Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Ständige Fenster PopUps und Werbung (https://www.trojaner-board.de/154589-staendige-fenster-popups-werbung.html)

Hawkman 31.05.2014 11:11
Ständige Fenster PopUps und Werbung
 
Hallo, ich habe seit Kurzem immer wieder sich öffnende, neue Fenster bei Firefox mit Werbung und Werbung auf Websiten wo keine sein sollte.
Ich habe Microsoft Security Essentials und Emsisoft Anti-Malware drüber laufen lassen. Emsisoft hat ein paar Dateien gefunden und in Quarantäne gestellt, was jedoch das Problem nicht behoben hat.
Außerdem habe ich vor ein paar Tagen ein Programm namens Suprasavings entdeckt und über Windows deinstalliert.

Hier noch die LogFiles, das Gmer-LogFile konnte nicht erstellt werden da sich Gmer während des Scan-Vorgangs aufhängt und von Windows beendet wird (VirenProgramme waren beendet, alle offenen Programme geschlossen und die Internet-Verbindung war getrennt)

defogger_disable
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:39 on 31/05/2014 (Hawkman)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by Hawkman (administrator) on GRANDMASTER on 31-05-2014 11:40:44
Running from C:\Users\Hawkman\Desktop
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTHELPER.EXE
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.4656\Battle.net.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
() C:\Users\Hawkman\Desktop\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7468784 2013-02-28] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RCSystem] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [AudioDrvEmulator] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [180224 2006-12-06] (Creative Technology Ltd)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => C:\Windows\SysWOW64\CTHELPER.EXE [19456 2007-03-05] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE [26112 2014-03-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4330432 2014-02-15] (Emsisoft GmbH)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-278007793-2155089085-3509408855-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-278007793-2155089085-3509408855-1000\...\MountPoints2: {3db878a4-6abc-11e1-911b-806e6f6e6963} - D:\Start.exe
HKU\S-1-5-21-278007793-2155089085-3509408855-1000\...\MountPoints2: {67d9ddda-7e78-11e2-b548-5404a604e69a} - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-278007793-2155089085-3509408855-1000\...\MountPoints2: {807025ec-bb89-11e1-8b27-5404a604e69a} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-278007793-2155089085-3509408855-1000\...\MountPoints2: {80702611-bb89-11e1-8b27-5404a604e69a} - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-278007793-2155089085-3509408855-1000\...\MountPoints2: {80702966-bb89-11e1-8b27-5404a604e69a} - H:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Hawkman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAA11915F507BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: HQ-Video-Pro-1.9 - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQ-Video-Pro-1.9\HQ-Video-Pro-1.9-bho64.dll (HQ-Video)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HQ-Video-Pro-1.9 - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQ-Video-Pro-1.9\HQ-Video-Pro-1.9-bho.dll (HQ-Video)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://www.mangareader.net/
FF NetworkProxy: "ftp", "proxyus1.stealthy.co"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "proxyus1.stealthy.co"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxyus1.stealthy.co"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "proxyus1.stealthy.co"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandasecurity.com/activescan - C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Hawkman\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - E:\Amazon MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Разпознаване на устройство Logitech - C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\Extensions\DeviceDetection@logitech.com [2012-03-10]
FF Extension: HQ-Video-Pro-1.9 - C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com [2014-05-28]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\Extensions\ich@maltegoetz.de [2014-02-05]
FF Extension: YouTube Unblocker - C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\Extensions\youtubeunblocker@unblocker.yt [2014-04-19]
FF Extension: {48698f48-d348-4614-bd14-98ab749de5b8} - C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\Extensions\{48698f48-d348-4614-bd14-98ab749de5b8}.xpi [2013-11-12]
FF Extension: Adblock Plus - C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-03-10]
FF Extension: Shockwave Flash Manager Free - C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\Extensions\{f5891386-397e-4369-a9c8-20e6fa755637}.xpi [2014-01-08]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-28] (globalUpdate)
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-28] (globalUpdate)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-04-30] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [157496 2007-03-05] (Creative Technology Ltd)
S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [700216 2007-03-05] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219448 2007-03-05] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321848 2007-03-05] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190264 2007-03-05] (Creative Technology Ltd)
R3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363320 2007-03-05] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [142136 2007-03-05] (Creative Technology Ltd)
S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [681272 2007-03-05] (Creative Technology Ltd)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 pavboot; C:\Windows\System32\drivers\pavboot64.sys [33800 2009-06-30] (Panda Security, S.L.)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
R3 ALSysIO; \??\C:\Users\Hawkman\AppData\Local\Temp\ALSysIO64.sys [X]
S3 CT20XUT.DLL; system32\CT20XUT.DLL [X]
S3 CTEXFIFX.DLL; system32\CTEXFIFX.DLL [X]
S3 CTHWIUT.DLL; system32\CTHWIUT.DLL [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-31 11:40 - 2014-05-31 11:40 - 00022427 _____ () C:\Users\Hawkman\Desktop\FRST.txt
2014-05-31 11:40 - 2014-05-31 11:40 - 00000000 ____D () C:\FRST
2014-05-31 11:39 - 2014-05-31 11:39 - 00000476 _____ () C:\Users\Hawkman\Desktop\defogger_disable.log
2014-05-31 11:39 - 2014-05-31 11:39 - 00000000 _____ () C:\Users\Hawkman\defogger_reenable
2014-05-31 11:38 - 2014-05-31 11:38 - 00380416 _____ () C:\Users\Hawkman\Desktop\Gmer-19357.exe
2014-05-31 11:38 - 2014-05-31 11:38 - 00050477 _____ () C:\Users\Hawkman\Desktop\Defogger.exe
2014-05-31 11:34 - 2014-05-31 11:34 - 02066944 _____ (Farbar) C:\Users\Hawkman\Desktop\FRST64.exe
2014-05-29 17:12 - 2014-05-29 17:12 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-05-29 17:12 - 2009-06-30 10:37 - 00033800 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\pavboot64.sys
2014-05-28 22:10 - 2014-05-28 22:10 - 00000930 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-05-28 18:42 - 2014-05-28 18:42 - 00000005 _____ () C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2014-05-28 18:31 - 2014-03-12 16:00 - 00295080 _____ (SecureAssist) C:\Windows\SysWOW64\SecureAssist.dll
2014-05-28 18:29 - 2014-05-31 10:24 - 00003808 _____ () C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-3.job
2014-05-28 18:29 - 2014-05-31 10:24 - 00002466 _____ () C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-4.job
2014-05-28 18:29 - 2014-05-31 10:24 - 00001490 _____ () C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-5.job
2014-05-28 18:29 - 2014-05-31 10:24 - 00001416 _____ () C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-1.job
2014-05-28 18:29 - 2014-05-31 10:24 - 00001390 _____ () C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-2.job
2014-05-28 18:29 - 2014-05-31 10:24 - 00000920 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-05-28 18:29 - 2014-05-30 18:34 - 00000924 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-05-28 18:29 - 2014-05-28 23:02 - 00000000 ____D () C:\Program Files (x86)\HQ-Video-Pro-1.9
2014-05-28 18:29 - 2014-05-28 18:29 - 00006838 _____ () C:\Windows\System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-3
2014-05-28 18:29 - 2014-05-28 18:29 - 00005496 _____ () C:\Windows\System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-4
2014-05-28 18:29 - 2014-05-28 18:29 - 00004520 _____ () C:\Windows\System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-5
2014-05-28 18:29 - 2014-05-28 18:29 - 00004446 _____ () C:\Windows\System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-1
2014-05-28 18:29 - 2014-05-28 18:29 - 00004420 _____ () C:\Windows\System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-2
2014-05-28 18:29 - 2014-05-28 18:29 - 00003922 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-05-28 18:29 - 2014-05-28 18:29 - 00003668 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-05-28 18:29 - 2014-05-28 18:29 - 00000000 ____D () C:\Users\Hawkman\AppData\Local\globalUpdate
2014-05-28 18:29 - 2014-05-28 18:29 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-05-28 18:28 - 2014-05-28 23:02 - 00000000 ____D () C:\Program Files\003
2014-05-28 18:28 - 2014-05-28 22:28 - 00000000 ____D () C:\Users\Hawkman\AppData\Local\Genesis_05281628
2014-05-26 19:43 - 2014-05-15 01:49 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-26 19:41 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-26 19:41 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-14 22:52 - 2014-05-06 02:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:52 - 2014-05-06 02:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:52 - 2014-05-06 02:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 22:52 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 22:52 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 22:52 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 16:57 - 2014-03-25 18:30 - 12900864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 16:57 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-10 13:27 - 2014-05-10 13:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-01 14:04 - 2014-05-01 14:08 - 00000000 ____D () C:\Users\Hawkman\AppData\Local\NVIDIA Corporation

==================== One Month Modified Files and Folders =======

2014-05-31 11:40 - 2014-05-31 11:40 - 00022427 _____ () C:\Users\Hawkman\Desktop\FRST.txt
2014-05-31 11:40 - 2014-05-31 11:40 - 00000000 ____D () C:\FRST
2014-05-31 11:40 - 2012-04-09 17:20 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-31 11:40 - 2012-03-10 16:46 - 00000000 ____D () C:\Users\Hawkman\AppData\Local\Temp
2014-05-31 11:39 - 2014-05-31 11:39 - 00000476 _____ () C:\Users\Hawkman\Desktop\defogger_disable.log
2014-05-31 11:39 - 2014-05-31 11:39 - 00000000 _____ () C:\Users\Hawkman\defogger_reenable
2014-05-31 11:39 - 2012-03-10 16:46 - 00000000 ____D () C:\Users\Hawkman
2014-05-31 11:38 - 2014-05-31 11:38 - 00380416 _____ () C:\Users\Hawkman\Desktop\Gmer-19357.exe
2014-05-31 11:38 - 2014-05-31 11:38 - 00050477 _____ () C:\Users\Hawkman\Desktop\Defogger.exe
2014-05-31 11:38 - 2014-02-09 21:38 - 00000000 ____D () C:\Users\Hawkman\AppData\Local\Battle.net
2014-05-31 11:34 - 2014-05-31 11:34 - 02066944 _____ (Farbar) C:\Users\Hawkman\Desktop\FRST64.exe
2014-05-31 11:28 - 2012-07-21 22:29 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-31 11:09 - 2014-02-09 21:39 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-31 10:33 - 2014-02-09 21:38 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-05-31 10:30 - 2008-01-21 13:10 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-31 10:30 - 2008-01-21 13:09 - 00674024 _____ () C:\Windows\system32\perfh007.dat
2014-05-31 10:30 - 2008-01-21 13:09 - 00146036 _____ () C:\Windows\system32\perfc007.dat
2014-05-31 10:28 - 2008-01-21 03:53 - 01404904 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 10:24 - 2014-05-28 18:29 - 00003808 _____ () C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-3.job
2014-05-31 10:24 - 2014-05-28 18:29 - 00002466 _____ () C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-4.job
2014-05-31 10:24 - 2014-05-28 18:29 - 00001490 _____ () C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-5.job
2014-05-31 10:24 - 2014-05-28 18:29 - 00001416 _____ () C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-1.job
2014-05-31 10:24 - 2014-05-28 18:29 - 00001390 _____ () C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-2.job
2014-05-31 10:24 - 2014-05-28 18:29 - 00000920 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-05-31 10:24 - 2012-07-21 22:29 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-31 10:24 - 2012-03-10 18:06 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-31 10:24 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 10:24 - 2006-11-02 17:22 - 00004112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-31 10:24 - 2006-11-02 17:22 - 00004112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 22:56 - 2006-11-02 17:42 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-30 18:34 - 2014-05-28 18:29 - 00000924 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-05-29 17:12 - 2014-05-29 17:12 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-05-29 10:49 - 2012-06-21 14:06 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-05-29 10:38 - 2012-06-21 13:51 - 00000000 ____D () C:\Temp
2014-05-28 23:02 - 2014-05-28 18:29 - 00000000 ____D () C:\Program Files (x86)\HQ-Video-Pro-1.9
2014-05-28 23:02 - 2014-05-28 18:28 - 00000000 ____D () C:\Program Files\003
2014-05-28 22:28 - 2014-05-28 18:28 - 00000000 ____D () C:\Users\Hawkman\AppData\Local\Genesis_05281628
2014-05-28 22:28 - 2012-04-06 11:29 - 00208500 _____ () C:\Windows\PFRO.log
2014-05-28 22:10 - 2014-05-28 22:10 - 00000930 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-05-28 22:09 - 2012-04-09 17:20 - 00000000 ____D () C:\Users\Hawkman\Documents\Anti-Malware
2014-05-28 18:47 - 2012-04-06 12:18 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-05-28 18:44 - 2012-07-10 18:22 - 00000000 ____D () C:\Program Files (x86)\Sony Ericsson
2014-05-28 18:42 - 2014-05-28 18:42 - 00000005 _____ () C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2014-05-28 18:29 - 2014-05-28 18:29 - 00006838 _____ () C:\Windows\System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-3
2014-05-28 18:29 - 2014-05-28 18:29 - 00005496 _____ () C:\Windows\System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-4
2014-05-28 18:29 - 2014-05-28 18:29 - 00004520 _____ () C:\Windows\System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-5
2014-05-28 18:29 - 2014-05-28 18:29 - 00004446 _____ () C:\Windows\System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-1
2014-05-28 18:29 - 2014-05-28 18:29 - 00004420 _____ () C:\Windows\System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-2
2014-05-28 18:29 - 2014-05-28 18:29 - 00003922 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-05-28 18:29 - 2014-05-28 18:29 - 00003668 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-05-28 18:29 - 2014-05-28 18:29 - 00000000 ____D () C:\Users\Hawkman\AppData\Local\globalUpdate
2014-05-28 18:29 - 2014-05-28 18:29 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-05-20 04:44 - 2014-05-26 19:41 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-20 04:44 - 2014-05-26 19:41 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-20 04:44 - 2014-04-06 12:59 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-20 04:44 - 2013-02-26 00:32 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-20 04:44 - 2013-02-26 00:32 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-20 04:44 - 2013-02-26 00:32 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-20 04:44 - 2013-02-26 00:32 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-20 04:44 - 2012-03-10 17:33 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-20 03:25 - 2012-03-10 17:33 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-20 03:25 - 2012-03-10 17:33 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-20 03:25 - 2012-03-10 17:33 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-05-20 03:25 - 2012-03-10 17:33 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-20 03:25 - 2012-03-10 17:33 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-20 03:25 - 2012-03-10 17:33 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-15 18:32 - 2012-04-02 19:09 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 18:32 - 2012-03-10 17:20 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 01:49 - 2014-05-26 19:43 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-14 22:54 - 2013-08-14 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:53 - 2006-11-02 14:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-11 14:31 - 2012-05-04 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 13:28 - 2014-05-10 13:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 16:23 - 2012-07-21 22:29 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-06 16:23 - 2012-07-21 22:29 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 02:46 - 2014-05-14 22:52 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 02:21 - 2014-05-14 22:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 02:21 - 2014-05-14 22:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 01:32 - 2014-05-14 22:52 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 01:14 - 2014-05-14 22:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 01:14 - 2014-05-14 22:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-01 14:08 - 2014-05-01 14:04 - 00000000 ____D () C:\Users\Hawkman\AppData\Local\NVIDIA Corporation

Some content of TEMP:
====================
C:\Users\Hawkman\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Hawkman\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Hawkman\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Hawkman\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Hawkman\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Hawkman\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Hawkman\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Hawkman\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Hawkman\AppData\Local\Temp\nvStInst.exe
C:\Users\Hawkman\AppData\Local\Temp\pyl273F.tmp.exe
C:\Users\Hawkman\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Hawkman\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Hawkman\AppData\Local\Temp\sonarinst.exe
C:\Users\Hawkman\AppData\Local\Temp\SpOrder.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-31 10:30

==================== End Of Log ============================
Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014
Ran by Hawkman at 2014-05-31 11:41:04
Running from C:\Users\Hawkman\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Batman: Arkham City™ (HKLM-x32\...\GFWL_{57520FA0-AC56-469B-9983-FF1000008300}) (Version: 1.0.0000.131 - WB Games)
Batman: Arkham City™ (x32 Version: 1.0.0000.131 - WB Games) Hidden
Batman: Arkham City™ (x32 Version: 1.0.0003.131 - WB Games) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Broken Age (HKLM-x32\...\Steam App 232790) (Version:  - Double Fine Productions)
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Entertainment Center (HKLM-x32\...\Creative Entertainment Center) (Version:  - )
Creative Konsole Starter (HKLM-x32\...\Console Launcher) (Version:  - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
Creative Smart Recorder (HKLM-x32\...\Smart Recorder) (Version:  - )
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
Creative-Systeminformationen (HKLM-x32\...\SysInfo) (Version:  - )
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dropbox (HKCU\...\Dropbox) (Version: 1.4.12 - Dropbox, Inc.)
Dungeon Keeper 2 (HKLM\...\{4f94b43a-8a00-4ac4-bb94-269cf24aef97}.sdb) (Version:  - )
Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper 2_is1) (Version:  - GOG.com)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVEREST Ultimate Edition v5.00 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.00 - Lavalys, Inc.)
Genesis (HKCU\...\genesis_05281628) (Version:  - ) <==== ATTENTION
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HQ-Video-Pro-1.9 (HKLM-x32\...\HQ-Video-Pro-1.9) (Version: 1.34.5.12 - HQ-Video) <==== ATTENTION
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
Kingdoms of Amalur: Reckoning™ (HKLM-x32\...\Steam App 102500) (Version:  - Big Huge Games)
Logitech Gaming Software (Version: 8.20.74 - Logitech Inc.) Hidden
Logitech Gaming Software 8.45 (HKLM\...\Logitech Gaming Software) (Version: 8.45.88 - Logitech Inc.)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.31 - Logitech Inc.)
LWS Facebook (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.31.1044.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
OMG Zombies! (HKLM-x32\...\Steam App 259870) (Version:  - Laughing Jackal LTD)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Panda ActiveScan 2.0 (HKLM-x32\...\ActiveScan 2.0) (Version: 01.04.01.0014 - Panda Security)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
ratDVD 0.78.1444 (HKLM-x32\...\ratDVD) (Version: 0.78.1444 - ratDVD)
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver For Windows Vista (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 6.236.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6037 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sound Blaster X-Fi (HKLM-x32\...\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}) (Version: 1.0 - )
SoundFont-Bank-Manager (HKLM-x32\...\SFBM) (Version: 3.21 - Creative Technology Limited)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPER © Version 2007.bld.23 (July 4, 2007) (HKLM-x32\...\SUPER ©) (Version: Version 2007.bld.23 (July 4, 2007) - eRightSoft)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.171 - TuneUp Software) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
VLC media player 0.9.8a (HKLM-x32\...\VLC media player) (Version: 0.9.8a - VideoLAN Team)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

23-05-2014 11:46:42 Geplanter Prüfpunkt
24-05-2014 10:54:36 Geplanter Prüfpunkt
25-05-2014 11:30:07 Geplanter Prüfpunkt
26-05-2014 15:09:55 Windows Update
26-05-2014 17:35:30 TuneUp Utilities 2014 wird entfernt
26-05-2014 17:35:45 TuneUp Utilities 2014 (de-DE) wird entfernt
26-05-2014 17:42:19 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte
26-05-2014 17:43:43 Gerätetreiber-Paketinstallation: NVIDIA Corporation Audio-, Video- und Gamecontroller
28-05-2014 16:42:41 Removed HTC Sync Manager.
29-05-2014 08:49:23 Removed IPTInstaller
30-05-2014 11:10:28 Windows Update

==================== Hosts content: ==========================

2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {03AC5D39-F011-429B-BB9B-1729B0440FA3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-278007793-2155089085-3509408855-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0FBC7381-9F8A-451C-87E9-E5A8A517CF0F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21] (Google Inc.)
Task: {17E550FF-2E30-4AE1-8432-F3240F20DBF6} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-278007793-2155089085-3509408855-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {19933889-AED7-4F49-882A-F7680636B544} - System32\Tasks\Core Temp Autostart Hawkman => C:\Program Files\Core Temp\Core Temp.exe [2012-01-25] ()
Task: {20F1BE95-73B7-44A6-B826-11B64E3C1F76} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-278007793-2155089085-3509408855-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {2D36D285-8E89-4DFD-8A4F-4A7EFF870FF1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {4DD572F8-D1CE-4F71-B0EF-A24D12118CCE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21] (Google Inc.)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {7B07942C-FE37-4E5C-9DF6-B4FBD23B422E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8F7B4613-970E-4935-9EF1-3DB5F8695593} - System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-1 => C:\Program Files (x86)\HQ-Video-Pro-1.9\HQ-Video-Pro-1.9-codedownloader.exe
Task: {9B8B340A-6CF3-4C07-B679-9AC7B57FE42F} - System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-3 => C:\Program Files (x86)\HQ-Video-Pro-1.9\6502893c-981f-40c9-acb5-39f9a7cc5219-3.exe
Task: {BA115A58-7AB7-4EDA-A2CE-3CC8BB413AB5} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-278007793-2155089085-3509408855-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {C51A2241-CE24-478C-A7EF-48D32C46DEA5} - System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-4 => C:\Program Files (x86)\HQ-Video-Pro-1.9\6502893c-981f-40c9-acb5-39f9a7cc5219-4.exe [2014-05-28] (HQ-Video)
Task: {C564EB4D-CA53-4E6C-943D-7F1553C6CFE3} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {D541636E-54B0-41D4-833A-36E6EBA620C5} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-28] (globalUpdate) <==== ATTENTION
Task: {DF4F3C8C-58E2-46E2-A7D7-E450C5591B1C} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-28] (globalUpdate) <==== ATTENTION
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {ED131D6C-F59A-4A08-8D4F-1239B696BAD1} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {ED34D3F7-A43A-454F-8F8C-04C6F704EB4B} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => c:\program files (x86)\real\realplayer\Update\realsched.exe [2013-01-01] (RealNetworks, Inc.)
Task: {F1D700E4-013C-459D-893A-9B8AFA7EA670} - System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-5 => C:\Program Files (x86)\HQ-Video-Pro-1.9\6502893c-981f-40c9-acb5-39f9a7cc5219-5.exe
Task: {F23FDD5A-AE8C-416C-80A0-7185604E4015} - System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-2 => C:\Program Files (x86)\HQ-Video-Pro-1.9\6502893c-981f-40c9-acb5-39f9a7cc5219-2.exe [2014-05-28] (HQ-Video)
Task: C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-1.job => C:\Program Files (x86)\HQ-Video-Pro-1.9\HQ-Video-Pro-1.9-codedownloader.exe
Task: C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-2.job => C:\Program Files (x86)\HQ-Video-Pro-1.9\6502893c-981f-40c9-acb5-39f9a7cc5219-2.exe
Task: C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-3.job => C:\Program Files (x86)\HQ-Video-Pro-1.9\6502893c-981f-40c9-acb5-39f9a7cc5219-3.exe
Task: C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-4.job => C:\Program Files (x86)\HQ-Video-Pro-1.9\6502893c-981f-40c9-acb5-39f9a7cc5219-4.exe
Task: C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-5.job => C:\Program Files (x86)\HQ-Video-Pro-1.9\6502893c-981f-40c9-acb5-39f9a7cc5219-5.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-04-05 18:53 - 2012-04-30 22:59 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-03-24 18:21 - 2012-01-25 15:59 - 00848336 _____ () C:\Program Files\Core Temp\Core Temp.exe
2014-05-31 11:38 - 2014-05-31 11:38 - 00050477 _____ () C:\Users\Hawkman\Desktop\Defogger.exe
2014-05-22 18:06 - 2014-04-30 02:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-04-22 23:13 - 2014-04-30 02:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-05-22 18:06 - 2014-04-30 02:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-01-08 03:47 - 2014-04-30 02:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-03-12 18:10 - 2014-05-17 03:36 - 00756224 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 18:06 - 2014-05-29 19:37 - 02139840 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-22 18:06 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2012-03-10 18:07 - 2014-05-29 19:36 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.dll
2012-03-10 18:07 - 2014-05-02 01:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-03-15 19:41 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-03-15 19:41 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-03-15 19:41 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2012-03-10 17:46 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2012-03-10 17:46 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2012-03-10 17:45 - 2006-06-09 15:20 - 00003072 _____ () C:\Windows\system32\CTXFIGER.DLL
2014-05-31 10:32 - 2014-05-31 10:32 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4656\libcef.dll
2014-05-31 10:32 - 2014-05-31 10:32 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4656\libglesv2.dll
2014-05-31 10:32 - 2014-05-31 10:32 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4656\libegl.dll
2014-05-10 13:27 - 2014-05-10 13:28 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-15 18:32 - 2014-05-15 18:32 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Core Temp => "F:\format ordner\Core Temp.exe"
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

==================== Faulty Device Manager Devices =============

Name: Marvell 91xx Config ATA Device
Description: Marvell 91xx Config ATA Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Xbox 360 Controller for Windows
Description: Xbox 360 Controller for Windows
Class Guid: {d61ca365-5af4-4486-998b-9db4734c6ca3}
Manufacturer: Microsoft
Service: xusb21
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2014 10:24:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 01:00:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/29/2014 10:49:37 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Grandmaster)
Description: 0PassThruSvr.exeInternet Pass-Through Service03026217821000

Error: (05/28/2014 10:29:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HAWKMAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5LFAVANA.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (05/28/2014 10:29:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HAWKMAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5LFAVANA.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (05/28/2014 10:29:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HAWKMAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5LFAVANA.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (05/28/2014 10:29:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HAWKMAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5LFAVANA.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (05/28/2014 10:29:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HAWKMAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5LFAVANA.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (05/28/2014 10:29:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HAWKMAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5LFAVANA.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (05/28/2014 10:29:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HAWKMAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5LFAVANA.DEFAULT\CACHE\6> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)


System errors:
=============
Error: (05/30/2014 01:01:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Steam Client Service%%1053

Error: (05/30/2014 01:01:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Steam Client Service

Error: (05/28/2014 10:28:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 28.05.2014 um 22:25:26 unerwartet heruntergefahren.

Error: (05/28/2014 07:02:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 28.05.2014 um 18:58:34 unerwartet heruntergefahren.

Error: (05/28/2014 06:56:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 28.05.2014 um 18:52:22 unerwartet heruntergefahren.

Error: (05/28/2014 06:40:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 28.05.2014 um 18:38:04 unerwartet heruntergefahren.

Error: (05/28/2014 06:31:47 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: 1Neustart des DienstsWindows Installer%%1056

Error: (05/28/2014 06:30:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: GlobalUpdater

Error: (05/28/2014 06:30:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: SProtection

Error: (05/28/2014 06:29:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Installer11200001Neustart des Diensts


Microsoft Office Sessions:
=========================
Error: (05/31/2014 10:24:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 01:00:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/29/2014 10:49:37 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Grandmaster)
Description: 0PassThruSvr.exeInternet Pass-Through Service03026217821000

Error: (05/28/2014 10:29:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\HAWKMAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5LFAVANA.DEFAULT\CACHE\9

Error: (05/28/2014 10:29:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\HAWKMAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5LFAVANA.DEFAULT\CACHE\9

Error: (05/28/2014 10:29:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\HAWKMAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5LFAVANA.DEFAULT\CACHE\8

Error: (05/28/2014 10:29:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\HAWKMAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5LFAVANA.DEFAULT\CACHE\8

Error: (05/28/2014 10:29:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\HAWKMAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5LFAVANA.DEFAULT\CACHE\7

Error: (05/28/2014 10:29:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\HAWKMAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5LFAVANA.DEFAULT\CACHE\7

Error: (05/28/2014 10:29:52 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\HAWKMAN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5LFAVANA.DEFAULT\CACHE\6


CodeIntegrity Errors:
===================================
  Date: 2013-11-06 17:24:17.586
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-06 17:24:17.524
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-06 17:24:17.446
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-06 17:24:17.383
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-06 17:24:10.098
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-06 17:24:10.036
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-06 17:24:09.958
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-06 17:24:09.895
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-06 17:24:09.802
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-06 17:24:09.724
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 6134.17 MB
Available physical RAM: 3468.84 MB
Total Pagefile: 12431.86 MB
Available Pagefile: 9137.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.57 GB) (Free:92.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Daten) (Fixed) (Total:279.46 GB) (Free:273.53 GB) NTFS
Drive f: (sonstige) (Fixed) (Total:596.17 GB) (Free:351.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Spiele) (Fixed) (Total:279.46 GB) (Free:139.73 GB) NTFS
Drive h: (SCII CE USB) (Removable) (Total:1.96 GB) (Free:1.48 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 279 GB) (Disk ID: 2B8AEECE)
Partition 1: (Active) - (Size=279 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 1FD977CD)
Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 279 GB) (Disk ID: EE8CEE8C)
Partition 1: (Not Active) - (Size=279 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or Vista) (Size: 224 GB) (Disk ID: D35B7485)
Partition 1: (Active) - (Size=224 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 2 GB) (Disk ID: 6F20736B)
No partition Table on disk 4.
Disk 4 is a removable device.

==================== End Of Log ============================
quarantine log Emsisoft
Code:
Emsisoft Anti-Malware - Version 8.1
quarantine log

Datum        Ursprung        Vorgang        Fund
29.05.2014 10:38:12        C:\Temp\InstallFilter64.msi        In Quarantäne gestellt        Adware.Agent.OAS (B)
29.05.2014 10:38:12        C:\Users\Hawkman\AppData\Local\Temp\n9697\GenesisInstaller.exe        In Quarantäne gestellt        Gen:Variant.Adware.Kazy.355761 (B)
29.05.2014 10:38:12        G:\$RECYCLE.BIN\S-1-5-21-278007793-2155089085-3509408855-1000\$RHJK7IL\Pharaoh.exe        In Quarantäne gestellt        Gen:Variant.Strictor.57024 (B)
28.05.2014 23:02:20        Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\IMINENT        In Quarantäne gestellt        Application.InstallAd (A)
28.05.2014 23:02:20        Key: HKEY_USERS\S-1-5-21-278007793-2155089085-3509408855-1000\SOFTWARE\SOFTONIC        In Quarantäne gestellt        Application.InstallAd (A)
28.05.2014 23:02:20        C:\Program Files (x86)\IminentToolbar        In Quarantäne gestellt        Application.Win32.InstallTool (A)
28.05.2014 23:02:20        Key: HKEY_USERS\S-1-5-21-278007793-2155089085-3509408855-1000\SOFTWARE\INSTALLEDBROWSEREXTENSIONS        In Quarantäne gestellt        Application.Win32.InstallAd (A)
28.05.2014 23:02:20        Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\IMINENT        In Quarantäne gestellt        Application.AdReg (A)
28.05.2014 23:02:20        C:\Program Files\003\xmkysecqun64.exe        In Quarantäne gestellt        Adware.Adpeak.M (B)
28.05.2014 23:02:20        C:\Program Files (x86)\HQ-Video-Pro-1.9\HQ-Video-Pro-1.9-bg.exe        In Quarantäne gestellt        Gen:Variant.Adware.Kazy.374109 (B)

M-K-D-B 31.05.2014 11:52
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!





Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.






Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 4
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    iedefaults;
    resetIEproxy;
    FFdefaults;
    CHRdefaults;
    emptyclsid;
    autoclean;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).





Schritt 5
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM,
  • die Logdatei von Zoek,
  • die beiden neuen Logdateien von FRST.

Hawkman 31.05.2014 13:14
Hallo Matthias, vielen Dank für die schnelle Hilfe

AdwCleaner Log
Code:
# AdwCleaner v3.211 - Bericht erstellt am 31/05/2014 um 13:16:45
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : Hawkman - GRANDMASTER
# Gestartet von : C:\Users\Hawkman\Desktop\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem

***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
[!] Ordner Gelöscht : C:\Program Files (x86)\HQ-Video-Pro-1.9
[!] Ordner Gelöscht : C:\Program Files\003
[!] Ordner Gelöscht : C:\Users\Hawkman\AppData\Local\globalUpdate
[!] Ordner Gelöscht : C:\Users\Hawkman\AppData\Local\Temp\Iminent
[!] Ordner Gelöscht : C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com
Datei Gelöscht : C:\Windows\SysWOW64\SecureAssist.dll
Datei Gelöscht : C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\user.js
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
Datei Gelöscht : C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-1.job
Datei Gelöscht : C:\Windows\System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-1
Datei Gelöscht : C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-2.job
Datei Gelöscht : C:\Windows\System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-2
Datei Gelöscht : C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-3.job
Datei Gelöscht : C:\Windows\System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-3
Datei Gelöscht : C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-4.job
Datei Gelöscht : C:\Windows\System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-4
Datei Gelöscht : C:\Windows\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-5.job
Datei Gelöscht : C:\Windows\System32\Tasks\6502893c-981f-40c9-acb5-39f9a7cc5219-5

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544314472}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511311172}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\HQ-Video-Pro-1.9
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\suprasavings
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HQ-Video-Pro-1.9
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\HQ-Video-Pro-1.9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\suprasavings
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "14643ab93e097f7e27657e03455cef80");
Zeile gelöscht : user_pref("extensions.iminent.admin", false);
Zeile gelöscht : user_pref("extensions.iminent.aflt", "orgnl");
Zeile gelöscht : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Zeile gelöscht : user_pref("extensions.iminent.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.iminent.dfltLng", "");
Zeile gelöscht : user_pref("extensions.iminent.excTlbr", false);
Zeile gelöscht : user_pref("extensions.iminent.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.iminent.id", "40ed6d350000000000005404a604e69a");
Zeile gelöscht : user_pref("extensions.iminent.instlDay", "16218");
Zeile gelöscht : user_pref("extensions.iminent.instlRef", "");
Zeile gelöscht : user_pref("extensions.iminent.newTab", false);
Zeile gelöscht : user_pref("extensions.iminent.prdct", "iminent");
Zeile gelöscht : user_pref("extensions.iminent.prtnrId", "iminent");
Zeile gelöscht : user_pref("extensions.iminent.rvrt", "false");
Zeile gelöscht : user_pref("extensions.iminent.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Zeile gelöscht : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Zeile gelöscht : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Zeile gelöscht : user_pref("extensions.iminent.vrsnTs", "1.8.28.318:30:49");
Zeile gelöscht : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Zeile gelöscht : user_pref("iminent.adapters", "{\"de.iminent.com\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"AdapterKey\":\"iminent\",\"v\":true,\"p\":0,\"t\":1,\"th\":0.228,\"expireTime\":\"140129466000[...]
Zeile gelöscht : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//i.iminentjs.info/imitin/javascript.js\",\"queryS[...]
Zeile gelöscht : user_pref("iminent.externalScripts.iRobinHood.IROBPKG", "{\"pkgid\":\"wrDCucKwwrTCtMK1wrnCt8K3\",\"raw_pkgid\":\"181554866\"}");
Zeile gelöscht : user_pref("iminent.externalScripts.iRobinHood.irobsettings2", "[{\"ALERT_MESSAGES\":1,\"Analytics_code\":\"\",\"APPROVE_STRIP_COLOR\":\"4BBA42    \",\"CHARITY_URL\":\"hxxp://iminent.donation-tools.org[...]
Zeile gelöscht : user_pref("iminent.externalScripts.iRobinHood.menuURL", "hxxp://iminent.donation-tools.org/home.aspx?pkgId=wrDCucKwwrTCtMK1wrnCt8K3");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent102", "1401294686547");
Zeile gelöscht : user_pref("iminent.trackExternalScripts1", "1401294683305");
Zeile gelöscht : user_pref("iminent.trackExternalScripts2", "1401294683447");
Zeile gelöscht : user_pref("iminent.trackExternalScripts3", "1401294683513");
Zeile gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");

*************************

AdwCleaner[R0].txt - [10642 octets] - [31/05/2014 13:15:54]
AdwCleaner[S0].txt - [8795 octets] - [31/05/2014 13:16:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8855 octets] ##########
JRT Log
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Home Premium x64
Ran by Hawkman on 31.05.2014 at 13:25:20,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Hawkman\AppData\Roaming\mozilla\firefox\profiles\5lfavana.default\minidumps [21 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.05.2014 at 13:31:28,30
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MBAM Log
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 31.05.2014
Suchlauf-Zeit: 13:33:55
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.05.31.02
Rootkit Datenbank: v2014.05.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x64
Dateisystem: NTFS
Benutzer: Hawkman

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 271461
Verstrichene Zeit: 4 Min, 57 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 2
PUP.Optional.BetterDeals.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BetterDeals-11, In Quarantäne, [a8464710d4a7be78ff68fea95ea4b44c],
PUP.Optional.HQVideoPro.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQ-Video-Pro-1.9, In Quarantäne, [4ba3f85f047739fd4f5d742fd0323bc5],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 11
PUP.Optional.SupraSavings.A, C:\Temp\t.msi, In Quarantäne, [33bb9cbb83f81c1ae265bb915ba9e31d],
PUP.Optional.FirstSeenToday, C:\Users\Hawkman\AppData\Local\Temp\n17\fst_de_2805-60d0c78a.exe, In Quarantäne, [e7074e091863b581fbf37e0344bd60a0],
PUP.Optional.Iminent.A, C:\Users\Hawkman\AppData\Local\Temp\n17\Iminent_1712-b2fcad5e.exe, In Quarantäne, [3bb371e6c8b37cba3effe362768b718f],
PUP.Optional.BundleInstaller.A, C:\Users\Hawkman\AppData\Local\Temp\n17\s17.exe, In Quarantäne, [dd1177e0a0db4ee87aec7cca26da8977],
PUP.Optional.ScramblePacker.A, C:\Users\Hawkman\AppData\Local\Temp\n9697\BetterDeals_3110-0b85a6f6.exe, In Quarantäne, [4ea0e96ef5863204a83de993e71a946c],
PUP.Optional.CrossRider.A, C:\Users\Hawkman\AppData\Local\Temp\n9697\hqvideo_2305_DE-ae66e49a.exe, In Quarantäne, [b13db6a13348d1658a82b49212eea15f],
PUP.Optional.BundleInstaller.A, C:\Users\Hawkman\AppData\Local\Temp\n9697\s9697.exe, In Quarantäne, [2ec0db7cc6b5eb4b353180c67987f50b],
PUP.Optional.SupraSavings.A, C:\Users\Hawkman\AppData\Local\Temp\n9697\suprasavings_2703-e3e04064.exe, In Quarantäne, [6a84d087f883bb7bf8de6ac1bb47669a],
PUP.Optional.BundleInstaller.A, C:\Users\Hawkman\AppData\Local\Temp\n9981\s9981.exe, In Quarantäne, [e6083126dba0ec4a471fb393ed13d22e],
PUP.Optional.GenericExt.A, C:\Users\Hawkman\AppData\Local\Temp\igdhbblpcellaljokkpfhcjlagemhgjlb9cc\minibarchrome.exe, In Quarantäne, [ac42c98e0972999d6ec6330a11efc33d],
PUP.Optional.CrossRider.A, C:\Users\Hawkman\AppData\Local\Temp\~nsu.tmp\Au_.exe, In Quarantäne, [5c923e1995e6ce68d2402818cb3558a8],

Physische Sektoren: 0
(No malicious items detected)


(end)
ZOEK Log
Code:
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Hawkman on 31.05.2014 at 13:48:49,97.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Hawkman\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

31.05.2014 13:49:27 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.mangareader.net/");
user_pref("browser.search.defaultenginename", "");
user_pref("browser.search.selectedEngine", "");

Added to C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\prefs.js:

ProfilePath: C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs__1358_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted
C:\Windows\Syswow64\lMMLDeleteUserData42107612FX.tmp deleted
C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\foxydeal.sqlite deleted
C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\jetpack deleted
C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\extensions\youtubeunblocker@unblocker.yt deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{34712C68-7391-4c47-94F3-8F88D49AD632}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [01.01.2013 17:51]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default
- Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
- Logitech - %ProfilePath%\extensions\DeviceDetection@logitech.com
- ProxTube - Gesperrte YouTube Videos entsperren - %ProfilePath%\extensions\ich@maltegoetz.de
- 48698f48-d348-4614-bd14-98ab749de5b8 - %ProfilePath%\extensions\{48698f48-d348-4614-bd14-98ab749de5b8}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Shockwave Flash Manager Free - %ProfilePath%\extensions\{f5891386-397e-4369-a9c8-20e6fa755637}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default
A58DE0A570148AF5FF3512B2A340D09F        - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll -        Shockwave Flash
65C1D9F74004E775F9A8598476ABE5EE        - C:\Users\Hawkman\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -        Unity Player
FEF9ECECFA177AEC0F7564A08394D2C8        - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll -        RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
0ABF093757E9C827E30EC652868E5FAC        - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll -        RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
06E140A567B8DC7900173197FD059EE5        - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll -        RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
558270B968CB82196CB8D045D13B0FF6        - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll -        RealDownloader Plugin
C348B0F5D9EAF19691D188B310000B5C        - E:\Amazon MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll -        AmazonMP3DownloaderPlugin
AB87EEFFD18F2BAAFC274E7075EA6C67        - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -        Windows Presentation Foundation / Windows Presentation Foundation


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[29.11.2012 21:35]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Hawkman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Hawkman\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Hawkman\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Hawkman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Hawkman\AppData\Local\Mozilla\Firefox\Profiles\5lfavana.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=50 folders=25 1034818 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Hawkman\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Hawkman\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Hawkman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 31.05.2014 at 14:03:54,18 ======================
FRST Log

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by Hawkman (administrator) on GRANDMASTER on 31-05-2014 14:08:10
Running from C:\Users\Hawkman\Desktop
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTHELPER.EXE
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7468784 2013-02-28] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RCSystem] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [AudioDrvEmulator] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [180224 2006-12-06] (Creative Technology Ltd)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => C:\Windows\SysWOW64\CTHELPER.EXE [19456 2007-03-05] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE [26112 2014-03-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4330432 2014-02-15] (Emsisoft GmbH)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-278007793-2155089085-3509408855-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-278007793-2155089085-3509408855-1000\...\MountPoints2: {3db878a4-6abc-11e1-911b-806e6f6e6963} - D:\Start.exe
HKU\S-1-5-21-278007793-2155089085-3509408855-1000\...\MountPoints2: {67d9ddda-7e78-11e2-b548-5404a604e69a} - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-278007793-2155089085-3509408855-1000\...\MountPoints2: {807025ec-bb89-11e1-8b27-5404a604e69a} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-278007793-2155089085-3509408855-1000\...\MountPoints2: {80702611-bb89-11e1-8b27-5404a604e69a} - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-278007793-2155089085-3509408855-1000\...\MountPoints2: {80702966-bb89-11e1-8b27-5404a604e69a} - H:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Hawkman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAA11915F507BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandasecurity.com/activescan - C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Hawkman\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - E:\Amazon MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Разпознаване на устройство Logitech - C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\Extensions\DeviceDetection@logitech.com [2012-03-10]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\Extensions\ich@maltegoetz.de [2014-02-05]
FF Extension: {48698f48-d348-4614-bd14-98ab749de5b8} - C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\Extensions\{48698f48-d348-4614-bd14-98ab749de5b8}.xpi [2013-11-12]
FF Extension: Adblock Plus - C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-03-10]
FF Extension: Shockwave Flash Manager Free - C:\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\Extensions\{f5891386-397e-4369-a9c8-20e6fa755637}.xpi [2014-01-08]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-04-30] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [157496 2007-03-05] (Creative Technology Ltd)
S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [700216 2007-03-05] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219448 2007-03-05] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321848 2007-03-05] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190264 2007-03-05] (Creative Technology Ltd)
R3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363320 2007-03-05] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [142136 2007-03-05] (Creative Technology Ltd)
S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [681272 2007-03-05] (Creative Technology Ltd)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 pavboot; C:\Windows\System32\drivers\pavboot64.sys [33800 2009-06-30] (Panda Security, S.L.)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
R3 ALSysIO; \??\C:\Users\Hawkman\AppData\Local\Temp\ALSysIO64.sys [X]
S3 CT20XUT.DLL; system32\CT20XUT.DLL [X]
S3 CTEXFIFX.DLL; system32\CTEXFIFX.DLL [X]
S3 CTHWIUT.DLL; system32\CTHWIUT.DLL [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-31 14:08 - 2014-05-31 14:08 - 00020348 _____ () C:\Users\Hawkman\Desktop\FRST.txt
2014-05-31 14:04 - 2014-05-31 14:04 - 00008509 _____ () C:\Users\Hawkman\Desktop\zoek-results.txt
2014-05-31 14:02 - 2014-05-31 14:08 - 00000000 ____D () C:\Users\Hawkman\AppData\Local\Temp
2014-05-31 14:02 - 2014-05-31 14:02 - 00000000 ____D () C:\Users\Default\AppData\Local\Temp
2014-05-31 14:02 - 2014-05-31 13:48 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-31 13:49 - 2014-05-31 14:03 - 00008509 _____ () C:\zoek-results.log
2014-05-31 13:48 - 2014-05-31 13:59 - 00000000 ____D () C:\zoek_backup
2014-05-31 13:47 - 2014-05-31 13:47 - 00003034 _____ () C:\Users\Hawkman\Desktop\mbam.txt
2014-05-31 13:33 - 2014-05-31 13:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-31 13:33 - 2014-05-31 13:33 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-31 13:32 - 2014-05-31 13:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-31 13:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-31 13:32 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-31 13:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-31 13:31 - 2014-05-31 13:31 - 00000793 _____ () C:\Users\Hawkman\Desktop\JRT.txt
2014-05-31 13:21 - 2014-05-31 13:21 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 13:15 - 2014-05-31 13:16 - 00000000 ____D () C:\AdwCleaner
2014-05-31 13:14 - 2014-05-31 13:14 - 01285120 _____ () C:\Users\Hawkman\Desktop\zoek.exe
2014-05-31 13:13 - 2014-05-31 13:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hawkman\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-31 13:12 - 2014-05-31 13:12 - 01327971 _____ () C:\Users\Hawkman\Desktop\adwcleaner_3.211.exe
2014-05-31 13:12 - 2014-05-31 13:12 - 01016261 _____ (Thisisu) C:\Users\Hawkman\Desktop\JRT.exe
2014-05-31 12:27 - 2014-05-31 12:27 - 00000000 _____ () C:\Users\Hawkman\Desktop\gmer.txt
2014-05-31 11:40 - 2014-05-31 14:08 - 00000000 ____D () C:\FRST
2014-05-31 11:39 - 2014-05-31 11:39 - 00000476 _____ () C:\Users\Hawkman\Desktop\defogger_disable.log
2014-05-31 11:39 - 2014-05-31 11:39 - 00000000 _____ () C:\Users\Hawkman\defogger_reenable
2014-05-31 11:38 - 2014-05-31 11:38 - 00380416 _____ () C:\Users\Hawkman\Desktop\Gmer-19357.exe
2014-05-31 11:38 - 2014-05-31 11:38 - 00050477 _____ () C:\Users\Hawkman\Desktop\Defogger.exe
2014-05-31 11:34 - 2014-05-31 11:34 - 02066944 _____ (Farbar) C:\Users\Hawkman\Desktop\FRST64.exe
2014-05-29 17:12 - 2014-05-29 17:12 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-05-29 17:12 - 2009-06-30 10:37 - 00033800 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\pavboot64.sys
2014-05-28 22:10 - 2014-05-28 22:10 - 00000930 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-05-28 18:28 - 2014-05-28 22:28 - 00000000 ____D () C:\Users\Hawkman\AppData\Local\Genesis_05281628
2014-05-26 19:43 - 2014-05-15 01:49 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-26 19:41 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-26 19:41 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-26 19:41 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-14 22:52 - 2014-05-06 02:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:52 - 2014-05-06 02:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:52 - 2014-05-06 02:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 22:52 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 22:52 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 22:52 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 16:57 - 2014-03-25 18:30 - 12900864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 16:57 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-10 13:27 - 2014-05-10 13:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-01 14:04 - 2014-05-01 14:08 - 00000000 ____D () C:\Users\Hawkman\AppData\Local\NVIDIA Corporation

==================== One Month Modified Files and Folders =======

2014-05-31 14:08 - 2014-05-31 14:08 - 00020348 _____ () C:\Users\Hawkman\Desktop\FRST.txt
2014-05-31 14:08 - 2014-05-31 14:02 - 00000000 ____D () C:\Users\Hawkman\AppData\Local\Temp
2014-05-31 14:08 - 2014-05-31 11:40 - 00000000 ____D () C:\FRST
2014-05-31 14:06 - 2008-01-21 03:53 - 01460997 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 14:04 - 2014-05-31 14:04 - 00008509 _____ () C:\Users\Hawkman\Desktop\zoek-results.txt
2014-05-31 14:04 - 2012-04-09 17:20 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-31 14:03 - 2014-05-31 13:49 - 00008509 _____ () C:\zoek-results.log
2014-05-31 14:03 - 2012-07-21 22:29 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-31 14:03 - 2012-04-06 11:29 - 00212354 _____ () C:\Windows\PFRO.log
2014-05-31 14:03 - 2012-03-10 18:06 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-31 14:03 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 14:03 - 2006-11-02 17:22 - 00004112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-31 14:03 - 2006-11-02 17:22 - 00004112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-31 14:02 - 2014-05-31 14:02 - 00000000 ____D () C:\Users\Default\AppData\Local\Temp
2014-05-31 14:02 - 2006-11-02 17:42 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-31 13:59 - 2014-05-31 13:48 - 00000000 ____D () C:\zoek_backup
2014-05-31 13:51 - 2008-01-21 13:10 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-31 13:51 - 2008-01-21 13:09 - 00674024 _____ () C:\Windows\system32\perfh007.dat
2014-05-31 13:51 - 2008-01-21 13:09 - 00146036 _____ () C:\Windows\system32\perfc007.dat
2014-05-31 13:48 - 2014-05-31 14:02 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-31 13:47 - 2014-05-31 13:47 - 00003034 _____ () C:\Users\Hawkman\Desktop\mbam.txt
2014-05-31 13:45 - 2014-05-31 13:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-31 13:45 - 2012-03-10 17:21 - 00001356 _____ () C:\Users\Hawkman\AppData\Local\d3d9caps.dat
2014-05-31 13:44 - 2006-11-02 17:07 - 00000000 ____D () C:\Windows\DigitalLocker
2014-05-31 13:43 - 2012-06-21 13:51 - 00000000 ____D () C:\Temp
2014-05-31 13:33 - 2014-05-31 13:33 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-31 13:33 - 2014-05-31 13:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-31 13:31 - 2014-05-31 13:31 - 00000793 _____ () C:\Users\Hawkman\Desktop\JRT.txt
2014-05-31 13:28 - 2012-07-21 22:29 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-31 13:21 - 2014-05-31 13:21 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 13:16 - 2014-05-31 13:15 - 00000000 ____D () C:\AdwCleaner
2014-05-31 13:14 - 2014-05-31 13:14 - 01285120 _____ () C:\Users\Hawkman\Desktop\zoek.exe
2014-05-31 13:14 - 2014-05-31 13:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hawkman\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-31 13:12 - 2014-05-31 13:12 - 01327971 _____ () C:\Users\Hawkman\Desktop\adwcleaner_3.211.exe
2014-05-31 13:12 - 2014-05-31 13:12 - 01016261 _____ (Thisisu) C:\Users\Hawkman\Desktop\JRT.exe
2014-05-31 12:27 - 2014-05-31 12:27 - 00000000 _____ () C:\Users\Hawkman\Desktop\gmer.txt
2014-05-31 11:55 - 2012-04-09 17:20 - 00000000 ____D () C:\Users\Hawkman\Documents\Anti-Malware
2014-05-31 11:39 - 2014-05-31 11:39 - 00000476 _____ () C:\Users\Hawkman\Desktop\defogger_disable.log
2014-05-31 11:39 - 2014-05-31 11:39 - 00000000 _____ () C:\Users\Hawkman\defogger_reenable
2014-05-31 11:39 - 2012-03-10 16:46 - 00000000 ____D () C:\Users\Hawkman
2014-05-31 11:38 - 2014-05-31 11:38 - 00380416 _____ () C:\Users\Hawkman\Desktop\Gmer-19357.exe
2014-05-31 11:38 - 2014-05-31 11:38 - 00050477 _____ () C:\Users\Hawkman\Desktop\Defogger.exe
2014-05-31 11:38 - 2014-02-09 21:38 - 00000000 ____D () C:\Users\Hawkman\AppData\Local\Battle.net
2014-05-31 11:34 - 2014-05-31 11:34 - 02066944 _____ (Farbar) C:\Users\Hawkman\Desktop\FRST64.exe
2014-05-31 11:09 - 2014-02-09 21:39 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-31 10:33 - 2014-02-09 21:38 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-05-29 17:12 - 2014-05-29 17:12 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-05-29 10:49 - 2012-06-21 14:06 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-05-28 22:28 - 2014-05-28 18:28 - 00000000 ____D () C:\Users\Hawkman\AppData\Local\Genesis_05281628
2014-05-28 22:10 - 2014-05-28 22:10 - 00000930 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-05-28 18:47 - 2012-04-06 12:18 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-05-28 18:44 - 2012-07-10 18:22 - 00000000 ____D () C:\Program Files (x86)\Sony Ericsson
2014-05-20 04:44 - 2014-05-26 19:41 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-20 04:44 - 2014-05-26 19:41 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-20 04:44 - 2014-05-26 19:41 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-20 04:44 - 2014-04-06 12:59 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-20 04:44 - 2013-02-26 00:32 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-20 04:44 - 2013-02-26 00:32 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-20 04:44 - 2013-02-26 00:32 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-20 04:44 - 2013-02-26 00:32 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-20 04:44 - 2012-03-10 17:33 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-20 03:25 - 2012-03-10 17:33 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-20 03:25 - 2012-03-10 17:33 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-20 03:25 - 2012-03-10 17:33 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-05-20 03:25 - 2012-03-10 17:33 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-20 03:25 - 2012-03-10 17:33 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-20 03:25 - 2012-03-10 17:33 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-15 18:32 - 2012-04-02 19:09 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 18:32 - 2012-03-10 17:20 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 01:49 - 2014-05-26 19:43 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-14 22:54 - 2013-08-14 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:53 - 2006-11-02 14:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-12 07:26 - 2014-05-31 13:32 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-31 13:32 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-31 13:32 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 14:31 - 2012-05-04 15:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 13:28 - 2014-05-10 13:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 16:23 - 2012-07-21 22:29 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-06 16:23 - 2012-07-21 22:29 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 02:46 - 2014-05-14 22:52 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 02:21 - 2014-05-14 22:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 02:21 - 2014-05-14 22:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 01:32 - 2014-05-14 22:52 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 01:14 - 2014-05-14 22:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 01:14 - 2014-05-14 22:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-01 14:08 - 2014-05-01 14:04 - 00000000 ____D () C:\Users\Hawkman\AppData\Local\NVIDIA Corporation

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-31 13:55

==================== End Of Log ============================
--- --- ---

--- --- ---


FRST Addition Log
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014
Ran by Hawkman at 2014-05-31 14:08:29
Running from C:\Users\Hawkman\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Batman: Arkham City™ (HKLM-x32\...\GFWL_{57520FA0-AC56-469B-9983-FF1000008300}) (Version: 1.0.0000.131 - WB Games)
Batman: Arkham City™ (x32 Version: 1.0.0000.131 - WB Games) Hidden
Batman: Arkham City™ (x32 Version: 1.0.0003.131 - WB Games) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Broken Age (HKLM-x32\...\Steam App 232790) (Version:  - Double Fine Productions)
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Entertainment Center (HKLM-x32\...\Creative Entertainment Center) (Version:  - )
Creative Konsole Starter (HKLM-x32\...\Console Launcher) (Version:  - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
Creative Smart Recorder (HKLM-x32\...\Smart Recorder) (Version:  - )
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
Creative-Systeminformationen (HKLM-x32\...\SysInfo) (Version:  - )
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dropbox (HKCU\...\Dropbox) (Version: 1.4.12 - Dropbox, Inc.)
Dungeon Keeper 2 (HKLM\...\{4f94b43a-8a00-4ac4-bb94-269cf24aef97}.sdb) (Version:  - )
Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper 2_is1) (Version:  - GOG.com)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVEREST Ultimate Edition v5.00 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.00 - Lavalys, Inc.)
Genesis (HKCU\...\genesis_05281628) (Version:  - ) <==== ATTENTION
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
Kingdoms of Amalur: Reckoning™ (HKLM-x32\...\Steam App 102500) (Version:  - Big Huge Games)
Logitech Gaming Software (Version: 8.20.74 - Logitech Inc.) Hidden
Logitech Gaming Software 8.45 (HKLM\...\Logitech Gaming Software) (Version: 8.45.88 - Logitech Inc.)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.31 - Logitech Inc.)
LWS Facebook (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.31.1044.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
OMG Zombies! (HKLM-x32\...\Steam App 259870) (Version:  - Laughing Jackal LTD)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Panda ActiveScan 2.0 (HKLM-x32\...\ActiveScan 2.0) (Version: 01.04.01.0014 - Panda Security)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
ratDVD 0.78.1444 (HKLM-x32\...\ratDVD) (Version: 0.78.1444 - ratDVD)
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver For Windows Vista (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 6.236.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6037 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sound Blaster X-Fi (HKLM-x32\...\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}) (Version: 1.0 - )
SoundFont-Bank-Manager (HKLM-x32\...\SFBM) (Version: 3.21 - Creative Technology Limited)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPER © Version 2007.bld.23 (July 4, 2007) (HKLM-x32\...\SUPER ©) (Version: Version 2007.bld.23 (July 4, 2007) - eRightSoft)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.171 - TuneUp Software) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
VLC media player 0.9.8a (HKLM-x32\...\VLC media player) (Version: 0.9.8a - VideoLAN Team)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

26-05-2014 15:09:55 Windows Update
26-05-2014 17:35:30 TuneUp Utilities 2014 wird entfernt
26-05-2014 17:35:45 TuneUp Utilities 2014 (de-DE) wird entfernt
26-05-2014 17:42:19 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte
26-05-2014 17:43:43 Gerätetreiber-Paketinstallation: NVIDIA Corporation Audio-, Video- und Gamecontroller
28-05-2014 16:42:41 Removed HTC Sync Manager.
29-05-2014 08:49:23 Removed IPTInstaller
30-05-2014 11:10:28 Windows Update
31-05-2014 10:58:44 Geplanter Prüfpunkt
31-05-2014 11:49:21 zoek.exe restore point

==================== Hosts content: ==========================

2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {03AC5D39-F011-429B-BB9B-1729B0440FA3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-278007793-2155089085-3509408855-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0FBC7381-9F8A-451C-87E9-E5A8A517CF0F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21] (Google Inc.)
Task: {17E550FF-2E30-4AE1-8432-F3240F20DBF6} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-278007793-2155089085-3509408855-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {19933889-AED7-4F49-882A-F7680636B544} - System32\Tasks\Core Temp Autostart Hawkman => C:\Program Files\Core Temp\Core Temp.exe [2012-01-25] ()
Task: {20F1BE95-73B7-44A6-B826-11B64E3C1F76} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-278007793-2155089085-3509408855-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {2D36D285-8E89-4DFD-8A4F-4A7EFF870FF1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {4DD572F8-D1CE-4F71-B0EF-A24D12118CCE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21] (Google Inc.)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {7B07942C-FE37-4E5C-9DF6-B4FBD23B422E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8F7B4613-970E-4935-9EF1-3DB5F8695593} - \6502893c-981f-40c9-acb5-39f9a7cc5219-1 No Task File <==== ATTENTION
Task: {9B8B340A-6CF3-4C07-B679-9AC7B57FE42F} - \6502893c-981f-40c9-acb5-39f9a7cc5219-3 No Task File <==== ATTENTION
Task: {BA115A58-7AB7-4EDA-A2CE-3CC8BB413AB5} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-278007793-2155089085-3509408855-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {C51A2241-CE24-478C-A7EF-48D32C46DEA5} - \6502893c-981f-40c9-acb5-39f9a7cc5219-4 No Task File <==== ATTENTION
Task: {C564EB4D-CA53-4E6C-943D-7F1553C6CFE3} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {D541636E-54B0-41D4-833A-36E6EBA620C5} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {DF4F3C8C-58E2-46E2-A7D7-E450C5591B1C} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {ED131D6C-F59A-4A08-8D4F-1239B696BAD1} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {ED34D3F7-A43A-454F-8F8C-04C6F704EB4B} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => c:\program files (x86)\real\realplayer\Update\realsched.exe [2013-01-01] (RealNetworks, Inc.)
Task: {F1D700E4-013C-459D-893A-9B8AFA7EA670} - \6502893c-981f-40c9-acb5-39f9a7cc5219-5 No Task File <==== ATTENTION
Task: {F23FDD5A-AE8C-416C-80A0-7185604E4015} - \6502893c-981f-40c9-acb5-39f9a7cc5219-2 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-04-05 18:53 - 2012-04-30 22:59 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-03-24 18:21 - 2012-01-25 15:59 - 00848336 _____ () C:\Program Files\Core Temp\Core Temp.exe
2014-05-22 18:06 - 2014-04-30 02:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-04-22 23:13 - 2014-04-30 02:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-05-22 18:06 - 2014-04-30 02:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-01-08 03:47 - 2014-04-30 02:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-03-12 18:10 - 2014-05-17 03:36 - 00756224 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 18:06 - 2014-05-29 19:37 - 02139840 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-22 18:06 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2012-03-10 18:07 - 2014-05-29 19:36 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.dll
2012-03-10 18:07 - 2014-05-02 01:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-03-15 19:41 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-03-15 19:41 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-03-15 19:41 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2012-03-10 17:46 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2012-03-10 17:46 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2012-03-10 17:45 - 2006-06-09 15:20 - 00003072 _____ () C:\Windows\system32\CTXFIGER.DLL

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Core Temp => "F:\format ordner\Core Temp.exe"
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

==================== Faulty Device Manager Devices =============

Name: Marvell 91xx Config ATA Device
Description: Marvell 91xx Config ATA Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2014 02:04:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2014 01:45:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/31/2014 01:44:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/31/2014 01:58:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (05/31/2014 01:58:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (05/31/2014 01:58:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (05/31/2014 01:58:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (05/31/2014 01:58:55 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart


Microsoft Office Sessions:
=========================
Error: (05/31/2014 02:04:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2014 01:45:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe

Error: (05/31/2014 01:44:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-05-31 14:08:26.620
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-31 14:08:26.542
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-31 14:08:26.449
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-31 14:08:26.371
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-31 14:08:26.293
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-31 14:08:26.215
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-31 14:08:26.121
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-31 14:08:26.043
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-31 14:08:25.903
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-31 14:08:25.825
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 6134.17 MB
Available physical RAM: 3816.11 MB
Total Pagefile: 12465.86 MB
Available Pagefile: 9767.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.57 GB) (Free:93.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Daten) (Fixed) (Total:279.46 GB) (Free:273.53 GB) NTFS
Drive f: (sonstige) (Fixed) (Total:596.17 GB) (Free:351.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Spiele) (Fixed) (Total:279.46 GB) (Free:139.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 279 GB) (Disk ID: 2B8AEECE)
Partition 1: (Active) - (Size=279 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 1FD977CD)
Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 279 GB) (Disk ID: EE8CEE8C)
Partition 1: (Not Active) - (Size=279 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or Vista) (Size: 224 GB) (Disk ID: D35B7485)
Partition 1: (Active) - (Size=224 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B 31.05.2014 14:27
Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
C:\Users\Hawkman\AppData\Local\Genesis_05281628
Task: {8F7B4613-970E-4935-9EF1-3DB5F8695593} - \6502893c-981f-40c9-acb5-39f9a7cc5219-1 No Task File <==== ATTENTION
Task: {9B8B340A-6CF3-4C07-B679-9AC7B57FE42F} - \6502893c-981f-40c9-acb5-39f9a7cc5219-3 No Task File <==== ATTENTION
Task: {C51A2241-CE24-478C-A7EF-48D32C46DEA5} - \6502893c-981f-40c9-acb5-39f9a7cc5219-4 No Task File <==== ATTENTION
Task: {D541636E-54B0-41D4-833A-36E6EBA620C5} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {DF4F3C8C-58E2-46E2-A7D7-E450C5591B1C} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {F1D700E4-013C-459D-893A-9B8AFA7EA670} - \6502893c-981f-40c9-acb5-39f9a7cc5219-5 No Task File <==== ATTENTION
Task: {F23FDD5A-AE8C-416C-80A0-7185604E4015} - \6502893c-981f-40c9-acb5-39f9a7cc5219-2 No Task File <==== ATTENTION
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :regfind
    Genesis
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von SystemLook,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Hawkman 31.05.2014 17:06
Alles geschafft, hier die Logs

FRST Fixlog
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2014
Ran by Hawkman at 2014-05-31 15:31:22 Run:1
Running from C:\Users\Hawkman\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Users\Hawkman\AppData\Local\Genesis_05281628
Task: {8F7B4613-970E-4935-9EF1-3DB5F8695593} - \6502893c-981f-40c9-acb5-39f9a7cc5219-1 No Task File <==== ATTENTION
Task: {9B8B340A-6CF3-4C07-B679-9AC7B57FE42F} - \6502893c-981f-40c9-acb5-39f9a7cc5219-3 No Task File <==== ATTENTION
Task: {C51A2241-CE24-478C-A7EF-48D32C46DEA5} - \6502893c-981f-40c9-acb5-39f9a7cc5219-4 No Task File <==== ATTENTION
Task: {D541636E-54B0-41D4-833A-36E6EBA620C5} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {DF4F3C8C-58E2-46E2-A7D7-E450C5591B1C} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {F1D700E4-013C-459D-893A-9B8AFA7EA670} - \6502893c-981f-40c9-acb5-39f9a7cc5219-5 No Task File <==== ATTENTION
Task: {F23FDD5A-AE8C-416C-80A0-7185604E4015} - \6502893c-981f-40c9-acb5-39f9a7cc5219-2 No Task File <==== ATTENTION
Reboot:
end
       
*****************

C:\Users\Hawkman\AppData\Local\Genesis_05281628 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F7B4613-970E-4935-9EF1-3DB5F8695593} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F7B4613-970E-4935-9EF1-3DB5F8695593} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6502893c-981f-40c9-acb5-39f9a7cc5219-1 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B8B340A-6CF3-4C07-B679-9AC7B57FE42F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B8B340A-6CF3-4C07-B679-9AC7B57FE42F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6502893c-981f-40c9-acb5-39f9a7cc5219-3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C51A2241-CE24-478C-A7EF-48D32C46DEA5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C51A2241-CE24-478C-A7EF-48D32C46DEA5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6502893c-981f-40c9-acb5-39f9a7cc5219-4 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D541636E-54B0-41D4-833A-36E6EBA620C5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D541636E-54B0-41D4-833A-36E6EBA620C5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF4F3C8C-58E2-46E2-A7D7-E450C5591B1C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF4F3C8C-58E2-46E2-A7D7-E450C5591B1C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F1D700E4-013C-459D-893A-9B8AFA7EA670} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1D700E4-013C-459D-893A-9B8AFA7EA670} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6502893c-981f-40c9-acb5-39f9a7cc5219-5 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F23FDD5A-AE8C-416C-80A0-7185604E4015} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F23FDD5A-AE8C-416C-80A0-7185604E4015} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6502893c-981f-40c9-acb5-39f9a7cc5219-2 => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog ====
SystemLook log
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 15:34 on 31/05/2014 by Hawkman
Administrator - Elevation successful

========== regfind ==========

Searching for "Genesis"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\genesis_05281628]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\genesis_05281628]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\genesis_05281628]
"DisplayName"="Genesis"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\genesis_05281628]
"UninstallString"=""c:\users\hawkman\appdata\local\genesis_05281628\genesis_05281628.exe" /x"
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication]
"Name"="Genesis_05281628.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CA5DA7C-766B-4B48-9C8C-AC968947A444}]
@="Genesis Teletext SpecialAdvise"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AD4A902-0FC5-467E-BC42-CFE1EBB70CA5}]
@="Genesis Teletext Surrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84D61430-959F-4146-8402-DDA7019EF00A}]
@="Genesis Teletext PageAdvise"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97867603-A899-11D2-A6E6-0020AF5C86D3}]
@="Genesis Teletext StationAdvise"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4950D6B-64DC-4215-A1B7-85F8C9366A87}]
@="Genesis Teletext ServiceDataAdvise"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD6C8933-F31B-4F43-B5E4-0541C1452F6F}]
@="Genesis Teletext Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B245DF02-BDB3-41AA-A531-86ED2A1367D9}]
@="Genesis Teletext SearchAdvise"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB34E35D-D416-4D6C-8D5F-70C8AAC726C1}]
@="Genesis Teletext HeaderAdvise"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3BAA3119-ECA1-4A32-9A08-595E71AE9DA9}\1.0]
@="Genesis Teletext Server 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CA5DA7C-766B-4B48-9C8C-AC968947A444}]
@="Genesis Teletext SpecialAdvise"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7AD4A902-0FC5-467E-BC42-CFE1EBB70CA5}]
@="Genesis Teletext Surrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84D61430-959F-4146-8402-DDA7019EF00A}]
@="Genesis Teletext PageAdvise"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{97867603-A899-11D2-A6E6-0020AF5C86D3}]
@="Genesis Teletext StationAdvise"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4950D6B-64DC-4215-A1B7-85F8C9366A87}]
@="Genesis Teletext ServiceDataAdvise"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AD6C8933-F31B-4F43-B5E4-0541C1452F6F}]
@="Genesis Teletext Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B245DF02-BDB3-41AA-A531-86ED2A1367D9}]
@="Genesis Teletext SearchAdvise"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FB34E35D-D416-4D6C-8D5F-70C8AAC726C1}]
@="Genesis Teletext HeaderAdvise"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3BAA3119-ECA1-4A32-9A08-595E71AE9DA9}\1.0]
@="Genesis Teletext Server 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{4CA5DA7C-766B-4B48-9C8C-AC968947A444}]
@="Genesis Teletext SpecialAdvise"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7AD4A902-0FC5-467E-BC42-CFE1EBB70CA5}]
@="Genesis Teletext Surrogate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{84D61430-959F-4146-8402-DDA7019EF00A}]
@="Genesis Teletext PageAdvise"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{97867603-A899-11D2-A6E6-0020AF5C86D3}]
@="Genesis Teletext StationAdvise"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A4950D6B-64DC-4215-A1B7-85F8C9366A87}]
@="Genesis Teletext ServiceDataAdvise"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AD6C8933-F31B-4F43-B5E4-0541C1452F6F}]
@="Genesis Teletext Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B245DF02-BDB3-41AA-A531-86ED2A1367D9}]
@="Genesis Teletext SearchAdvise"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FB34E35D-D416-4D6C-8D5F-70C8AAC726C1}]
@="Genesis Teletext HeaderAdvise"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3BAA3119-ECA1-4A32-9A08-595E71AE9DA9}\1.0]
@="Genesis Teletext Server 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication]
"Name"="Genesis_05281628.exe"
[HKEY_USERS\S-1-5-21-278007793-2155089085-3509408855-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\genesis_05281628]
[HKEY_USERS\S-1-5-21-278007793-2155089085-3509408855-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\genesis_05281628]
[HKEY_USERS\S-1-5-21-278007793-2155089085-3509408855-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\genesis_05281628]
"DisplayName"="Genesis"
[HKEY_USERS\S-1-5-21-278007793-2155089085-3509408855-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\genesis_05281628]
"UninstallString"=""c:\users\hawkman\appdata\local\genesis_05281628\genesis_05281628.exe" /x"
[HKEY_USERS\S-1-5-21-278007793-2155089085-3509408855-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication]
"Name"="Genesis_05281628.exe"
[HKEY_USERS\S-1-5-21-278007793-2155089085-3509408855-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication]
"Name"="Genesis_05281628.exe"

Searching for "        "
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0]
"ProcessorNameString"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1]
"ProcessorNameString"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2]
"ProcessorNameString"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\3]
"ProcessorNameString"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\4]
"ProcessorNameString"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\5]
"ProcessorNameString"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\6]
"ProcessorNameString"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\7]
"ProcessorNameString"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{3F6FD543-BAC4-44BE-9749-90814FB14AC0}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{78D8CC82-372F-44e4-B70C-8944DB7BCC24}">
                <Descriptor descriptorID="{ABE23B46-7F9F-495b-B4A9-87F41743727F}"/>
                <Descriptor descriptorID="{4BDB9E0D-53CF-4a28-865F-B315818E7627}"/>
                <Descriptor descriptorID="{67987CC4-6B79-4c6b-B3F0-3B6D8677BBEC}"/>
                <Descriptor descriptorID="{7E0BC004-F80B-402d-A1FC-5FCDFF04DAB1}"/>
            </Rating>
            <Rating ratingSystemID="{5B39D1B8-ED49-4055-8A47-04B29A579AD6}" ratingID="{60665875-9C7B-4104-8124-C2094BA9A48B}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{72C4EED7-DC34-4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{9784A9D7-07DD-B856-B1B8-E1941FFB71B3}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}">
                <Descriptor descriptorID="{5D69B8E0-5CC6-4036-91FD-9BDC999BA634}"/>
                <Descriptor descriptorID="{0CFCF432-3544-4f78-9426-07A36843E6BA}"/>
                <Descriptor descriptorID="{22F2530E-A42D-4351-A7F1-0242CFEFF822}"/>
                <Descriptor descriptorID="{B54162A2-F67F-46dc-9ED5-F6067520EC94}"/>
                <Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/>
            </Rating>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{044D131F-D763-4975-9BB4-8C24CC331063}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rati
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{BB4A6224-7C0B-4EDE-ACD1-6293A0D63785}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{068D40C4-7809-4c67-8FEA-DA457CF990B4}"/>
            <Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{F7066480-67CC-4697-9B47-7E534B74089D}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{5B39D1B8-ED49-4055-8A47-04B29A579AD6}" ratingID="{9AE7AC26-0F9A-4f59-A167-00E4F6C96E26}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{97D9239C-2BA
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{E8AE0286-9A63-4F4F-B479-0E4E4A2A8EB5}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{78D8CC82-372F-44e4-B70C-8944DB7BCC24}">
                <Descriptor descriptorID="{ABE23B46-7F9F-495b-B4A9-87F41743727F}"/>
                <Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/>
            </Rating>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{E2681CD6-318A-4935-8275-AF657045C333}"/>
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{72C4EED7-DC34-4308-BC61-4819752AC408}"/>
        </Ratings>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{F1AB869D-89BC-4FC9-B966-FE7B566543D0}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}">
                <Descriptor descriptorID="{ABE23B46-7F9F-495b-B4A9-87F41743727F}"/>
                <Descriptor descriptorID="{22F2530E-A42D-4351-A7F1-0242CFEFF822}"/>
                <Descriptor descriptorID="{B54162A2-F67F-46dc-9ED5-F6067520EC94}"/>
                <Descriptor descriptorID="{E3C19090-88A0-4f49-870E-F104978B21AA}"/>
                <Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/>
            </Rating>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{044D131F-D763-4975-9BB4-8C24CC331063}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rati
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="            <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                <InitializationParameters>                    <Param Name="PSVersion" Value="2.0"/>                </InitializationParameters>                <Resources>                    <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                        <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                        <Capability Type="Shell"/>                    </Resource>                </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="            <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                <InitializationParameters>                    <Param Name="PSVersion" Value="2.0"/>                </InitializationParameters>                <Resources>                    <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                        <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                        <Capability Type="Shell"/>                    </Resource>         
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_0]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_1]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_2]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_3]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_4]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_5]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_6]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_7]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_U1&REV_1.0#012251000315916&0#]
"DeviceDesc"="U1              "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_0]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_1]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_2]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_3]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_4]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_5]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_6]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_7]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_U1&REV_1.0#012251000315916&0#]
"DeviceDesc"="U1              "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_0]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_1]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_2]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_3]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_4]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_5]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_6]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_EM64T_Family_6_Model_26\_7]
"FriendlyName"="Intel(R) Core(TM) i7 CPU        920  @ 2.67GHz"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_U1&REV_1.0#012251000315916&0#]
"DeviceDesc"="U1              "

-= EOF =-

ESET log
Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=f55835343d2fc14d800684dfd26e619a
# engine=18492
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-31 03:55:54
# local_time=2014-05-31 05:55:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 4996725 95729364 0 0
# scanned=209818
# found=17
# cleaned=0
# scan_time=7556
sh=A76AAB6B6EBB2A90837AAFB79A7EC9D9AB347482 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQ-Video-Pro-1.9\360-53172.crx.vir"
sh=B1CA0ED8F30E900B5E6E38A3C6A33AC226A28920 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQ-Video-Pro-1.9\53172.crx.vir"
sh=595987BCD5B456BA971B49F782716E99147D9C9D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQ-Video-Pro-1.9\53172.xpi.vir"
sh=9B0CD47375E74928FC87EA411D5D32A037D31219 ft=1 fh=472f0ac724632dad vn="Variante von Win32/Toolbar.CrossRider.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQ-Video-Pro-1.9\6502893c-981f-40c9-acb5-39f9a7cc5219-2.exe.vir"
sh=18ABCF03C6463FB772C5F62306363FA90097EF72 ft=1 fh=1e67b1f577fc794c vn="Variante von Win32/Toolbar.CrossRider.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQ-Video-Pro-1.9\6502893c-981f-40c9-acb5-39f9a7cc5219-4.exe.vir"
sh=083FABBF246FF54823894E0339F9E29693561D1A ft=1 fh=088d844f12d315d2 vn="möglicherweise Variante von Win64/Toolbar.Crossrider.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQ-Video-Pro-1.9\HQ-Video-Pro-1.9-bho64.dll.vir"
sh=AD31375D2596709FFB1CA59D587F1725835ECCB6 ft=1 fh=1d47332f5f042d8b vn="Variante von Win32/Packed.VMDetector.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQ-Video-Pro-1.9\utils.exe.vir"
sh=DB7E9B25D21E340CA52A6C2B56D3EF714D8CC15D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\266.js.vir"
sh=3972109B1974BEA7EAA2CFCAF92269548E9C2E72 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Hawkman\AppData\Roaming\Mozilla\Firefox\Profiles\5lfavana.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\91.js.vir"
sh=F332E792477AB886F4E5FC5135D59DB11E1C9357 ft=1 fh=04fa1a40bc4ed021 vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\coretemp_1236.exe"
sh=DA0B51FE31DCD003685F33F34AC0B22DF5C428B8 ft=1 fh=3baf4399311537bf vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\FreeAudioCDBurner.exe"
sh=D120504EDF4883AAC4125298B73910942DF5CF77 ft=1 fh=112637025962ddc6 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\FreeVideoToAndroidConverter_5.0.15.exe"
sh=B1AED72A1D18E7E5913F50A276BAC4FB395EDBF3 ft=1 fh=2d7b831192f34a09 vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\SoftonicDownloader_fuer_heaven-benchmark.exe"
sh=1C0592B6702B2B3E53BD0D104DF30CF69E2F43CC ft=1 fh=1c9606981d81f613 vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\SoftonicDownloader_fuer_ratdvd.exe"
sh=524EC032A36FC331E5CD348687D2FBB6B54C5BDA ft=1 fh=3fb11d25ef1df2af vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="F:\fsSetup131.exe"
sh=E535ECD0508367568242C2308C2BFC192E668D30 ft=1 fh=1683bc139d84c090 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="F:\Nero-9.4.12.3d_free.exe"
sh=F5DAAD77C78C24AC17B8330B1753D45E3549C05D ft=1 fh=da8503d961e76b0e vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="F:\sonstiges\Programme\coretemp_1236.exe"
SecurityCheck log
Code:
Results of screen317's Security Check version 0.99.83 
 Windows Vista Service Pack 2 x64 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials 
Emsisoft Anti-Malware         
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 TuneUp Utilities Language Pack (de-DE)
 Java 7 Update 55 
 Adobe Flash Player        13.0.0.214 
 Adobe Reader 10.1.9 Adobe Reader out of Date! 
 Mozilla Firefox (29.0.1)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Emsisoft Anti-Malware a2service.exe 
 EMSISOFT ANTI-MALWARE a2guard.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

M-K-D-B 31.05.2014 18:03
Reste entfernen
Schließe wie beim ESET Scan externe Laufwerke an und entferne die folgenden Dateien per Hand:
Zitat:
sh=F332E792477AB886F4E5FC5135D59DB11E1C9357 ft=1 fh=04fa1a40bc4ed021 vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\coretemp_1236.exe"
sh=DA0B51FE31DCD003685F33F34AC0B22DF5C428B8 ft=1 fh=3baf4399311537bf vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\FreeAudioCDBurner.exe"
sh=D120504EDF4883AAC4125298B73910942DF5CF77 ft=1 fh=112637025962ddc6 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\FreeVideoToAndroidConverter_5.0.15.exe"
sh=B1AED72A1D18E7E5913F50A276BAC4FB395EDBF3 ft=1 fh=2d7b831192f34a09 vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\SoftonicDownloader_fuer_heaven-benchmark.exe"
sh=1C0592B6702B2B3E53BD0D104DF30CF69E2F43CC ft=1 fh=1c9606981d81f613 vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="E:\Downloads\SoftonicDownloader_fuer_ratdvd.exe"
sh=524EC032A36FC331E5CD348687D2FBB6B54C5BDA ft=1 fh=3fb11d25ef1df2af vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="F:\fsSetup131.exe"
sh=E535ECD0508367568242C2308C2BFC192E668D30 ft=1 fh=1683bc139d84c090 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="F:\Nero-9.4.12.3d_free.exe"
sh=F5DAAD77C78C24AC17B8330B1753D45E3549C05D ft=1 fh=da8503d961e76b0e vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="F:\sonstiges\Programme\coretemp_1236.exe"






Mehrere Anti-Virus-Programme

Code:
Microsoft Security Essentials
Emsisoft Anti-Malware
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.

Zitat:
Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."





Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.




Schritt 1
Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren.
Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren.
Deinstalliere die folgenden Programme von deinem Rechner:
  • Java 7 Update 55
Starte deinen Rechner nach der Deinstallation neu auf.
Downloade und installiere dir bitte nun:Starte deinen Rechner nach der Installation neu auf.





Schritt 2
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
    Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Hawkman 31.05.2014 18:50
Noch einmal vielen Dank für die schnelle Hilfe.
Habe alles durchgeführt und mir den AdwCleaner noch runtergeladen. Empfiehlt es sich Malwarebytes Anti Malware zu kaufen?
Da Du geschrieben hast das Microsoft Security Essentials als kostenloses Programm zu empfehlen ist, habe ich Emsisoft deinstalliert.
:dankeschoen:

M-K-D-B 31.05.2014 19:10
Zitat:
Zitat von Hawkman (Beitrag 1308894)
Habe alles durchgeführt und mir den AdwCleaner noch runtergeladen. Empfiehlt es sich Malwarebytes Anti Malware zu kaufen?
Ich verwende MBAM in der Free Version und scanne damit einmal die Woche meinen Rechner, nachdem ich ein Update gemacht habe. :)

Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132