - 00073312 _____ () C:\Windows\DirectX.log 2014-01-17 00:10 - 2010-03-05 01:58 - 00000000 ____D () C:\Windows\system32\directx 2014-01-17 00:09 - 2010-10-03 09:06 - 00000000 ____D () C:\Program Files\THQ Files to move or delete: ==================== C:\Windows\Tasks\At1.job Some content of TEMP: ==================== C:\Users\ml\AppData\Local\Temp\11-8_vista32_win7_32_dd_ccc_ocl.exe C:\Users\ml\AppData\Local\Temp\CheatEngine63Clean.exe C:\Users\ml\AppData\Local\Temp\CmdLineExt03.dll C:\Users\ml\AppData\Local\Temp\CTPBSeq.exe C:\Users\ml\AppData\Local\Temp\devcon.exe C:\Users\ml\AppData\Local\Temp\DivXSetup.exe C:\Users\ml\AppData\Local\Temp\drm_dyndata_7370012.dll C:\Users\ml\AppData\Local\Temp\drm_dyndata_7400006.dll C:\Users\ml\AppData\Local\Temp\GdiPlus.dll C:\Users\ml\AppData\Local\Temp\installerdll.dll C:\Users\ml\AppData\Local\Temp\InstallerMessageBox.exe C:\Users\ml\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\mbam-setup.exe C:\Users\ml\AppData\Local\Temp\MSVBVM60.DLL C:\Users\ml\AppData\Local\Temp\NPSInstallerProxy.exe C:\Users\ml\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll C:\Users\ml\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\ml\AppData\Local\Temp\nvSCPAPI.dll C:\Users\ml\AppData\Local\Temp\nvStereoApiI.dll C:\Users\ml\AppData\Local\Temp\nvStInst.exe C:\Users\ml\AppData\Local\Temp\patchw32.dll C:\Users\ml\AppData\Local\Temp\RSPUpgradeInstaller.exe C:\Users\ml\AppData\Local\Temp\SIntf16.dll C:\Users\ml\AppData\Local\Temp\SIntf32.dll C:\Users\ml\AppData\Local\Temp\SIntfNT.dll C:\Users\ml\AppData\Local\Temp\SkypeSetup.exe C:\Users\ml\AppData\Local\Temp\tmp4CE7.exe C:\Users\ml\AppData\Local\Temp\tmp508F.exe C:\Users\ml\AppData\Local\Temp\tmp5F8D.exe C:\Users\ml\AppData\Local\Temp\tmp61AF.exe C:\Users\ml\AppData\Local\Temp\tmp7010.exe C:\Users\ml\AppData\Local\Temp\tmp96A3.exe C:\Users\ml\AppData\Local\Temp\Uninst.exe C:\Users\ml\AppData\Local\Temp\_is77CF.exe C:\Users\ml\AppData\Local\Temp\_isE495.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-08 13:54 ==================== End Of Log ============================ Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01
Ran by ml at 2014-02-15 22:31:35
Running from C:\Users\ml\Desktop\logs
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
[translation missing: EVERemoveOnly] (Version: - CCP Games Ltd.)
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Director 11.5 (Version: 11.5 - Adobe Systems Incorporated)
Adobe Director 11.5 (Version: 11.5 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (Version: 1.1 - Adobe Systems Incorporated)
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) - Deutsch (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 11.5 (Version: 11.5.6.606 - Adobe Systems, Inc.)
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Age of Empires Online (Version: - Microsoft)
Amazon Cloud Player (HKCU Version: 2.3.0.422 - Amazon Services LLC)
Amazon MP3-Downloader 1.0.17 (Version: 1.0.17 - Amazon Services LLC)
AMD Catalyst Install Manager (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
AMD GPU Clock Tool (Version: 0.9.26.0 - Advanced Micro Devices Inc.)
AMD OverDrive (Version: 3.2.1.0439 - Advanced Micro Devices, Inc.)
Apple Application Support (Version: 2.3 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.35 - Atheros Communications Inc.)
Bastion (Version: - Supergiant Games)
Battle.net (Version: - Blizzard Entertainment)
Binary Domain (Version: - Sega)
BioShock 2 (Version: - 2K Games)
BitTorrent (Version: 6.4.0 - BitTorrent, Inc)
Brother MFL-Pro Suite MFC-260C (Version: 1.0.2.0 - Brother Industries, Ltd.)
Brütal Legend (Version: - Double Fine Productions)
Bundled software uninstaller (Version: - ) <==== ATTENTION
Catalyst Control Center InstallProxy (Version: 2012.0309.43.976 - Advanced Micro Devices, Inc.) Hidden
Cheat Engine 6.3 (Version: - Cheat Engine)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Corsair M90 Firmware Update Application (Version: - )
Corsair M90 Maustreiber V1.0 (Version: 1.00.00.25 - )
Creative ALchemy (Version: 1.41 - Creative Technology Limited)
Creative Audio-Systemsteuerung (Version: 2.00 - Creative Technology Limited)
Creative Konsole Starter (Version: - Creative Technology Limited)
Creative Live! Cam Center (Version: - )
Creative Live! Cam Vista IM Driver (1.10.04.00) (Version: - )
Creative MediaSource 5 (Version: 5.00 - )
Creative Software AutoUpdate (Version: 1.40 - Creative Technology Limited)
Creative WaveStudio 7 (Version: 7.14 - Creative Technology Limited)
CrystalDiskInfo 4.1.4 (Version: 4.1.4 - Crystal Dew World)
Dark Horizon (Version: - Paradox Interactive)
Darksiders II (Version: - Vigil Games)
DarksidersInstaller (Version: 1.00.1000 - Ihr Firmenname)
Dead Space™ 2 (Version: 1.0.941.0 - Electronic Arts)
Deus Ex: Human Revolution - The Missing Link (Version: - Eidos Montreal)
Deus Ex: Human Revolution (Version: - Eidos Montreal)
Devil May Cry 4 (Version: - Capcom)
Diablo III (Version: - Blizzard Entertainment)
Disciples III: Renaissance (Version: - Akella)
Dishonored (Version: 1.0 - Bethesda Softworks)
DivX Converter (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (Version: - DivX, Inc.)
DivX Version Checker (Version: 7.1.0.9 - DivX, Inc.)
DivX-Setup (Version: 2.6.1.44 - DivX, LLC)
Duke Nukem Forever (Version: - Gearbox Software)
Eigenschaften von Creative Sound Blaster (Version: 1.02 - Creative Technology Limited)
ElsterFormular (Version: 14.1.11318 - Landesfinanzdirektion Thüringen)
Endless Space (Version: - Amplitude Studios)
Essential XML Editor (Version: - Dieter Köhler)
Essential XML Editor (Version: 1.6.4 - Dieter Köhler) Hidden
Etron USB3.0 Host Controller (Version: 0.96 - Etron Technology)
Etron USB3.0 Host Controller (Version: 0.96 - Etron Technology) Hidden
EVEREST Home Edition v2.20 (Version: 2.20 - Lavalys Inc)
EVGA Precision 2.0.4 (Version: 2.0.4 - EVGA Corporation)
Fallout: New Vegas (Version: - Bethesda Softworks)
Far Cry 2 (Version: - Ubisoft Montreal)
FileZilla Client 3.6.0.2 (Version: 3.6.0.2 - FileZilla Project)
Fraps (Version: - )
GECK - New Vegas Edition (Version: - )
GPGNet (Version: 1.0.0 - Gas Powered Games)
HiSuite (Version: 32.610.20.00.06 - Huawei Technologies Co.,Ltd)
Hydrophobia: Prophecy (Version: - Dark Energy Digital)
Impulse (Version: 1.0 - Stardock Corporation) Hidden
Impulse (Version: 1.0 - Stardock)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 29 (Version: 6.0.290 - Oracle)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kaspersky Internet Security 2012 (Version: 12.0.0.374 - Kaspersky Lab)
Kaspersky Internet Security 2012 (Version: 12.0.0.374 - Kaspersky Lab) Hidden
Kingdoms of Amalur: Reckoning™ (Version: - Big Huge Games)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Legendary (Version: - Gamecock)
LOST PLANET 2 (Version: 1.0.0.129 - CAPCOM CO., LTD.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mass Effect (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (Version: 1.01 - Electronic Arts, Inc.)
Mass Effect™ 3 (Version: 1.05.0.0 - Electronic Arts)
MechWarrior Online (HKCU Version: 1.2.0.0 - Piranha Games Inc.)
MechWarrior Online (Version: 1.2.0.0 - Piranha Games Inc.) Hidden
Metro 2033 (Version: - THQ)
Microsoft .NET Framework 1.1 (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (Version: - )
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (Version: - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0 - Microsoft Corporation)
Might & Magic Heroes VI (Version: 1.1.1 - Ubisoft)
Mozilla Firefox 27.0 (x86 de) (Version: 27.0 - Mozilla)
Mozilla Maintenance Service (Version: 27.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (Version: 24.3.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA Drivers (Version: 1.10 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA Performance (Version: 6.5 - NVIDIA Corporation)
NVIDIA Performance (Version: 6.5 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA System Monitor (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Monitor (Version: 6.5 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
OpenAL (Version: - )
OpenOffice.org 3.3 (Version: 3.3.9567 - OpenOffice.org)
Origin (Version: 8.5.2.23 - Electronic Arts, Inc.)
Overlord II (Version: - Codemasters)
oZone3D.Net FurMark v1.8.2 (Version: - oZone3D.Net)
Pando Media Booster (Version: 2.3.6.0 - Pando Networks Inc.)
PC Connectivity Solution (Version: 8.15.0.0 - Nokia)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Pflanzen gegen Zombies Version 1.0.4.7924 (Version: 1.0.4.7924 - UGP)
Pharao (Version: - )
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Portal (Version: - Valve)
Portal 2 (Version: - Valve)
PSPad editor (Version: - Jan Fiala)
PunkBuster Services (Version: 0.986 - Even Balance, Inc.)
QuickTime (Version: 7.74.80.86 - Apple Inc.)
RAGE (Version: - id Software)
Realtek Ethernet Controller Driver (Version: 1.00.0008 - Realtek)
Red Faction Guerrilla (Version: 1.00.0000 - Volition Inc.)
Red Faction Guerrilla (Version: 1.00.0000 - Volition Inc.) Hidden
Red Faction: Armageddon (Version: - Volition)
Rise of the Triad (Version: - Interceptor Entertainment)
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (Version: v2.24 MSI Master Overclocking Arena 2009 edition - Alexey Nicolaychuk)
Saitek SD6 Programming Software 6.7.5.2 (Version: 6.7.5.2 - Saitek)
Samsung Mobile phone USB driver Drive Software (Version: - )
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung New PC Studio USB Driver Installer (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio USB Driver Installer (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
SamsungConnectivityCableDriver (Version: 6.83.6.2.1 - Samsung)
Scan2PDF 1.6 (Version: - Koma-Code)
Sine Mora (Version: - )
Sins of a Solar Empire - Diplomacy (Version: - Stardock Corporation)
Sins of a Solar Empire - Entrenchment (Version: - Stardock Corporation)
Sins of a Solar Empire (Version: - Stardock Corporation)
Sins of a Solar Empire: Rebellion Beta (Version: - )
Skype Click to Call (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
Sound Blaster X-Fi (Version: 1.0 - )
Star Conflict (Version: - )
Star Wars(TM): Knights of the Old Republic (TM) (Version: - )
Steam (Version: 1.0.0.0 - Valve Corporation)
Strike Suit Zero (Version: - )
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
SweetIM for Messenger 3.6 (Version: 3.6.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
SweetPacks Toolbar for Internet Explorer 4.4 (Version: 4.4.0001 - SweetIM Technologies Ltd.) <==== ATTENTION
TeamSpeak 2 RC2 (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TeamViewer 9 (Version: 9.0.24951 - TeamViewer)
The Bureau: XCOM Declassified (Version: - 2K Marin)
The Elder Scrolls Online Beta (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (Version: - Bethesda Game Studios)
Thief - Deadly Shadows (Version: 1.0 - )
Tomb Raider (Version: - Crystal Dynamics)
Tweaking.com - Windows Repair (All in One) (Version: 2.3.0 - Tweaking.com)
Ubisoft Game Launcher (Version: 1.0.0.0 - UBISOFT)
UFO Aftermath (Version: 1.4 - )
UFO Aftershock (Version: 1.0 - )
UFO Aftershock Patch 1.2.1 (Version: - 1C Publishing EU)
UFO: Afterlight (Version: - Altar Games)
Uniblue DriverScanner (Version: 4.0.3.4 - Uniblue Systems Ltd)
Unity Web Player (HKCU Version: - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update Manager B09.0908.1 (Version: 1.00.0000 - GIGABYTE)
Update Manager B09.0908.1 (Version: 1.00.0000 - GIGABYTE) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.8 (Version: 2.0.8 - VideoLAN)
Warhammer 40,000 Space Marine (Version: - Relic)
Warhammer® 40,000®: Dawn of War® II – Retribution™ (Version: - Relic)
Warhammer® 40,000™: Dawn of War® II (Version: - Relic)
WinAce Archiver (Version: 2.69 - e-merge GmbH)
Windows Live Communications Platform (Version: 14.0.8098.930 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0 - Nokia)
WinRAR (Version: - )
World of Logs Client (4.2) (HKCU Version: - Digibites Technology)
World of Warcraft (Version: - Blizzard Entertainment)
XCOM: Enemy Unknown (Version: - Firaxis Games)
==================== Restore Points =========================
11-02-2014 17:14:59 Windows Update
11-02-2014 19:13:31 Tweaking.com - Windows Repair
11-02-2014 22:40:54 Windows Update
12-02-2014 19:46:59 Malwarebytes Anti-Rootkit Restore Point
15-02-2014 21:17:51 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:04 - 2014-02-11 20:29 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1550374E-B1F1-438A-9332-79E0ACA35FB7} - \At1 No Task File
Task: {2EC1CB48-68BF-4F58-AB5A-016EE4A259D2} - System32\Tasks\DriverScanner => C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe [2011-10-20] (Uniblue Systems Limited)
Task: {45FD44A8-359B-433D-B834-D0888E959F68} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {99344698-6568-444F-9F70-24F618621AF1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CA5BEFE0-E91B-41B4-A3FB-B808E63B79FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => C:\Windows\system32\compaact.exe
Task: C:\Windows\Tasks\DriverScanner.job => C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
==================== Loaded Modules (whitelisted) =============
2012-11-29 22:59 - 2012-11-29 22:59 - 00093696 _____ () C:\Program Files\FileZilla\fzshellext.dll
2010-03-08 23:12 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2010-03-05 01:03 - 2009-02-06 17:52 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2010-03-05 01:03 - 2009-03-26 13:46 - 00148480 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2011-04-24 23:13 - 2011-04-24 23:13 - 02118032 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 07008656 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 02089360 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 01270160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00192912 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00758160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
2011-04-20 19:56 - 2011-04-20 19:56 - 00025088 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
2012-07-10 19:22 - 2012-05-14 11:43 - 00043008 _____ () C:\Maus_M90\hidGetKey.dll
2013-02-13 03:37 - 2013-02-13 03:37 - 01263952 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-02-13 03:38 - 2013-02-13 03:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2010-03-05 01:04 - 2006-06-09 14:20 - 00003072 _____ () C:\Windows\CTXFIGER.DLL
2011-01-01 10:54 - 2011-08-27 00:16 - 03077528 _____ () C:\Program Files\Pando Networks\Media Booster\PMB.exe
2013-07-11 15:46 - 2013-07-11 15:46 - 00583488 _____ () C:\Program Files\HiSuite\HiSuite.exe
2013-07-11 15:47 - 2013-07-11 15:47 - 00634176 _____ () C:\Program Files\HiSuite\core.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00302912 _____ () C:\Program Files\HiSuite\sdk.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00017832 _____ () C:\Program Files\HiSuite\mingwm10.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00049472 _____ () C:\Program Files\HiSuite\libgcc_s_dw2-1.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 02421568 _____ () C:\Program Files\HiSuite\QtCore4.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00911168 _____ () C:\Program Files\HiSuite\QtNetwork4.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 07723328 _____ () C:\Program Files\HiSuite\QtGui4.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 12326208 _____ () C:\Program Files\HiSuite\QtWebKit4.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00262464 _____ () C:\Program Files\HiSuite\phonon4.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00855872 _____ () C:\Program Files\HiSuite\Proxy.DLL
2013-07-11 15:47 - 2013-07-11 15:47 - 00764224 _____ () C:\Program Files\HiSuite\Common.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00535360 _____ () C:\Program Files\HiSuite\Trace.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00596288 _____ () C:\Program Files\HiSuite\PluginContainer.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 01475392 _____ () C:\Program Files\HiSuite\AtComm.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00759616 _____ () C:\Program Files\HiSuite\AddrBookSrvPlugin.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00751424 _____ () C:\Program Files\HiSuite\vCardvCalPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00105792 _____ () C:\Program Files\HiSuite\CryptPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00586560 _____ () C:\Program Files\HiSuite\CalendarPlugin.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00558400 _____ () C:\Program Files\HiSuite\XCodec.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00953664 _____ () C:\Program Files\HiSuite\DeviceAppPlugin.dll
2013-07-11 15:46 - 2013-07-11 15:46 - 00635200 _____ () C:\Program Files\HiSuite\ADB.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00504640 _____ () C:\Program Files\HiSuite\OSPowerMgr.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00768832 _____ () C:\Program Files\HiSuite\XObex.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00070976 _____ () C:\Program Files\HiSuite\obex.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00613184 _____ () C:\Program Files\HiSuite\ADBAdapt.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00637760 _____ () C:\Program Files\HiSuite\OSAdapt.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00108864 _____ () C:\Program Files\HiSuite\SmsSrvPlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00687936 _____ () C:\Program Files\HiSuite\SmsAppPlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00844608 _____ () C:\Program Files\HiSuite\SyncPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00540480 _____ () C:\Program Files\HiSuite\APKManagerPlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00572736 _____ () C:\Program Files\HiSuite\MusicPlaySrvPlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00551744 _____ () C:\Program Files\HiSuite\ImageMgrSrvPlugin.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00089408 _____ () C:\Program Files\HiSuite\plugins\imageformats\qgif4.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00088384 _____ () C:\Program Files\HiSuite\plugins\imageformats\qico4.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00198464 _____ () C:\Program Files\HiSuite\plugins\imageformats\qjpeg4.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00357184 _____ () C:\Program Files\HiSuite\plugins\imageformats\qmng4.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00078656 _____ () C:\Program Files\HiSuite\plugins\imageformats\qsvg4.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00305984 _____ () C:\Program Files\HiSuite\QtSvg4.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00376640 _____ () C:\Program Files\HiSuite\plugins\imageformats\qtiff4.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00253248 _____ () C:\Program Files\HiSuite\XFramePlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00332096 _____ () C:\Program Files\HiSuite\QtXml4.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00222016 _____ () C:\Program Files\HiSuite\QtSql4.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00147264 _____ () C:\Program Files\HiSuite\StatusBarMgrPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 01233216 _____ () C:\Program Files\HiSuite\AddrBookUIPlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00208704 _____ () C:\Program Files\HiSuite\SettingUIPlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00170304 _____ () C:\Program Files\HiSuite\RelationPlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 01483072 _____ () C:\Program Files\HiSuite\SMSUIPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00598336 _____ () C:\Program Files\HiSuite\CalendarUIPlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00273216 _____ () C:\Program Files\HiSuite\TaskUIPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00222528 _____ () C:\Program Files\HiSuite\DownLoadPlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00106816 _____ () C:\Program Files\HiSuite\NotifyServicePlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 01455936 _____ () C:\Program Files\HiSuite\ImExportUIPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00159040 _____ () C:\Program Files\HiSuite\GmailOperation.DLL
2013-07-11 15:48 - 2013-07-11 15:48 - 00993600 _____ () C:\Program Files\HiSuite\libxml2.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00084288 _____ () C:\Program Files\HiSuite\zlib1.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00211264 _____ () C:\Program Files\HiSuite\Outlook.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00137536 _____ () C:\Program Files\HiSuite\OutlookExpress.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00119616 _____ () C:\Program Files\HiSuite\LayoutPlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00227136 _____ () C:\Program Files\HiSuite\ModuleTreePlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00274752 _____ () C:\Program Files\HiSuite\HomeUIPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00897344 _____ () C:\Program Files\HiSuite\AppManagerUIPlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 01560896 _____ () C:\Program Files\HiSuite\QtScript4.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 01182528 _____ () C:\Program Files\HiSuite\MusicMgrUIPlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00713024 _____ () C:\Program Files\HiSuite\ImageMgrUIPlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00239424 _____ () C:\Program Files\HiSuite\ScreenShotUIPlugin.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 02308928 _____ () C:\Program Files\HiSuite\UpdateUIPlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00087360 _____ () C:\Program Files\HiSuite\HWEMUIEditToolsUIPlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00083264 _____ () C:\Program Files\HiSuite\LogoPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 00916288 _____ () C:\Program Files\HiSuite\DeviceMgrUIPlugin.dll
2013-07-11 15:49 - 2013-07-11 15:49 - 00552768 _____ () C:\Program Files\HiSuite\SyncUIPlugin.dll
2013-07-11 15:47 - 2013-07-11 15:47 - 02282304 _____ () C:\Program Files\HiSuite\BackUpUIPlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00203584 _____ () C:\Program Files\HiSuite\MenuMgrPlugin.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00364864 _____ () C:\Program Files\HiSuite\WebKitUIPlugin.dll
2013-07-11 15:48 - 2013-07-11 15:48 - 00171328 _____ () C:\Program Files\HiSuite\KuwoWebUIPlugin.dll
2013-07-11 15:50 - 2013-07-11 15:50 - 00832320 _____ () C:\Program Files\HiSuite\UpdateSrvPlugin.dll
2014-01-21 18:57 - 2014-01-14 20:46 - 03140608 _____ () C:\Users\ml\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2013-10-22 22:42 - 2013-07-11 15:50 - 00821568 _____ () C:\Users\ml\AppData\Local\HiSuite\userdata\hwtools\hwtransport.exe
2014-02-15 12:16 - 2014-02-06 18:04 - 03583600 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: AODDriver4.01
Description: AODDriver4.01
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.01
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/15/2014 10:26:11 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ProfilerU.exe, Version: 6.7.5.2, Zeitstempel: 0x4aaa3efd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00381874
ID des fehlerhaften Prozesses: 0x105c
Startzeit der fehlerhaften Anwendung: 0xProfilerU.exe0
Pfad der fehlerhaften Anwendung: ProfilerU.exe1
Pfad des fehlerhaften Moduls: ProfilerU.exe2
Berichtskennung: ProfilerU.exe3
Error: (02/15/2014 10:01:14 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80040154, Klasse nicht registriert
.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {828bf9ee-08b7-401d-b79d-69d30233d473}
Error: (02/15/2014 10:01:14 PM) (Source: VSS) (User: )
Description: Fehler im Volumenschattenkopie-Dienst: Eine vom Volumenschattenkopie-Dienst benötigte kritische Komponente ist nicht registriert.
Dies kann geschehen, wenn bei der Windows-Installation oder bei der Installation eines Schattenkopieanbieters ein Fehler aufgetreten ist.
Der von CoCreateInstance für die Klasse mit CLSID "{4e14fba2-2e22-11d1-9964-00c04fbbb345}" und dem Namen "CEventSystem" zurückgegebene Fehler ist [0x80040154, Klasse nicht registriert
].
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {828bf9ee-08b7-401d-b79d-69d30233d473}
Error: (02/15/2014 10:01:14 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.MapPI> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
(HRESULT : 0x80040154) (0x80040154)
Error: (02/15/2014 10:01:06 PM) (Source: SecurityCenter) (User: )
Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.
Error: (02/15/2014 09:42:47 PM) (Source: WinMgmt) (User: )
Description: 0x80041014
Error: (02/15/2014 09:42:42 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
(HRESULT : 0x80040154) (0x80040154)
Error: (02/15/2014 09:42:42 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
(HRESULT : 0x80040154) (0x80040154)
Error: (02/15/2014 09:42:42 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
(HRESULT : 0x80040154) (0x80040154)
Error: (02/15/2014 09:42:39 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.MapPI> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
(HRESULT : 0x80040154) (0x80040154)
System errors:
=============
Error: (02/15/2014 10:25:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (02/15/2014 10:11:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (02/15/2014 10:01:22 PM) (Source: DCOM) (User: )
Description: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
Error: (02/15/2014 10:00:54 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Skype Updater erreicht.
Error: (02/15/2014 10:00:53 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Center-Planerdienst erreicht.
Error: (02/15/2014 10:00:53 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Center-Empfängerdienst erreicht.
Error: (02/15/2014 10:00:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (02/15/2014 10:00:52 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Benachrichtigungsdienst für Systemereignisse" ist vom Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (02/15/2014 10:00:53 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{89115307-8248-448F-ADA0-F3F3718A9B2A}Nicht verfügbarNT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (02/15/2014 10:00:53 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{89115307-8248-448F-ADA0-F3F3718A9B2A}Nicht verfügbarNT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (02/15/2014 10:26:11 PM) (Source: Application Error)(User: )
Description: ProfilerU.exe6.7.5.24aaa3efdunknown0.0.0.000000000c000000500381874105c01cf2a94884c3a3fC:\Program Files\Saitek\SD6\Software\ProfilerU.exeunknownca27f059-9687-11e3-99e6-bc5ff40f2dd2
Error: (02/15/2014 10:01:14 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154, Klasse nicht registriert
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {828bf9ee-08b7-401d-b79d-69d30233d473}
Error: (02/15/2014 10:01:14 PM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80040154, Klasse nicht registriert
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {828bf9ee-08b7-401d-b79d-69d30233d473}
Error: (02/15/2014 10:01:14 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
(HRESULT : 0x80040154) (0x80040154)
Search.MapPI
Error: (02/15/2014 10:01:06 PM) (Source: SecurityCenter)(User: )
Description:
Error: (02/15/2014 09:42:47 PM) (Source: WinMgmt)(User: )
Description: 0x80041014
Error: (02/15/2014 09:42:42 PM) (Source: Windows Search Service)(User: )
Description:
Details:
(HRESULT : 0x80040154) (0x80040154)
Error: (02/15/2014 09:42:42 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung
Details:
(HRESULT : 0x80040154) (0x80040154)
Error: (02/15/2014 09:42:42 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
(HRESULT : 0x80040154) (0x80040154)
Error: (02/15/2014 09:42:39 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
(HRESULT : 0x80040154) (0x80040154)
Search.MapPI
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 3323.64 MB
Available physical RAM: 1441.06 MB
Total Pagefile: 6645.58 MB
Available Pagefile: 4453.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.32 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.5 GB) (Free:225.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 08C308C2)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-15 22:50:25
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-1CH162 rev.CC44 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\ml\AppData\Local\Temp\axldrpow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x92472392]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x9248D24A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcCreatePort [0x9248D580]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x9248D8F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x92472E0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x9248CF32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x9247337E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x9247326C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0x9248D3F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x9247214E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x92473496]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x924729C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x92472B32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0x924735AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0x9248D4B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x92473856]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x92472E4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x92474858]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x92473948]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x92473EB4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x9248B722]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x92473410]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x924732F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x924725CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x92473C98]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x92473528]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x924724C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x92473664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x9248B91A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQuerySection [0x924741DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x92473AE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x9248D6E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x9248D632]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x9248D750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x924746FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x9248D0BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x92472CAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x92473702]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x9247432A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x9247441E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x92474558]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x92473778]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x9247276C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x924726C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x92474092]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x92472858]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83A5AA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83A94212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 83A9B46C 4 Bytes [92, 23, 47, 92] {XCHG EDX, EAX; AND EAX, [EDI-0x6e]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 83A9B494 8 Bytes [4A, D2, 48, 92, 80, D5, 48, ...] {DEC EDX; ROR [EAX-0x6e], CL; ADC CH, 0x48; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 83A9B4D8 4 Bytes [F6, D8, 48, 92] {NEG AL; DEC EAX; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 83A9B504 4 Bytes [0C, 2E, 47, 92] {OR AL, 0x2e; INC EDI; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 83A9B528 4 Bytes [32, CF, 48, 92] {XOR CL, BH; DEC EAX; XCHG EDX, EAX}
.text ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xAB829300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xAB86C300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 2.1 ----
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[332] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[332] ntdll.dll!NtProtectVirtualMemory 77AF5F58 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[332] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[332] USER32.dll!NotifyWinEvent + 6AE 75F5D66C 4 Bytes [E0, 13, 54, 67]
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[4176] kernel32.dll!SetUnhandledExceptionFilter 769BF4EB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4592] ntdll.dll!NtProtectVirtualMemory 77AF5F58 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4592] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[4592] USER32.dll!NotifyWinEvent + 6AE 75F5D66C 4 Bytes [E0, 13, 54, 67]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4936] ntdll.dll!LdrGetProcedureAddress + 26 77B122A9 7 Bytes JMP 716F1FFD C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4936] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 769B941E 7 Bytes JMP 63DA09D3 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4936] kernel32.dll!QueryPerformanceCounter + 13 769BC425 7 Bytes JMP 63DA098B C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4936] kernel32.dll!LoadAppInitDlls + 355 769BF4E6 7 Bytes JMP 639B5CC6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4936] GDI32.dll!GetViewportOrgEx + 26C 77BF884B 7 Bytes JMP 63DA09FA C:\Program Files\Mozilla Firefox\xul.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0F 0x68 0xFB 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x4E 0x7F 0x91 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0F 0x68 0xFB 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x4E 0x7F 0x91 0x7F ...
---- EOF - GMER 2.1 ----
 |
|
16.02.2014, 06:48
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht hi,
__________________Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
16.02.2014, 10:31
| #3 |
| | Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht Guten Morgen
__________________hier die Logs: MBAM: Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.16.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.16518 ml :: ATLAN [Administrator] Schutz: Aktiviert 16.02.2014 08:46:19 mbam-log-2014-02-16 (08-46-19).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 265564 Laufzeit: 11 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 16/02/2014 um 09:49:27
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : ml - ATLAN
# Gestartet von : C:\Users\ml\Desktop\logs\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\ProgramData\Uniblue\DriverScanner
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\DriverScanner
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\Program Files\Uniblue\DriverScanner
Ordner Gelöscht : C:\Users\ml\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\ml\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\ml\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\ml\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\ml\AppData\Roaming\Uniblue\DriverScanner
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\user.js
Datei Gelöscht : C:\Windows\Tasks\driverscanner.job
Datei Gelöscht : C:\Windows\System32\Tasks\driverscanner
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EC1CB48-68BF-4F58-AB5A-016EE4A259D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2EC1CB48-68BF-4F58-AB5A-016EE4A259D2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_scan2pdf_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_scan2pdf_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyricspal
Schlüssel Gelöscht : HKLM\Software\Uniblue\DriverScanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16518
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v27.0 (de)
[ Datei : C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [14571 octets] - [16/02/2014 09:29:50]
AdwCleaner[S0].txt - [14432 octets] - [16/02/2014 09:49:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14493 octets] ##########
 im ersten hat er einige Registry Schlüssel und Files gelöscht und das neue ist dementsprechend leer -.-Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x86
Ran by ml on 16.02.2014 at 10:10:15,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.02.2014 at 10:13:16,46
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01 Ran by ml (administrator) on ATLAN on 16-02-2014 10:17:15 Running from C:\Users\ml\Desktop\logs Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\system32\atiesrxx.exe (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe (AMD) C:\Windows\system32\atieclxx.exe () C:\Program Files\AMD\OverDrive\AODAssist.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Teruten) C:\Windows\system32\FsUsbExService.Exe () C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe () C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe (NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe () C:\Windows\system32\PnkBstrA.exe () C:\Windows\system32\PnkBstrB.exe (StarWind Software) C:\Program Files\alcohol\StarWind\StarWindServiceAE.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (Creative Technology Ltd.) C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) C:\Windows\System32\CTHELPER.EXE (Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Creative Technology Ltd) C:\Windows\SYSTEM32\CTXFISPI.EXE (Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Creative Technology Ltd.) C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe (Corsair Components Inc) C:\Maus_M90\M90Hid.exe (Corsair Components Inc) C:\Maus_M90\CorsTra.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Creative Technology Ltd) C:\Windows\System32\Ctxfihlp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\Program Files\Pando Networks\Media Booster\PMB.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Creative Technology Ltd) C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe () C:\Program Files\HiSuite\HiSuite.exe () C:\Users\ml\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe () C:\Users\ml\AppData\Local\HiSuite\userdata\hwtools\hwtransport.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RCSystem] - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [57344 2006-11-22] (Creative Technology Ltd.) HKLM\...\Run: [AudioDrvEmulator] - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [57344 2006-11-22] (Creative Technology Ltd.) HKLM\...\Run: [VolPanel] - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [180224 2006-12-06] (Creative Technology Ltd) HKLM\...\Run: [CTHelper] - C:\Windows\system32\CTHELPER.EXE [19456 2007-03-05] (Creative Technology Ltd) HKLM\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated) HKLM\...\Run: [ProfilerU] - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [237568 2009-09-11] (Saitek) HKLM\...\Run: [SaiMfd] - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [131072 2009-09-11] (Saitek) HKLM\...\Run: [ Malwarebytes Anti-Malware (reboot)] - "C:\Program Files\Anti-Malware\mbam.exe" /runcleanupscript HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO) HKLM\...\Run: [NPSStartup] - [X] HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM\...\Run: [Corsair Garros] - C:\Maus_M90\M90Hid.exe [1768960 2012-05-22] (Corsair Components Inc) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC) HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] () HKLM\...\Run: [CTxfiHlp] - C:\Windows\system32\CTXFIHLP.EXE [25600 2010-05-05] (Creative Technology Ltd) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO) HKU\.DEFAULT\...\Run: [CtxfiReg] - CTXFIREG.exe /FAIL1 HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-27] () HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Creative MediaSource Go] - C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe [204800 2006-11-09] (Creative Technology Ltd) HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Mobile Partner] - C:\Program Files\HiSuite\HiSuite.exe [583488 2013-07-11] () HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Amazon Cloud Player] - C:\Users\ml\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] () HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\MountPoints2: D - D:\ASRSetup.exe HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\MountPoints2: {cb124b1d-2f7c-11df-997d-6cf04902646e} - F:\Setup.exe HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\MountPoints2: {f4c6a2a3-3b33-11e3-817b-bc5ff40f2dd2} - G:\autorun.exe Startup: C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Profiler.lnk ShortcutTarget: Profiler.lnk -> C:\Windows\Installer\{46A219BA-FA02-43B6-8E46-4704B39251DD}\Profiler.exe (Saitek) ==================== Internet (Whitelisted) ==================== SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {47802076-0332-47D7-AB21-698498446961} URL = hxxp://www.google.de/search?q={searchTerms} BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 62.109.121.2 62.109.121.1 FireFox: ======== FF ProfilePath: C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1))%20%7B%20return%20'PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\ml\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: FT DeepDark - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-02-11] FF Extension: Firebug - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\firebug@software.joehewitt.com.xpi [2012-12-14] FF Extension: YouTube MP3 Download - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\jid0-Z0Vu9hJlqV0fhIAPqPfmUCNubYQ@jetpack.xpi [2013-07-20] FF Extension: ProxMate - Proxy on steroids! - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-10-19] FF Extension: TinEye Reverse Image Search - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\tineye@ideeinc.com.xpi [2013-04-19] FF Extension: NoScript - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-12-14] FF Extension: FireFTP - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-12-14] FF Extension: Adblock Plus - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-14] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03] FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF Extension: Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011-11-01] FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011-11-01] FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011-11-01] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-01] ========================== Services (Whitelisted) ================= R2 AODService; C:\Program Files\AMD\OverDrive\AODAssist.exe [136616 2010-04-23] () R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-03-05] (Creative Labs) R2 HiSuiteOuc.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe [116032 2013-07-11] () R2 HuaweiHiSuiteService.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe [158208 2013-05-02] () S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [192832 2011-09-19] (NVIDIA) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2014-01-02] () R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [107832 2014-01-02] () S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies) R2 StarWindServiceAE; C:\Program Files\alcohol\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) S3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [X] ==================== Drivers (Whitelisted) ==================== R3 AmdTools; C:\Windows\System32\DRIVERS\AmdTools.sys [42552 2008-04-28] (AMD, Inc.) R3 AODDriver2; C:\Program Files\AMD\OverDrive\i386\AODDriver2.sys [36864 2010-04-23] (Advanced Micro Devices) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-07-07] () S3 CamDrL; C:\Windows\System32\DRIVERS\Camdrl.sys [1075360 2007-02-03] (Logitech Inc.) S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [98616 2007-03-05] (Creative Technology Ltd) R3 CORSGMS; C:\Windows\System32\Drivers\CORSGMS.sys [18432 2012-03-27] ( ) S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [552248 2007-03-05] (Creative Technology Ltd) S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2010-05-05] (Creative Technology Ltd) S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [174392 2007-03-05] (Creative Technology Ltd) S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [286520 2007-03-05] (Creative Technology Ltd) S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [134968 2007-03-05] (Creative Technology Ltd) R3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [329528 2007-03-05] (Creative Technology Ltd) S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [101176 2007-03-05] (Creative Technology Ltd) S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [566584 2007-03-05] (Creative Technology Ltd) S3 dbustrcm; C:\Users\ml\AppData\Local\Temp\dbustrcm.sys [31744 2013-09-01] () R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [32384 2011-02-08] (Etron Technology Inc) R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [52352 2011-02-08] (Etron Technology Inc) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [586072 2012-10-31] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [23856 2011-03-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-07-07] () R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-02-12] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 RivaTuner32; C:\Program Files\RivaTuner\RivaTuner32.sys [9088 2009-08-22] () R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [104960 2008-01-21] (Saitek) S3 SaiK0CEA; C:\Windows\System32\DRIVERS\SaiK0CEA.sys [104960 2008-04-04] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [20744 2009-09-14] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [43656 2009-09-14] (Saitek) S3 SaiU0CEA; C:\Windows\System32\DRIVERS\SaiU0CEA.sys [28544 2008-04-04] (Saitek) R1 SAVRKBootTasks; C:\Windows\system32\SAVRKBootTasks.sys [18816 2010-05-26] (Sophos Plc) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-03-14] (Duplex Secure Ltd.) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation) R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () R3 V0260VID; C:\Windows\System32\DRIVERS\V0260Vid.sys [154560 2007-05-25] (Creative Technology Ltd.) S3 amdiox86; system32\DRIVERS\amdiox86.sys [X] S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [X] S3 atillk64; \??\C:\Program Files\AMD GPU Clock Tool\atillk64.sys [X] S3 CT20XUT.DLL; system32\CT20XUT.DLL [X] S3 CTEXFIFX.DLL; system32\CTEXFIFX.DLL [X] S3 CTHWIUT.DLL; system32\CTHWIUT.DLL [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2011-10-24] (Huawei Technologies Co., Ltd.) S3 MEMSWEEP2; \??\C:\Windows\system32\34.tmp [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-16 10:13 - 2014-02-16 10:13 - 00000645 _____ () C:\Users\ml\Desktop\JRT.txt 2014-02-16 10:05 - 2014-02-16 10:05 - 00000000 ____D () C:\Users\ml\Desktop\zeug 2014-02-16 09:54 - 2014-02-16 09:54 - 00000000 ____D () C:\Windows\ERUNT 2014-02-16 09:27 - 2014-02-16 09:49 - 00000000 ____D () C:\AdwCleaner 2014-02-16 08:33 - 2014-02-16 08:33 - 00000000 ____D () C:\Program Files\Skype 2014-02-15 21:15 - 2014-02-15 21:15 - 00293592 _____ () C:\Users\linuel\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-15 21:10 - 2014-02-16 07:08 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-15 21:10 - 2014-02-16 07:08 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-15 21:10 - 2014-02-16 07:08 - 00000000 ____D () C:\Users\linuel 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Startmenü 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Netzwerkumgebung 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Druckumgebung 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Musik 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Bilder 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Local\Verlauf 2014-02-15 15:08 - 2014-02-15 22:22 - 00000340 _____ () C:\Users\ml\defogger_reenable 2014-02-15 13:00 - 2014-02-16 10:17 - 00000000 ____D () C:\FRST 2014-02-13 21:40 - 2014-02-13 22:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-02-13 21:18 - 2014-02-13 21:19 - 00000109 _____ () C:\Users\ml\Documents\mwb-am.TXT 2014-02-11 23:54 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-11 23:54 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-11 23:54 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-11 23:54 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-11 23:54 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-11 23:54 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-11 23:54 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-11 23:54 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-11 23:54 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-11 23:54 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-11 23:54 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-11 23:54 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-11 23:54 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-11 23:54 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-11 23:54 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-11 23:54 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-11 23:54 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-11 23:54 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-11 23:54 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-11 23:54 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-11 23:54 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-11 23:44 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-11 22:41 - 2014-02-11 22:41 - 04745728 _____ (AVAST Software) C:\Users\ml\Downloads\aswMBR.exe 2014-02-11 22:14 - 2014-02-11 22:15 - 00267492 _____ () C:\Windows\msxml4-KB2758694-deu.LOG 2014-02-11 21:51 - 2014-02-12 18:43 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-02-11 21:50 - 2014-02-11 21:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ml\Downloads\mbar-1.07.0.1009.exe 2014-02-11 21:49 - 2014-02-11 21:50 - 00000000 ____D () C:\Program Files\Malwarebytes_Anti-Rootkit 2014-02-11 21:45 - 2014-02-11 21:52 - 451422799 _____ (WinFuture) C:\Users\ml\Downloads\WinFuture_7SP1_x86_UpdatePack_2.34_Januar_2014-Vollversion.exe 2014-02-11 21:29 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-11 21:29 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-11 21:29 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-11 21:29 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-11 21:29 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-11 21:29 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-11 21:29 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-11 21:29 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-11 21:29 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-11 21:29 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-11 21:29 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-11 21:29 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-11 21:29 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-11 21:29 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-11 20:16 - 2014-02-11 20:32 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE 2014-02-11 20:15 - 2014-02-11 20:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ATLAN-Microsoft-Windows-7-Professional-(32-bit).dat 2014-02-11 20:13 - 2014-02-11 20:13 - 00000000 ____D () C:\RegBackup 2014-02-11 18:23 - 2014-02-11 18:23 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-11 18:20 - 2014-02-11 18:20 - 00000000 ____D () C:\Program Files\Tweaking 2014-02-11 18:17 - 2014-02-11 18:23 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-11 18:17 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-06 18:31 - 2014-02-06 18:31 - 00924173 _____ () C:\Users\ml\Downloads\BrMain480.exe 2014-02-06 18:04 - 2014-02-16 07:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-02 01:10 - 2014-02-02 01:10 - 00000000 ____D () C:\Users\ml\AppData\Local\BigHugeEngine 2014-01-26 00:47 - 2014-01-26 00:47 - 22607745 _____ () C:\Users\ml\Downloads\ufoaftershock_patch_1_2-including_previous_patch.zip 2014-01-26 00:45 - 2014-01-26 00:45 - 03123262 _____ () C:\Users\ml\Downloads\ufo_aftershock_patch_1_3.zip 2014-01-26 00:45 - 2014-01-26 00:45 - 03122287 _____ () C:\Users\ml\Downloads\Ufo-Aftershock-Patch-1.3.zip 2014-01-26 00:44 - 2014-01-26 00:44 - 02028396 _____ () C:\Users\ml\Downloads\UFO_Aftershock_v1.2.1_Patch.zip 2014-01-26 00:41 - 2014-01-27 21:52 - 00000635 _____ () C:\Users\Public\Desktop\UFO Aftershock.lnk 2014-01-21 21:29 - 2014-01-21 21:29 - 03669884 _____ () C:\Users\ml\Downloads\DarkHorizon_v1.0.6.0_Patch.zip 2014-01-21 18:57 - 2014-02-16 07:09 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player 2014-01-21 18:57 - 2014-01-30 20:41 - 00001159 _____ () C:\Users\ml\Desktop\Amazon Cloud Player.lnk 2014-01-21 18:57 - 2014-01-30 20:41 - 00000000 ____D () C:\Users\ml\AppData\Local\Amazon Cloud Player 2014-01-20 21:46 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-01-20 21:46 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-20 21:46 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-20 21:46 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-20 21:45 - 2014-01-20 21:46 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log ==================== One Month Modified Files and Folders ======= 2014-02-16 10:17 - 2014-02-15 13:00 - 00000000 ____D () C:\FRST 2014-02-16 10:17 - 2011-01-01 10:54 - 00000000 ____D () C:\Users\ml\AppData\Local\PMB Files 2014-02-16 10:17 - 2010-03-05 00:07 - 01058915 _____ () C:\Windows\WindowsUpdate.log 2014-02-16 10:13 - 2014-02-16 10:13 - 00000645 _____ () C:\Users\ml\Desktop\JRT.txt 2014-02-16 10:13 - 2009-07-14 05:34 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-16 10:13 - 2009-07-14 05:34 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-16 10:10 - 2010-03-05 00:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-02-16 10:08 - 2012-04-21 23:17 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-02-16 10:08 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-16 10:08 - 2009-07-14 05:39 - 00179444 _____ () C:\Windows\setupact.log 2014-02-16 10:05 - 2014-02-16 10:05 - 00000000 ____D () C:\Users\ml\Desktop\zeug 2014-02-16 09:55 - 2012-07-05 16:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-16 09:54 - 2014-02-16 09:54 - 00000000 ____D () C:\Windows\ERUNT 2014-02-16 09:49 - 2014-02-16 09:27 - 00000000 ____D () C:\AdwCleaner 2014-02-16 09:49 - 2011-12-10 17:36 - 00000000 ____D () C:\ProgramData\Uniblue 2014-02-16 09:49 - 2011-12-10 17:16 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Uniblue 2014-02-16 09:49 - 2011-12-10 17:16 - 00000000 ____D () C:\Program Files\Uniblue 2014-02-16 08:33 - 2014-02-16 08:33 - 00000000 ____D () C:\Program Files\Skype 2014-02-16 08:33 - 2010-06-10 19:28 - 00000000 ____D () C:\ProgramData\Skype 2014-02-16 07:09 - 2014-02-06 18:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-16 07:09 - 2014-01-21 18:57 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player 2014-02-16 07:09 - 2013-05-18 01:29 - 00000000 ____D () C:\Users\ml\Downloads\sound 2014-02-16 07:09 - 2012-08-16 19:31 - 00000000 ____D () C:\Users\ml\AppData\Local\CCP 2014-02-16 07:09 - 2012-07-01 19:20 - 00000000 ____D () C:\Users\ml\Downloads\ydkj 2014-02-16 07:09 - 2012-05-05 06:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-16 07:09 - 2012-04-21 23:27 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision 2014-02-16 07:09 - 2012-03-02 17:00 - 00000000 ____D () C:\Users\ml\Downloads\mflpro 2014-02-16 07:09 - 2011-12-13 17:50 - 00000000 ____D () C:\Users\ml\Downloads\cpu-z 2014-02-16 07:09 - 2011-12-10 17:16 - 00000000 ____D () C:\Program Files\CrystalDiskInfo 2014-02-16 07:09 - 2011-12-05 23:24 - 00000000 ____D () C:\Users\ml\Downloads\RoT 2014-02-16 07:09 - 2011-07-17 00:33 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps 2014-02-16 07:09 - 2011-06-12 21:35 - 00000000 ____D () C:\Users\ml\Downloads\directx9c 2014-02-16 07:09 - 2011-03-06 01:01 - 00000000 ____D () C:\Users\ml\Downloads\xbox360ce 2014-02-16 07:09 - 2010-10-03 09:05 - 00000000 ____D () C:\Users\ml\Downloads\gpg 2014-02-16 07:09 - 2010-07-28 18:08 - 00000000 ____D () C:\Users\ml\AppData\Roaming\vlc 2014-02-16 07:09 - 2010-05-02 09:31 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-02-16 07:09 - 2010-04-28 19:40 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-02-16 07:09 - 2010-04-06 18:55 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition 2014-02-16 07:09 - 2010-03-20 12:57 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-02-16 07:09 - 2010-03-05 01:04 - 00000000 ____D () C:\Windows\system32\Data 2014-02-16 07:09 - 2010-03-05 00:14 - 00000000 ___RD () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-16 07:09 - 2010-03-05 00:14 - 00000000 ___RD () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-16 07:09 - 2010-03-05 00:14 - 00000000 ____D () C:\Users\ml 2014-02-16 07:09 - 2010-02-08 23:40 - 00000000 ____D () C:\spiele 2014-02-16 07:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-02-16 07:08 - 2014-02-15 21:10 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-16 07:08 - 2014-02-15 21:10 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-16 07:08 - 2014-02-15 21:10 - 00000000 ____D () C:\Users\linuel 2014-02-16 07:08 - 2013-10-30 23:57 - 00000000 ____D () C:\Users\ml\Downloads\simc-540-5-win32 2014-02-16 07:08 - 2012-11-11 11:45 - 00000000 ____D () C:\Users\ml\Downloads\Sine.Mora-SKIDROW-LaVerta.part1 2014-02-16 07:08 - 2012-11-04 10:41 - 00000000 ____D () C:\Users\ml\Downloads\wordpress_342-de 2014-02-16 07:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2014-02-16 07:07 - 2013-10-22 22:39 - 00000000 ____D () C:\Users\ml\Downloads\HiSuiteSetup_v1.8.10.1706 2014-02-16 07:07 - 2012-11-10 13:29 - 00000000 ____D () C:\Users\ml\Downloads\contact-form-7331 2014-02-16 07:07 - 2011-05-17 18:33 - 00000000 ____D () C:\Users\ml\Downloads\Mainboard_Treiber 2014-02-16 07:07 - 2010-07-23 19:04 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Malwarebytes 2014-02-16 02:26 - 2010-03-20 12:55 - 00000000 ____D () C:\Program Files\Steam 2014-02-15 22:29 - 2010-03-05 00:16 - 01644414 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-15 22:22 - 2014-02-15 15:08 - 00000340 _____ () C:\Users\ml\defogger_reenable 2014-02-15 21:15 - 2014-02-15 21:15 - 00293592 _____ () C:\Users\linuel\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Startmenü 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Netzwerkumgebung 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Druckumgebung 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Musik 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Bilder 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Local\Verlauf 2014-02-13 22:52 - 2014-02-13 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-02-13 21:19 - 2014-02-13 21:18 - 00000109 _____ () C:\Users\ml\Documents\mwb-am.TXT 2014-02-12 19:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-12 18:43 - 2014-02-11 21:51 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-02-11 22:41 - 2014-02-11 22:41 - 04745728 _____ (AVAST Software) C:\Users\ml\Downloads\aswMBR.exe 2014-02-11 22:15 - 2014-02-11 22:14 - 00267492 _____ () C:\Windows\msxml4-KB2758694-deu.LOG 2014-02-11 22:14 - 2011-04-03 13:47 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-02-11 22:08 - 2011-07-19 19:14 - 00086016 ___SH () C:\Users\ml\Documents\Thumbs.db 2014-02-11 21:56 - 2013-11-24 02:17 - 00012248 _____ () C:\Windows\IE11_main.log 2014-02-11 21:52 - 2014-02-11 21:45 - 451422799 _____ (WinFuture) C:\Users\ml\Downloads\WinFuture_7SP1_x86_UpdatePack_2.34_Januar_2014-Vollversion.exe 2014-02-11 21:50 - 2014-02-11 21:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ml\Downloads\mbar-1.07.0.1009.exe 2014-02-11 21:50 - 2014-02-11 21:49 - 00000000 ____D () C:\Program Files\Malwarebytes_Anti-Rootkit 2014-02-11 21:25 - 2010-03-05 01:56 - 00293592 _____ () C:\Users\ml\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-11 21:13 - 2009-07-14 05:33 - 02828184 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-11 21:12 - 2010-03-05 01:45 - 00234518 _____ () C:\Windows\PFRO.log 2014-02-11 20:32 - 2014-02-11 20:16 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE 2014-02-11 20:15 - 2014-02-11 20:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ATLAN-Microsoft-Windows-7-Professional-(32-bit).dat 2014-02-11 20:13 - 2014-02-11 20:13 - 00000000 ____D () C:\RegBackup 2014-02-11 18:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-02-11 18:23 - 2014-02-11 18:23 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-11 18:23 - 2014-02-11 18:17 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-11 18:20 - 2014-02-11 18:20 - 00000000 ____D () C:\Program Files\Tweaking 2014-02-09 12:25 - 2010-03-14 13:28 - 00000354 _____ () C:\Windows\Tasks\At1.job 2014-02-08 23:15 - 2014-01-10 18:09 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Awesomium 2014-02-06 19:23 - 2012-04-11 19:14 - 00000000 ____D () C:\ProgramData\Origin 2014-02-06 19:21 - 2012-04-11 19:18 - 00000000 ____D () C:\Program Files\Origin 2014-02-06 18:31 - 2014-02-06 18:31 - 00924173 _____ () C:\Users\ml\Downloads\BrMain480.exe 2014-02-06 18:24 - 2010-03-20 09:32 - 00000425 _____ () C:\Windows\BRWMARK.INI 2014-02-06 18:04 - 2013-12-16 21:18 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-02-06 11:38 - 2014-02-11 23:54 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-06 11:20 - 2014-02-11 23:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-06 11:19 - 2014-02-11 23:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-06 11:01 - 2014-02-11 23:54 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-06 11:00 - 2014-02-11 23:54 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-06 10:57 - 2014-02-11 23:54 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-06 10:52 - 2014-02-11 23:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-06 10:52 - 2014-02-11 23:54 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-06 10:49 - 2014-02-11 23:54 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-06 10:47 - 2014-02-11 23:54 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-06 10:47 - 2014-02-11 23:54 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-06 10:46 - 2014-02-11 23:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-06 10:34 - 2014-02-11 23:54 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-06 10:25 - 2014-02-11 23:54 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-06 10:25 - 2014-02-11 23:54 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-06 10:13 - 2014-02-11 23:54 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-06 10:09 - 2014-02-11 23:54 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-06 10:03 - 2014-02-11 23:54 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-06 09:41 - 2014-02-11 23:54 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-06 09:36 - 2014-02-11 23:54 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-06 09:34 - 2014-02-11 23:54 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-05 21:55 - 2012-05-14 23:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-05 21:55 - 2011-05-19 18:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-03 23:24 - 2010-03-05 16:33 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Skype 2014-02-03 20:14 - 2010-03-06 14:47 - 00000000 ____D () C:\Users\ml\AppData\Roaming\TS3Client 2014-02-02 20:56 - 2013-10-04 19:02 - 00000000 ____D () C:\Users\ml\AppData\Local\Battle.net 2014-02-02 01:10 - 2014-02-02 01:10 - 00000000 ____D () C:\Users\ml\AppData\Local\BigHugeEngine 2014-01-30 20:41 - 2014-01-21 18:57 - 00001159 _____ () C:\Users\ml\Desktop\Amazon Cloud Player.lnk 2014-01-30 20:41 - 2014-01-21 18:57 - 00000000 ____D () C:\Users\ml\AppData\Local\Amazon Cloud Player 2014-01-29 22:08 - 2010-03-20 12:55 - 00000000 ____D () C:\Program Files\Common Files\Steam 2014-01-27 21:52 - 2014-01-26 00:41 - 00000635 _____ () C:\Users\Public\Desktop\UFO Aftershock.lnk 2014-01-26 00:47 - 2014-01-26 00:47 - 22607745 _____ () C:\Users\ml\Downloads\ufoaftershock_patch_1_2-including_previous_patch.zip 2014-01-26 00:45 - 2014-01-26 00:45 - 03123262 _____ () C:\Users\ml\Downloads\ufo_aftershock_patch_1_3.zip 2014-01-26 00:45 - 2014-01-26 00:45 - 03122287 _____ () C:\Users\ml\Downloads\Ufo-Aftershock-Patch-1.3.zip 2014-01-26 00:44 - 2014-01-26 00:44 - 02028396 _____ () C:\Users\ml\Downloads\UFO_Aftershock_v1.2.1_Patch.zip 2014-01-26 00:40 - 2010-03-05 00:40 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-01-21 21:29 - 2014-01-21 21:29 - 03669884 _____ () C:\Users\ml\Downloads\DarkHorizon_v1.0.6.0_Patch.zip 2014-01-20 21:46 - 2014-01-20 21:45 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-20 21:46 - 2013-10-17 21:24 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-20 21:46 - 2012-03-18 15:32 - 00000000 ____D () C:\Program Files\Java 2014-01-20 21:43 - 2010-03-14 16:43 - 00000000 ____D () C:\Users\ml\AppData\Local\Adobe 2014-01-18 18:21 - 2013-10-09 18:16 - 00000000 ____D () C:\Program Files\Hearthstone 2014-01-17 22:32 - 2013-10-04 19:02 - 00000000 ____D () C:\Program Files\Battle.net 2014-01-17 22:32 - 2012-05-14 18:11 - 00000000 ____D () C:\Program Files\Diablo III 2014-01-17 16:58 - 2012-11-21 21:56 - 00015726 _____ () C:\Users\ml\Documents\Geburtstage_Adressen.odt 2014-01-17 16:36 - 2010-03-05 01:02 - 00073312 _____ () C:\Windows\DirectX.log 2014-01-17 00:10 - 2010-03-05 01:58 - 00000000 ____D () C:\Windows\system32\directx 2014-01-17 00:09 - 2010-10-03 09:06 - 00000000 ____D () C:\Program Files\THQ Files to move or delete: ==================== C:\Windows\Tasks\At1.job Some content of TEMP: ==================== C:\Users\ml\AppData\Local\Temp\11-8_vista32_win7_32_dd_ccc_ocl.exe C:\Users\ml\AppData\Local\Temp\CheatEngine63Clean.exe C:\Users\ml\AppData\Local\Temp\CmdLineExt03.dll C:\Users\ml\AppData\Local\Temp\CTPBSeq.exe C:\Users\ml\AppData\Local\Temp\devcon.exe C:\Users\ml\AppData\Local\Temp\DivXSetup.exe C:\Users\ml\AppData\Local\Temp\drm_dyndata_7370012.dll C:\Users\ml\AppData\Local\Temp\drm_dyndata_7400006.dll C:\Users\ml\AppData\Local\Temp\GdiPlus.dll C:\Users\ml\AppData\Local\Temp\installerdll.dll C:\Users\ml\AppData\Local\Temp\InstallerMessageBox.exe C:\Users\ml\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\mbam-setup.exe C:\Users\ml\AppData\Local\Temp\MSVBVM60.DLL C:\Users\ml\AppData\Local\Temp\NPSInstallerProxy.exe C:\Users\ml\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll C:\Users\ml\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\ml\AppData\Local\Temp\nvSCPAPI.dll C:\Users\ml\AppData\Local\Temp\nvStereoApiI.dll C:\Users\ml\AppData\Local\Temp\nvStInst.exe C:\Users\ml\AppData\Local\Temp\patchw32.dll C:\Users\ml\AppData\Local\Temp\Quarantine.exe C:\Users\ml\AppData\Local\Temp\RSPUpgradeInstaller.exe C:\Users\ml\AppData\Local\Temp\SIntf16.dll C:\Users\ml\AppData\Local\Temp\SIntf32.dll C:\Users\ml\AppData\Local\Temp\SIntfNT.dll C:\Users\ml\AppData\Local\Temp\SkypeSetup.exe C:\Users\ml\AppData\Local\Temp\tmp4CE7.exe C:\Users\ml\AppData\Local\Temp\tmp508F.exe C:\Users\ml\AppData\Local\Temp\tmp5F8D.exe C:\Users\ml\AppData\Local\Temp\tmp61AF.exe C:\Users\ml\AppData\Local\Temp\tmp7010.exe C:\Users\ml\AppData\Local\Temp\tmp96A3.exe C:\Users\ml\AppData\Local\Temp\Uninst.exe C:\Users\ml\AppData\Local\Temp\_is77CF.exe C:\Users\ml\AppData\Local\Temp\_isE495.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-08 13:54 ==================== End Of Log ============================ --- --- --- --- --- --- Geändert von Nesk1 (16.02.2014 um 10:37 Uhr) |
|
17.02.2014, 10:10
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht Das sind bestimmt versteckte DAteien und Ordner. Screenshot bitte. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.02.2014, 22:34
| #5 |
| | Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht Ok hier die Logs: Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d65fe67596c5d6478189be3a34fa2c98
# engine=17108
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-17 10:12:48
# local_time=2014-02-17 11:12:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1285 16777213 100 100 8302 89323080 0 0
# compatibility_mode=5893 16776573 100 94 114289 144306359 0 0
# scanned=291805
# found=0
# cleaned=0
# scan_time=5907
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d65fe67596c5d6478189be3a34fa2c98
# engine=17123
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-18 09:05:26
# local_time=2014-02-18 10:05:26 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1285 16777213 100 100 12869 89405438 0 0
# compatibility_mode=5893 16776573 100 94 196647 144388717 0 0
# scanned=492124
# found=0
# cleaned=0
# scan_time=12557
Code:
ATTFilter Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 22 Java(TM) 6 Update 29 Java 7 Update 51 Adobe Flash Player 12.0.0.44 Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox (27.0.1) Mozilla Thunderbird (24.3.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Kaspersky Lab Kaspersky Internet Security 2012 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014 Ran by ml (administrator) on ATLAN on 18-02-2014 22:22:45 Running from C:\Users\ml\Desktop\logs Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\system32\atiesrxx.exe (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe (AMD) C:\Windows\system32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe () C:\Program Files\AMD\OverDrive\AODAssist.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Teruten) C:\Windows\system32\FsUsbExService.Exe () C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe () C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe (NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe () C:\Windows\system32\PnkBstrA.exe () C:\Windows\system32\PnkBstrB.exe (StarWind Software) C:\Program Files\alcohol\StarWind\StarWindServiceAE.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Creative Technology Ltd.) C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) C:\Windows\System32\CTHELPER.EXE (Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Creative Technology Ltd) C:\Windows\SYSTEM32\CTXFISPI.EXE (Corsair Components Inc) C:\Maus_M90\M90Hid.exe (Corsair Components Inc) C:\Maus_M90\CorsTra.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Creative Technology Ltd) C:\Windows\System32\Ctxfihlp.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Creative Technology Ltd) C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe () C:\Program Files\HiSuite\HiSuite.exe () C:\Users\ml\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe (Creative Technology Ltd.) C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe () C:\Users\ml\AppData\Local\HiSuite\userdata\hwtools\hwtransport.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RCSystem] - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [57344 2006-11-22] (Creative Technology Ltd.) HKLM\...\Run: [AudioDrvEmulator] - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [57344 2006-11-22] (Creative Technology Ltd.) HKLM\...\Run: [VolPanel] - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [180224 2006-12-06] (Creative Technology Ltd) HKLM\...\Run: [CTHelper] - C:\Windows\system32\CTHELPER.EXE [19456 2007-03-05] (Creative Technology Ltd) HKLM\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated) HKLM\...\Run: [ProfilerU] - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [237568 2009-09-11] (Saitek) HKLM\...\Run: [SaiMfd] - C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [131072 2009-09-11] (Saitek) HKLM\...\Run: [ Malwarebytes Anti-Malware (reboot)] - "C:\Program Files\Anti-Malware\mbam.exe" /runcleanupscript HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO) HKLM\...\Run: [NPSStartup] - [X] HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM\...\Run: [Corsair Garros] - C:\Maus_M90\M90Hid.exe [1768960 2012-05-22] (Corsair Components Inc) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC) HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] () HKLM\...\Run: [CTxfiHlp] - C:\Windows\system32\CTXFIHLP.EXE [25600 2010-05-05] (Creative Technology Ltd) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO) HKU\.DEFAULT\...\Run: [CtxfiReg] - CTXFIREG.exe /FAIL1 HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [AlcoholAutomount] - C:\Program Files\alcohol\AxAutoMntSrv.exe [33120 2009-11-15] (Alcohol Soft Development Team) HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-27] () HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Creative MediaSource Go] - C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe [204800 2006-11-09] (Creative Technology Ltd) HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Mobile Partner] - C:\Program Files\HiSuite\HiSuite.exe [583488 2013-07-11] () HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\Run: [Amazon Cloud Player] - C:\Users\ml\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] () HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\MountPoints2: D - D:\ASRSetup.exe HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\MountPoints2: {cb124b1d-2f7c-11df-997d-6cf04902646e} - F:\Setup.exe HKU\S-1-5-21-3132632257-3045653775-2901208091-1001\...\MountPoints2: {f4c6a2a3-3b33-11e3-817b-bc5ff40f2dd2} - G:\autorun.exe Startup: C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Profiler.lnk ShortcutTarget: Profiler.lnk -> C:\Windows\Installer\{46A219BA-FA02-43B6-8E46-4704B39251DD}\Profiler.exe (Saitek) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10005’ SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’ SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’ SearchScopes: HKCU - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’ SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://tbsearch.ask.com/redirect?client=ie&tb=BTV5&o=10148&src=crm&q={searchTerms}&locale=en_US SearchScopes: HKCU - {47802076-0332-47D7-AB21-698498446961} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’ BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 62.109.121.1 62.109.121.2 FireFox: ======== FF ProfilePath: C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default FF user.js: detected! => C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\user.js FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1))%20%7B%20return%20'PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\ml\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\staged [2014-02-18] FF Extension: FT DeepDark - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-02-11] FF Extension: Firebug - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\firebug@software.joehewitt.com.xpi [2012-12-14] FF Extension: YouTube MP3 Download - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\jid0-Z0Vu9hJlqV0fhIAPqPfmUCNubYQ@jetpack.xpi [2013-07-20] FF Extension: ProxMate - Proxy on steroids! - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-10-19] FF Extension: TinEye Reverse Image Search - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\tineye@ideeinc.com.xpi [2013-04-19] FF Extension: NoScript - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-12-14] FF Extension: FireFTP - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-12-14] FF Extension: Adblock Plus - C:\Users\ml\AppData\Roaming\Mozilla\Firefox\Profiles\6y5bomt0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-14] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-02-16] FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF Extension: Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011-11-01] FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011-11-01] FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011-11-01] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-01] ========================== Services (Whitelisted) ================= R2 AODService; C:\Program Files\AMD\OverDrive\AODAssist.exe [136616 2010-04-23] () R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-03-05] (Creative Labs) R2 HiSuiteOuc.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe [116032 2013-07-11] () R2 HuaweiHiSuiteService.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe [158208 2013-05-02] () S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [192832 2011-09-19] (NVIDIA) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2014-01-02] () R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [107832 2014-01-02] () S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies) R2 StarWindServiceAE; C:\Program Files\alcohol\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) S3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [X] ==================== Drivers (Whitelisted) ==================== R3 AmdTools; C:\Windows\System32\DRIVERS\AmdTools.sys [42552 2008-04-28] (AMD, Inc.) R3 AODDriver2; C:\Program Files\AMD\OverDrive\i386\AODDriver2.sys [36864 2010-04-23] (Advanced Micro Devices) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-07-07] () S3 CamDrL; C:\Windows\System32\DRIVERS\Camdrl.sys [1075360 2007-02-03] (Logitech Inc.) S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [98616 2007-03-05] (Creative Technology Ltd) R3 CORSGMS; C:\Windows\System32\Drivers\CORSGMS.sys [18432 2012-03-27] ( ) S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [552248 2007-03-05] (Creative Technology Ltd) S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2010-05-05] (Creative Technology Ltd) S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [174392 2007-03-05] (Creative Technology Ltd) S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [286520 2007-03-05] (Creative Technology Ltd) S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [134968 2007-03-05] (Creative Technology Ltd) R3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [329528 2007-03-05] (Creative Technology Ltd) S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [101176 2007-03-05] (Creative Technology Ltd) S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [566584 2007-03-05] (Creative Technology Ltd) S3 dbustrcm; C:\Users\ml\AppData\Local\Temp\dbustrcm.sys [31744 2013-09-01] () R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [32384 2011-02-08] (Etron Technology Inc) R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [52352 2011-02-08] (Etron Technology Inc) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [586072 2012-10-31] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [23856 2011-03-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19984 2009-11-02] (Kaspersky Lab) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-07-07] () R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-02-12] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 RivaTuner32; C:\Program Files\RivaTuner\RivaTuner32.sys [9088 2009-08-22] () R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [104960 2008-01-21] (Saitek) S3 SaiK0CEA; C:\Windows\System32\DRIVERS\SaiK0CEA.sys [104960 2008-04-04] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [20744 2009-09-14] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [43656 2009-09-14] (Saitek) S3 SaiU0CEA; C:\Windows\System32\DRIVERS\SaiU0CEA.sys [28544 2008-04-04] (Saitek) R1 SAVRKBootTasks; C:\Windows\system32\SAVRKBootTasks.sys [18816 2010-05-26] (Sophos Plc) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-03-14] () S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation) R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () R3 V0260VID; C:\Windows\System32\DRIVERS\V0260Vid.sys [154560 2007-05-25] (Creative Technology Ltd.) U3 agr3p5sn; C:\Windows\system32\Drivers\agr3p5sn.sys [0 ] (Microsoft Corporation) S3 amdiox86; system32\DRIVERS\amdiox86.sys [X] S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [X] S3 atillk64; \??\C:\Program Files\AMD GPU Clock Tool\atillk64.sys [X] S3 CT20XUT.DLL; system32\CT20XUT.DLL [X] S3 CTEXFIFX.DLL; system32\CTEXFIFX.DLL [X] S3 CTHWIUT.DLL; system32\CTHWIUT.DLL [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2011-10-24] (Huawei Technologies Co., Ltd.) S3 MEMSWEEP2; \??\C:\Windows\system32\34.tmp [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-18 22:22 - 2014-02-18 22:22 - 01141248 _____ (Farbar) C:\Users\ml\Downloads\FRST.exe 2014-02-18 22:11 - 2014-02-18 22:11 - 00987425 _____ () C:\Users\ml\Downloads\SecurityCheck.exe 2014-02-17 21:27 - 2014-02-17 21:27 - 02347384 _____ (ESET) C:\Users\ml\Downloads\esetsmartinstaller_enu.exe 2014-02-16 18:02 - 2014-02-16 18:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-16 14:56 - 2014-02-17 00:16 - 00000000 ___RD () C:\Users\linuel.atlan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-16 14:56 - 2014-02-17 00:16 - 00000000 ___RD () C:\Users\linuel.atlan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-16 14:56 - 2014-02-17 00:16 - 00000000 ____D () C:\Users\linuel.atlan 2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Startmenü 2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Netzwerkumgebung 2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Druckumgebung 2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Documents\Eigene Musik 2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Documents\Eigene Bilder 2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\AppData\Local\Verlauf 2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 ____D () C:\Users\linuel.atlan\AppData\Local\VirtualStore 2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 ____D () C:\Users\linuel.atlan\AppData\Local\NVIDIA Corporation 2014-02-16 09:27 - 2014-02-17 00:16 - 00000000 ____D () C:\AdwCleaner 2014-02-16 08:33 - 2014-02-16 08:33 - 00000000 ____D () C:\Program Files\Skype 2014-02-15 22:19 - 2014-02-15 22:19 - 00050477 _____ () C:\Users\ml\Downloads\Defogger.exe 2014-02-15 21:15 - 2014-02-15 21:15 - 00293592 _____ () C:\Users\linuel\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-15 21:10 - 2014-02-16 07:08 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-15 21:10 - 2014-02-16 07:08 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-15 21:10 - 2014-02-16 07:08 - 00000000 ____D () C:\Users\linuel 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Startmenü 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Netzwerkumgebung 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Druckumgebung 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Musik 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Bilder 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Local\Verlauf 2014-02-15 15:08 - 2014-02-15 22:22 - 00000340 _____ () C:\Users\ml\defogger_reenable 2014-02-15 13:00 - 2014-02-18 22:22 - 00000000 ____D () C:\FRST 2014-02-13 21:40 - 2014-02-13 22:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-02-13 21:18 - 2014-02-13 21:19 - 00000109 _____ () C:\Users\ml\Documents\mwb-am.TXT 2014-02-11 23:54 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-11 23:54 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-11 23:54 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-11 23:54 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-11 23:54 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-11 23:54 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-11 23:54 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-11 23:54 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-11 23:54 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-11 23:54 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-11 23:54 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-11 23:54 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-11 23:54 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-11 23:54 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-11 23:54 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-11 23:54 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-11 23:54 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-11 23:54 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-11 23:54 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-11 23:54 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-11 23:54 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-11 23:44 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-11 22:41 - 2014-02-11 22:41 - 04745728 _____ (AVAST Software) C:\Users\ml\Downloads\aswMBR.exe 2014-02-11 22:14 - 2014-02-11 22:15 - 00267492 _____ () C:\Windows\msxml4-KB2758694-deu.LOG 2014-02-11 21:51 - 2014-02-12 18:43 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-02-11 21:50 - 2014-02-11 21:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ml\Downloads\mbar-1.07.0.1009.exe 2014-02-11 21:49 - 2014-02-11 21:50 - 00000000 ____D () C:\Program Files\Malwarebytes_Anti-Rootkit 2014-02-11 21:45 - 2014-02-11 21:52 - 451422799 _____ (WinFuture) C:\Users\ml\Downloads\WinFuture_7SP1_x86_UpdatePack_2.34_Januar_2014-Vollversion.exe 2014-02-11 21:29 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-11 21:29 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-11 21:29 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-11 21:29 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-11 21:29 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-11 21:29 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-11 21:29 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-11 21:29 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-11 21:29 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-11 21:29 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-11 21:29 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-11 21:29 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-11 21:29 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-11 21:29 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-11 20:16 - 2014-02-11 20:32 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE 2014-02-11 20:15 - 2014-02-11 20:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ATLAN-Microsoft-Windows-7-Professional-(32-bit).dat 2014-02-11 20:13 - 2014-02-11 20:13 - 00000000 ____D () C:\RegBackup 2014-02-11 18:23 - 2014-02-11 18:23 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-11 18:20 - 2014-02-11 18:20 - 00000000 ____D () C:\Program Files\Tweaking 2014-02-11 18:17 - 2014-02-11 18:23 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-11 18:17 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-06 18:31 - 2014-02-06 18:31 - 00924173 _____ () C:\Users\ml\Downloads\BrMain480.exe 2014-02-02 01:10 - 2014-02-02 01:10 - 00000000 ____D () C:\Users\ml\AppData\Local\BigHugeEngine 2014-01-26 00:47 - 2014-01-26 00:47 - 22607745 _____ () C:\Users\ml\Downloads\ufoaftershock_patch_1_2-including_previous_patch.zip 2014-01-26 00:45 - 2014-01-26 00:45 - 03123262 _____ () C:\Users\ml\Downloads\ufo_aftershock_patch_1_3.zip 2014-01-26 00:45 - 2014-01-26 00:45 - 03122287 _____ () C:\Users\ml\Downloads\Ufo-Aftershock-Patch-1.3.zip 2014-01-26 00:44 - 2014-01-26 00:44 - 02028396 _____ () C:\Users\ml\Downloads\UFO_Aftershock_v1.2.1_Patch.zip 2014-01-26 00:41 - 2014-01-27 21:52 - 00000635 _____ () C:\Users\Public\Desktop\UFO Aftershock.lnk 2014-01-21 21:29 - 2014-01-21 21:29 - 03669884 _____ () C:\Users\ml\Downloads\DarkHorizon_v1.0.6.0_Patch.zip 2014-01-21 18:57 - 2014-02-17 00:16 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player 2014-01-21 18:57 - 2014-01-30 20:41 - 00001159 _____ () C:\Users\ml\Desktop\Amazon Cloud Player.lnk 2014-01-21 18:57 - 2014-01-30 20:41 - 00000000 ____D () C:\Users\ml\AppData\Local\Amazon Cloud Player 2014-01-20 21:46 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-01-20 21:46 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-01-20 21:46 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-01-20 21:46 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-01-20 21:45 - 2014-01-20 21:46 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log ==================== One Month Modified Files and Folders ======= 2014-02-18 22:23 - 2010-03-05 00:07 - 01629824 _____ () C:\Windows\WindowsUpdate.log 2014-02-18 22:22 - 2014-02-18 22:22 - 01141248 _____ (Farbar) C:\Users\ml\Downloads\FRST.exe 2014-02-18 22:22 - 2014-02-15 13:00 - 00000000 ____D () C:\FRST 2014-02-18 22:11 - 2014-02-18 22:11 - 00987425 _____ () C:\Users\ml\Downloads\SecurityCheck.exe 2014-02-18 22:06 - 2010-03-05 00:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-02-18 21:55 - 2012-07-05 16:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-18 19:02 - 2011-01-01 10:54 - 00000000 ____D () C:\Users\ml\AppData\Local\PMB Files 2014-02-18 18:36 - 2009-07-14 05:34 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-18 18:36 - 2009-07-14 05:34 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-18 18:35 - 2010-03-05 00:16 - 01644414 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-18 18:31 - 2011-12-10 17:37 - 00000322 _____ () C:\Windows\Tasks\DriverScanner.job 2014-02-18 18:30 - 2012-04-21 23:17 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-02-18 18:30 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-18 18:30 - 2009-07-14 05:39 - 00179388 _____ () C:\Windows\setupact.log 2014-02-17 21:27 - 2014-02-17 21:27 - 02347384 _____ (ESET) C:\Users\ml\Downloads\esetsmartinstaller_enu.exe 2014-02-17 20:54 - 2012-05-05 06:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-02-17 00:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-02-17 00:16 - 2014-02-16 14:56 - 00000000 ___RD () C:\Users\linuel.atlan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-17 00:16 - 2014-02-16 14:56 - 00000000 ___RD () C:\Users\linuel.atlan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-17 00:16 - 2014-02-16 14:56 - 00000000 ____D () C:\Users\linuel.atlan 2014-02-17 00:16 - 2014-02-16 09:27 - 00000000 ____D () C:\AdwCleaner 2014-02-17 00:16 - 2014-01-21 18:57 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player 2014-02-17 00:16 - 2012-08-16 19:31 - 00000000 ____D () C:\Users\ml\AppData\Local\CCP 2014-02-17 00:16 - 2012-04-21 23:27 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision 2014-02-17 00:16 - 2012-04-01 10:50 - 00000000 ____D () C:\ProgramData\SweetIM 2014-02-17 00:16 - 2012-04-01 10:50 - 00000000 ____D () C:\Program Files\SweetIM 2014-02-17 00:16 - 2011-12-10 17:16 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Uniblue 2014-02-17 00:16 - 2011-12-10 17:16 - 00000000 ____D () C:\Program Files\Uniblue 2014-02-17 00:16 - 2011-07-17 00:33 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps 2014-02-17 00:16 - 2010-05-02 09:31 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-02-17 00:16 - 2010-04-28 19:40 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-02-17 00:16 - 2010-04-06 18:55 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition 2014-02-17 00:16 - 2010-03-20 12:57 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-02-17 00:16 - 2010-03-05 00:14 - 00000000 ___RD () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-17 00:16 - 2010-03-05 00:14 - 00000000 ___RD () C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-17 00:16 - 2010-02-08 23:40 - 00000000 ____D () C:\spiele 2014-02-17 00:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2014-02-17 00:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat 2014-02-16 22:41 - 2010-03-20 12:55 - 00000000 ____D () C:\Program Files\Steam 2014-02-16 18:03 - 2014-02-16 18:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-16 15:22 - 2010-06-10 19:28 - 00000000 ____D () C:\ProgramData\Skype 2014-02-16 15:19 - 2010-03-05 00:14 - 00000000 ____D () C:\Users\ml 2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Startmenü 2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Netzwerkumgebung 2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Druckumgebung 2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Documents\Eigene Musik 2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\Documents\Eigene Bilder 2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 _SHDL () C:\Users\linuel.atlan\AppData\Local\Verlauf 2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 ____D () C:\Users\linuel.atlan\AppData\Local\VirtualStore 2014-02-16 14:56 - 2014-02-16 14:56 - 00000000 ____D () C:\Users\linuel.atlan\AppData\Local\NVIDIA Corporation 2014-02-16 09:49 - 2011-12-10 17:36 - 00000000 ____D () C:\ProgramData\Uniblue 2014-02-16 08:33 - 2014-02-16 08:33 - 00000000 ____D () C:\Program Files\Skype 2014-02-16 07:09 - 2013-05-18 01:29 - 00000000 ____D () C:\Users\ml\Downloads\sound 2014-02-16 07:09 - 2012-07-01 19:20 - 00000000 ____D () C:\Users\ml\Downloads\ydkj 2014-02-16 07:09 - 2012-03-02 17:00 - 00000000 ____D () C:\Users\ml\Downloads\mflpro 2014-02-16 07:09 - 2011-12-13 17:50 - 00000000 ____D () C:\Users\ml\Downloads\cpu-z 2014-02-16 07:09 - 2011-12-10 17:16 - 00000000 ____D () C:\Program Files\CrystalDiskInfo 2014-02-16 07:09 - 2011-12-05 23:24 - 00000000 ____D () C:\Users\ml\Downloads\RoT 2014-02-16 07:09 - 2011-06-12 21:35 - 00000000 ____D () C:\Users\ml\Downloads\directx9c 2014-02-16 07:09 - 2011-03-06 01:01 - 00000000 ____D () C:\Users\ml\Downloads\xbox360ce 2014-02-16 07:09 - 2010-10-03 09:05 - 00000000 ____D () C:\Users\ml\Downloads\gpg 2014-02-16 07:09 - 2010-07-28 18:08 - 00000000 ____D () C:\Users\ml\AppData\Roaming\vlc 2014-02-16 07:09 - 2010-03-05 01:04 - 00000000 ____D () C:\Windows\system32\Data 2014-02-16 07:08 - 2014-02-15 21:10 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-16 07:08 - 2014-02-15 21:10 - 00000000 ___RD () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-16 07:08 - 2014-02-15 21:10 - 00000000 ____D () C:\Users\linuel 2014-02-16 07:08 - 2013-10-30 23:57 - 00000000 ____D () C:\Users\ml\Downloads\simc-540-5-win32 2014-02-16 07:08 - 2012-11-11 11:45 - 00000000 ____D () C:\Users\ml\Downloads\Sine.Mora-SKIDROW-LaVerta.part1 2014-02-16 07:08 - 2012-11-04 10:41 - 00000000 ____D () C:\Users\ml\Downloads\wordpress_342-de 2014-02-16 07:07 - 2013-10-22 22:39 - 00000000 ____D () C:\Users\ml\Downloads\HiSuiteSetup_v1.8.10.1706 2014-02-16 07:07 - 2012-11-10 13:29 - 00000000 ____D () C:\Users\ml\Downloads\contact-form-7331 2014-02-16 07:07 - 2011-05-17 18:33 - 00000000 ____D () C:\Users\ml\Downloads\Mainboard_Treiber 2014-02-16 07:07 - 2010-07-23 19:04 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Malwarebytes 2014-02-15 22:22 - 2014-02-15 15:08 - 00000340 _____ () C:\Users\ml\defogger_reenable 2014-02-15 22:19 - 2014-02-15 22:19 - 00050477 _____ () C:\Users\ml\Downloads\Defogger.exe 2014-02-15 21:15 - 2014-02-15 21:15 - 00293592 _____ () C:\Users\linuel\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Startmenü 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Netzwerkumgebung 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Druckumgebung 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Musik 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\Documents\Eigene Bilder 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-02-15 21:10 - 2014-02-15 21:10 - 00000000 _SHDL () C:\Users\linuel\AppData\Local\Verlauf 2014-02-13 22:52 - 2014-02-13 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-02-13 21:19 - 2014-02-13 21:18 - 00000109 _____ () C:\Users\ml\Documents\mwb-am.TXT 2014-02-12 19:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-02-12 18:43 - 2014-02-11 21:51 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-02-11 22:41 - 2014-02-11 22:41 - 04745728 _____ (AVAST Software) C:\Users\ml\Downloads\aswMBR.exe 2014-02-11 22:15 - 2014-02-11 22:14 - 00267492 _____ () C:\Windows\msxml4-KB2758694-deu.LOG 2014-02-11 22:14 - 2011-04-03 13:47 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-02-11 22:08 - 2011-07-19 19:14 - 00086016 ___SH () C:\Users\ml\Documents\Thumbs.db 2014-02-11 21:56 - 2013-11-24 02:17 - 00012248 _____ () C:\Windows\IE11_main.log 2014-02-11 21:52 - 2014-02-11 21:45 - 451422799 _____ (WinFuture) C:\Users\ml\Downloads\WinFuture_7SP1_x86_UpdatePack_2.34_Januar_2014-Vollversion.exe 2014-02-11 21:50 - 2014-02-11 21:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ml\Downloads\mbar-1.07.0.1009.exe 2014-02-11 21:50 - 2014-02-11 21:49 - 00000000 ____D () C:\Program Files\Malwarebytes_Anti-Rootkit 2014-02-11 21:25 - 2010-03-05 01:56 - 00293592 _____ () C:\Users\ml\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-11 21:13 - 2009-07-14 05:33 - 02828184 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-11 21:12 - 2010-03-05 01:45 - 00234518 _____ () C:\Windows\PFRO.log 2014-02-11 20:32 - 2014-02-11 20:16 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE 2014-02-11 20:15 - 2014-02-11 20:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ATLAN-Microsoft-Windows-7-Professional-(32-bit).dat 2014-02-11 20:13 - 2014-02-11 20:13 - 00000000 ____D () C:\RegBackup 2014-02-11 18:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-02-11 18:23 - 2014-02-11 18:23 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-11 18:23 - 2014-02-11 18:17 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-11 18:20 - 2014-02-11 18:20 - 00000000 ____D () C:\Program Files\Tweaking 2014-02-09 12:25 - 2010-03-14 13:28 - 00000354 _____ () C:\Windows\Tasks\At1.job 2014-02-08 23:15 - 2014-01-10 18:09 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Awesomium 2014-02-06 19:23 - 2012-04-11 19:14 - 00000000 ____D () C:\ProgramData\Origin 2014-02-06 19:21 - 2012-04-11 19:18 - 00000000 ____D () C:\Program Files\Origin 2014-02-06 18:31 - 2014-02-06 18:31 - 00924173 _____ () C:\Users\ml\Downloads\BrMain480.exe 2014-02-06 18:24 - 2010-03-20 09:32 - 00000425 _____ () C:\Windows\BRWMARK.INI 2014-02-06 18:04 - 2013-12-16 21:18 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-02-06 11:38 - 2014-02-11 23:54 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-06 11:20 - 2014-02-11 23:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-06 11:19 - 2014-02-11 23:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-06 11:01 - 2014-02-11 23:54 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-06 11:00 - 2014-02-11 23:54 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-06 10:57 - 2014-02-11 23:54 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-06 10:52 - 2014-02-11 23:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-06 10:52 - 2014-02-11 23:54 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-06 10:49 - 2014-02-11 23:54 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-06 10:47 - 2014-02-11 23:54 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-06 10:47 - 2014-02-11 23:54 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-06 10:46 - 2014-02-11 23:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-06 10:34 - 2014-02-11 23:54 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-06 10:25 - 2014-02-11 23:54 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-06 10:25 - 2014-02-11 23:54 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-06 10:13 - 2014-02-11 23:54 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-06 10:09 - 2014-02-11 23:54 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-06 10:03 - 2014-02-11 23:54 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-06 09:41 - 2014-02-11 23:54 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-06 09:36 - 2014-02-11 23:54 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-06 09:34 - 2014-02-11 23:54 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-05 21:55 - 2012-05-14 23:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-02-05 21:55 - 2011-05-19 18:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-02-03 23:24 - 2010-03-05 16:33 - 00000000 ____D () C:\Users\ml\AppData\Roaming\Skype 2014-02-03 20:14 - 2010-03-06 14:47 - 00000000 ____D () C:\Users\ml\AppData\Roaming\TS3Client 2014-02-02 20:56 - 2013-10-04 19:02 - 00000000 ____D () C:\Users\ml\AppData\Local\Battle.net 2014-02-02 01:10 - 2014-02-02 01:10 - 00000000 ____D () C:\Users\ml\AppData\Local\BigHugeEngine 2014-01-30 20:41 - 2014-01-21 18:57 - 00001159 _____ () C:\Users\ml\Desktop\Amazon Cloud Player.lnk 2014-01-30 20:41 - 2014-01-21 18:57 - 00000000 ____D () C:\Users\ml\AppData\Local\Amazon Cloud Player 2014-01-29 22:08 - 2010-03-20 12:55 - 00000000 ____D () C:\Program Files\Common Files\Steam 2014-01-27 21:52 - 2014-01-26 00:41 - 00000635 _____ () C:\Users\Public\Desktop\UFO Aftershock.lnk 2014-01-26 00:47 - 2014-01-26 00:47 - 22607745 _____ () C:\Users\ml\Downloads\ufoaftershock_patch_1_2-including_previous_patch.zip 2014-01-26 00:45 - 2014-01-26 00:45 - 03123262 _____ () C:\Users\ml\Downloads\ufo_aftershock_patch_1_3.zip 2014-01-26 00:45 - 2014-01-26 00:45 - 03122287 _____ () C:\Users\ml\Downloads\Ufo-Aftershock-Patch-1.3.zip 2014-01-26 00:44 - 2014-01-26 00:44 - 02028396 _____ () C:\Users\ml\Downloads\UFO_Aftershock_v1.2.1_Patch.zip 2014-01-26 00:40 - 2010-03-05 00:40 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-01-21 21:29 - 2014-01-21 21:29 - 03669884 _____ () C:\Users\ml\Downloads\DarkHorizon_v1.0.6.0_Patch.zip 2014-01-20 21:46 - 2014-01-20 21:45 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log 2014-01-20 21:46 - 2013-10-17 21:24 - 00000000 ____D () C:\ProgramData\Oracle 2014-01-20 21:46 - 2012-03-18 15:32 - 00000000 ____D () C:\Program Files\Java 2014-01-20 21:43 - 2010-03-14 16:43 - 00000000 ____D () C:\Users\ml\AppData\Local\Adobe Files to move or delete: ==================== C:\Windows\Tasks\At1.job Some content of TEMP: ==================== C:\Users\ml\AppData\Local\Temp\11-8_vista32_win7_32_dd_ccc_ocl.exe C:\Users\ml\AppData\Local\Temp\CheatEngine63Clean.exe C:\Users\ml\AppData\Local\Temp\CmdLineExt03.dll C:\Users\ml\AppData\Local\Temp\CTPBSeq.exe C:\Users\ml\AppData\Local\Temp\devcon.exe C:\Users\ml\AppData\Local\Temp\DivXSetup.exe C:\Users\ml\AppData\Local\Temp\drm_dyndata_7370012.dll C:\Users\ml\AppData\Local\Temp\drm_dyndata_7400006.dll C:\Users\ml\AppData\Local\Temp\GdiPlus.dll C:\Users\ml\AppData\Local\Temp\installerdll.dll C:\Users\ml\AppData\Local\Temp\InstallerMessageBox.exe C:\Users\ml\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\ml\AppData\Local\Temp\mbam-setup.exe C:\Users\ml\AppData\Local\Temp\MSVBVM60.DLL C:\Users\ml\AppData\Local\Temp\NPSInstallerProxy.exe C:\Users\ml\AppData\Local\Temp\NPSInstallerProxyMessageBoxHookDll.dll C:\Users\ml\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\ml\AppData\Local\Temp\nvSCPAPI.dll C:\Users\ml\AppData\Local\Temp\nvStereoApiI.dll C:\Users\ml\AppData\Local\Temp\nvStInst.exe C:\Users\ml\AppData\Local\Temp\patchw32.dll C:\Users\ml\AppData\Local\Temp\RSPUpgradeInstaller.exe C:\Users\ml\AppData\Local\Temp\SIntf16.dll C:\Users\ml\AppData\Local\Temp\SIntf32.dll C:\Users\ml\AppData\Local\Temp\SIntfNT.dll C:\Users\ml\AppData\Local\Temp\SkypeSetup.exe C:\Users\ml\AppData\Local\Temp\tmp4CE7.exe C:\Users\ml\AppData\Local\Temp\tmp508F.exe C:\Users\ml\AppData\Local\Temp\tmp5F8D.exe C:\Users\ml\AppData\Local\Temp\tmp61AF.exe C:\Users\ml\AppData\Local\Temp\tmp7010.exe C:\Users\ml\AppData\Local\Temp\tmp96A3.exe C:\Users\ml\AppData\Local\Temp\Uninst.exe C:\Users\ml\AppData\Local\Temp\_is77CF.exe C:\Users\ml\AppData\Local\Temp\_isE495.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-08 13:54 ==================== End Of Log ============================ --- --- --- --- --- --- Das Problem mit dem WindowsUpdate besteht aber immernoch. Anbei mal ein Screenshot. Und noch einer von den Namenlosen Ordnern. Wenn ich sie versuche zu löschen, verschwinden sie zwar aber tauchen kurze Zeit später wieder auf. Erst nach einem Neustart sind sie ganz weg. Geändert von Nesk1 (18.02.2014 um 22:55 Uhr) |
|
19.02.2014, 16:36
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht Downloade dir bitte Windows Repair (All In One) von hier.
__________________ --> Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht |
|
19.02.2014, 21:49
| #7 |
| | Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht Hat leider nicht geholfen. Scheint wohl kein Malware Problem zu sein |
|
20.02.2014, 14:38
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht Windows DVD zur Hand?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.02.2014, 18:29
| #9 |
| | Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht Ja die habe ich da. |
|
21.02.2014, 14:59
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.02.2014, 07:32
| #11 |
| | Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht Das In Place Update hat nicht funktioniert, da sich das SP1 nicht richtig deinstallieren lies. Ich habe dann kurzerhand das ganze System neu aufgesetzt. War zwar nicht geplant aber so sind wenigstens die Probleme weg. Dank deiner Hilfe hatte ich immerhin eine saubere Datensicherung. Vielen Dank für die Hilfe! |
|
25.02.2014, 09:42
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 - Windowsupdate beschädigt, einige Malwarefunde bzw. Verdacht |
| amplitude, benachrichtigungsdienst, browser, converter, desktop, error, firefox, flash player, installation, kaspersky, maus, mozilla, ntdll.dll, performance, problem, programm, registry, required, rundll, scan, security, services.exe, software, starten, svchost.exe, system, systemereignisse, updates, vista, vista32, windows |
Linear-Darstellung
