Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Habe ein Problem mit svchost. (Hohe auslastung des Arbeitsspeichers) (https://www.trojaner-board.de/153207-habe-problem-svchost-hohe-auslastung-arbeitsspeichers.html)

MaZZ21 29.04.2014 03:59
Habe ein Problem mit svchost. (Hohe auslastung des Arbeitsspeichers)
 
Außerdem ist die Festplatte ständig aktiv.

cosinus 29.04.2014 11:13
Hallo und :hallo:

Lesestoff:
Bitte keine Hijackthis-Logfiles posten!!!

Zitat:
Zitat von Larusso (Beitrag 614538)
Uns ist klar, dass HijackThis wahrscheinlich eines der bekanntesten Analysetools ist.
Jedoch scannt es nur noch sehr oberflächlich und gibt uns für eine genaue Analyse eures Systems zu wenig Informationen.

Darum, bitte keine HijackThis Logfiles posten, sondern folgendes lesen und abarbeiten.

http://www.trojaner-board.de/69886-a...-beachten.html

Nur mit diesen Informationen können wir euch helfen.

Danke :daumenhoc



Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

MaZZ21 29.04.2014 12:46
Andere logs hab ich leider nicht.:(


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014
Ran by MaZZ21 (administrator) on GAME2 on 29-04-2014 13:40:06
Running from C:\Users\MaZZ21\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Italian Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dropbox, Inc.) C:\Users\MaZZ21\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) E:\Malwarebytes' Anti-Malware\mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-15] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)
HKU\S-1-5-21-3326291706-2201942250-4221259721-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [33120 2010-08-20] (Alcohol Soft Development Team)
HKU\S-1-5-21-3326291706-2201942250-4221259721-1000\...\MountPoints2: {e73d39d1-ce38-11df-bc2b-806e6f6e6963} - F:\Autorun.exe
Startup: C:\Users\MaZZ21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\MaZZ21\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x52E93BEA948ECB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{A7A98D77-7490-4573-B896-2448FB862755}: [NameServer]192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\MaZZ21\AppData\Roaming\Mozilla\Firefox\Profiles\1jx9uaim.default
FF SelectedSearchEngine: Google
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.6 - E:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - E:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - E:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - E:\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\MaZZ21\AppData\Roaming\Mozilla\Firefox\Profiles\1jx9uaim.default\searchplugins\conduit-search.xml
FF Extension: Adblock Plus - C:\Users\MaZZ21\AppData\Roaming\Mozilla\Firefox\Profiles\1jx9uaim.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-22]
FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird\

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-05-12] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-09-14] (soft Xpansion)

==================== Drivers (Whitelisted) ====================

S3 arusb_win7x; C:\Windows\System32\DRIVERS\arusb_win7x.sys [769024 2009-11-26] (Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-12-01] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-12-06] (GFI Software)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-08-29] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-12-01] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564792 2012-01-29] (Duplex Secure Ltd.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [44848 2011-05-16] (Oracle Corporation)
U3 a1c27ujh; C:\Windows\System32\Drivers\a1c27ujh.sys [0 ] (Advanced Micro Devices)
U3 aa5g2hjz; No ImagePath
S3 amdkmdag; system32\DRIVERS\atikmdag.sys [X]
S3 cpuz130; \??\C:\Users\MaZZ21\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-29 12:29 - 2014-04-29 12:36 - 00004200 _____ () C:\Users\MaZZ21\Desktop\Rkill.txt
2014-04-29 12:28 - 2014-04-29 13:40 - 00013201 _____ () C:\Users\MaZZ21\Downloads\FRST.txt
2014-04-29 12:28 - 2014-04-29 12:28 - 00000000 ____D () C:\FRST
2014-04-29 12:27 - 2014-04-29 12:28 - 02061824 _____ (Farbar) C:\Users\MaZZ21\Downloads\FRST64.exe
2014-04-29 04:39 - 2014-04-29 04:39 - 00007711 _____ () C:\Users\MaZZ21\Downloads\hijackthis.log
2014-04-29 04:38 - 2014-04-29 04:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\MaZZ21\Downloads\hijackthis.exe
2014-04-29 04:31 - 2014-04-29 04:31 - 00009037 _____ () C:\Users\MaZZ21\Desktop\RKreport[0]_D_04292014_043107.txt
2014-04-29 04:31 - 2014-04-29 04:31 - 00001380 _____ () C:\Users\MaZZ21\Desktop\RKreport[0]_H_04292014_043123.txt
2014-04-29 04:31 - 2014-04-29 04:31 - 00000803 _____ () C:\Users\MaZZ21\Desktop\RKreport[0]_PR_04292014_043126.txt
2014-04-29 04:31 - 2014-04-29 04:31 - 00000767 _____ () C:\Users\MaZZ21\Desktop\RKreport[0]_DN_04292014_043148.txt
2014-04-29 04:29 - 2014-04-29 04:29 - 00008960 _____ () C:\Users\MaZZ21\Desktop\RKreport[0]_S_04292014_042955.txt
2014-04-29 04:26 - 2014-04-29 04:31 - 00000000 ____D () C:\Users\MaZZ21\Desktop\RK_Quarantine
2014-04-29 03:11 - 2014-04-29 03:11 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\MaZZ21\Downloads\rkill64.exe
2014-04-29 02:36 - 2014-04-29 02:36 - 00006377 _____ () C:\Users\MaZZ21\Downloads\SafeBoot.zip
2014-04-29 00:43 - 2014-04-29 02:21 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-29 00:42 - 2014-04-29 01:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-29 00:21 - 2014-04-29 00:21 - 04527616 _____ () C:\Users\MaZZ21\Downloads\RogueKillerX64.exe
2014-04-28 23:56 - 2014-04-28 23:56 - 01243655 _____ () C:\Users\MaZZ21\Downloads\processexplorer.zip
2014-04-28 18:47 - 2014-04-28 18:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-28 18:47 - 2013-12-19 20:53 - 06671648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-04-28 18:47 - 2013-12-19 20:53 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-04-28 18:47 - 2013-12-19 20:53 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-04-28 18:47 - 2013-12-19 20:53 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-04-28 18:47 - 2013-12-19 20:53 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-04-28 18:47 - 2013-12-19 07:01 - 03539040 _____ () C:\Windows\system32\nvcoproc.bin
2014-04-28 18:46 - 2013-12-19 22:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-04-28 18:46 - 2013-12-19 22:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 03071656 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 02698272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 00023754 _____ () C:\Windows\system32\nvinfo.pb
2014-04-28 18:45 - 2014-04-28 18:45 - 00000000 ____D () C:\NVIDIA
2014-04-28 17:35 - 2014-04-28 17:31 - 00450643 ____R () C:\Windows\system32\Drivers\etc\hosts.20140428-173528.backup
2014-04-28 15:59 - 2014-04-28 15:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\MaZZ21\Downloads\rkill.exe
2014-04-28 14:58 - 2014-04-28 14:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-28 14:41 - 2014-04-28 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-04-28 14:41 - 2014-04-28 14:41 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-04-28 12:42 - 2014-04-28 12:42 - 00000000 ____D () C:\Users\MaZZ21\AppData\Roaming\LavasoftStatistics
2014-04-28 12:22 - 2014-04-28 12:22 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-04-27 12:52 - 2014-04-27 12:52 - 00000000 ____D () C:\Users\MaZZ21\AppData\Local\AVG
2014-04-27 12:50 - 2014-04-27 13:07 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-04-25 00:55 - 2014-04-25 00:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-25 00:55 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-25 00:55 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-23 16:20 - 2014-04-23 16:20 - 00051024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcomp100.dll
2014-04-23 14:16 - 2014-04-23 14:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-18 18:07 - 2014-04-18 18:07 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-10 11:21 - 2014-04-29 12:23 - 00002488 _____ () C:\Windows\setupact.log
2014-04-10 11:21 - 2014-04-10 11:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-09 01:05 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 01:05 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 01:05 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-09 01:05 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 01:05 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-09 01:05 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-09 01:05 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-09 01:05 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 01:05 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 01:05 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-09 01:05 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 01:05 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 01:05 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-09 01:05 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-09 01:05 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-09 01:05 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-09 01:05 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 01:05 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-09 01:05 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-09 01:05 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-09 01:05 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-09 01:05 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-09 01:05 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-09 01:05 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-09 01:05 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-09 01:05 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-09 01:05 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-09 01:05 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-09 01:05 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-09 01:05 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-09 01:05 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-09 01:05 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-09 01:05 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-09 01:05 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 01:05 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-09 01:05 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-09 01:05 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-09 01:05 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-09 01:05 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 01:05 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-09 01:05 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-09 01:05 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-09 01:05 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 01:05 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 01:05 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-09 01:05 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-09 01:05 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-09 01:05 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 01:03 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 01:03 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 01:03 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 01:03 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 01:03 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 01:03 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 01:03 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 01:03 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 01:03 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 01:03 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 01:03 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 01:03 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 01:03 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 01:03 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 01:03 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 01:03 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 01:02 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-01 16:46 - 2014-04-01 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-04-01 16:43 - 2014-04-01 16:43 - 00000000 ____D () C:\Users\MaZZ21\AppData\Local\Foxit Reader
2014-03-31 19:19 - 2014-04-27 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys

==================== One Month Modified Files and Folders =======

2014-04-29 13:40 - 2014-04-29 12:28 - 00013201 _____ () C:\Users\MaZZ21\Downloads\FRST.txt
2014-04-29 12:49 - 2013-08-27 14:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-29 12:36 - 2014-04-29 12:29 - 00004200 _____ () C:\Users\MaZZ21\Desktop\Rkill.txt
2014-04-29 12:31 - 2010-10-02 17:26 - 01580091 _____ () C:\Windows\WindowsUpdate.log
2014-04-29 12:31 - 2009-07-14 06:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-29 12:31 - 2009-07-14 06:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-29 12:28 - 2014-04-29 12:28 - 00000000 ____D () C:\FRST
2014-04-29 12:28 - 2014-04-29 12:27 - 02061824 _____ (Farbar) C:\Users\MaZZ21\Downloads\FRST64.exe
2014-04-29 12:25 - 2013-07-27 22:34 - 00000000 ___RD () C:\Users\MaZZ21\Dropbox
2014-04-29 12:25 - 2013-07-27 22:32 - 00000000 ____D () C:\Users\MaZZ21\AppData\Roaming\Dropbox
2014-04-29 12:24 - 2010-10-04 13:03 - 00000000 ____D () C:\Users\MaZZ21\AppData\Local\LogMeIn Hamachi
2014-04-29 12:23 - 2014-04-10 11:21 - 00002488 _____ () C:\Windows\setupact.log
2014-04-29 12:23 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-29 04:49 - 2013-08-27 14:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 04:49 - 2013-08-27 14:03 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 04:49 - 2013-08-27 14:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 04:39 - 2014-04-29 04:39 - 00007711 _____ () C:\Users\MaZZ21\Downloads\hijackthis.log
2014-04-29 04:39 - 2010-10-02 17:37 - 00000000 ____D () C:\Users\MaZZ21\AppData\Local\VirtualStore
2014-04-29 04:38 - 2014-04-29 04:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\MaZZ21\Downloads\hijackthis.exe
2014-04-29 04:31 - 2014-04-29 04:31 - 00009037 _____ () C:\Users\MaZZ21\Desktop\RKreport[0]_D_04292014_043107.txt
2014-04-29 04:31 - 2014-04-29 04:31 - 00001380 _____ () C:\Users\MaZZ21\Desktop\RKreport[0]_H_04292014_043123.txt
2014-04-29 04:31 - 2014-04-29 04:31 - 00000803 _____ () C:\Users\MaZZ21\Desktop\RKreport[0]_PR_04292014_043126.txt
2014-04-29 04:31 - 2014-04-29 04:31 - 00000767 _____ () C:\Users\MaZZ21\Desktop\RKreport[0]_DN_04292014_043148.txt
2014-04-29 04:31 - 2014-04-29 04:26 - 00000000 ____D () C:\Users\MaZZ21\Desktop\RK_Quarantine
2014-04-29 04:29 - 2014-04-29 04:29 - 00008960 _____ () C:\Users\MaZZ21\Desktop\RKreport[0]_S_04292014_042955.txt
2014-04-29 04:15 - 2010-10-02 19:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-29 03:19 - 2010-01-31 11:25 - 00000741 ____R () C:\Windows\system32\Drivers\etc\hosts.20140429-032844.backup
2014-04-29 03:11 - 2014-04-29 03:11 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\MaZZ21\Downloads\rkill64.exe
2014-04-29 02:47 - 2011-01-04 13:48 - 00000000 ____D () C:\Users\MaZZ21\Tracing
2014-04-29 02:36 - 2014-04-29 02:36 - 00006377 _____ () C:\Users\MaZZ21\Downloads\SafeBoot.zip
2014-04-29 02:25 - 2011-05-23 02:57 - 00007592 _____ () C:\Users\MaZZ21\AppData\Local\resmon.resmoncfg
2014-04-29 02:21 - 2014-04-29 00:43 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-29 01:01 - 2014-04-29 00:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-29 00:29 - 2010-01-31 11:25 - 00000741 ____R () C:\Windows\system32\Drivers\etc\hosts.20140429-030857.backup
2014-04-29 00:21 - 2014-04-29 00:21 - 04527616 _____ () C:\Users\MaZZ21\Downloads\RogueKillerX64.exe
2014-04-28 23:56 - 2014-04-28 23:56 - 01243655 _____ () C:\Users\MaZZ21\Downloads\processexplorer.zip
2014-04-28 23:52 - 2014-01-21 00:25 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-04-28 18:47 - 2014-04-28 18:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-28 18:47 - 2014-02-28 17:41 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-28 18:47 - 2012-05-11 15:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-28 18:47 - 2012-05-11 15:34 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-28 18:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-04-28 18:45 - 2014-04-28 18:45 - 00000000 ____D () C:\NVIDIA
2014-04-28 18:15 - 2010-12-03 20:16 - 00000000 ____D () C:\Users\MaZZ21\AppData\Roaming\.minecraft
2014-04-28 18:00 - 2011-07-11 21:16 - 00000468 _____ () C:\Windows\Tasks\ParetoLogic Registration.job
2014-04-28 17:35 - 2010-01-31 11:25 - 00000869 ____R () C:\Windows\system32\Drivers\etc\hosts.20140428-181031.backup
2014-04-28 17:31 - 2014-04-28 17:35 - 00450643 ____R () C:\Windows\system32\Drivers\etc\hosts.20140428-173528.backup
2014-04-28 16:39 - 2010-10-02 17:57 - 00327520 _____ () C:\Windows\PFRO.log
2014-04-28 15:59 - 2014-04-28 15:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\MaZZ21\Downloads\rkill.exe
2014-04-28 15:32 - 2013-01-06 14:44 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-04-28 14:59 - 2011-03-10 14:37 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-04-28 14:59 - 2011-03-10 14:37 - 00009754 _____ () C:\Windows\LkmdfCoInst.log
2014-04-28 14:59 - 2011-03-10 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-04-28 14:58 - 2014-04-28 14:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-28 14:41 - 2014-04-28 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-04-28 14:41 - 2014-04-28 14:41 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-04-28 12:42 - 2014-04-28 12:42 - 00000000 ____D () C:\Users\MaZZ21\AppData\Roaming\LavasoftStatistics
2014-04-28 12:22 - 2014-04-28 12:22 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-04-27 23:20 - 2013-12-12 22:03 - 00000000 ____D () C:\Users\MaZZ21\AppData\Local\Battle.net
2014-04-27 13:53 - 2014-03-31 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-27 13:43 - 2011-05-01 13:24 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-27 13:07 - 2014-04-27 12:50 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-04-27 13:07 - 2013-04-10 16:10 - 00000000 __SHD () C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2014-04-27 13:07 - 2013-02-24 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-04-27 13:07 - 2011-09-09 14:33 - 00000000 ____D () C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2014-04-27 12:54 - 2013-04-10 16:10 - 00000000 ____D () C:\ProgramData\AVG
2014-04-27 12:52 - 2014-04-27 12:52 - 00000000 ____D () C:\Users\MaZZ21\AppData\Local\AVG
2014-04-27 12:52 - 2012-05-29 19:46 - 00000000 ____D () C:\Users\MaZZ21\AppData\Roaming\AVG
2014-04-25 01:37 - 2010-10-22 16:08 - 00000836 _____ () C:\Users\Public\Desktop\Paint.NET.lnk
2014-04-25 01:37 - 2010-10-22 16:08 - 00000836 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-04-25 00:55 - 2014-04-25 00:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-25 00:38 - 2012-04-26 03:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-23 16:20 - 2014-04-23 16:20 - 00051024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcomp100.dll
2014-04-23 14:16 - 2014-04-23 14:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-20 04:12 - 2010-10-02 17:37 - 00000000 ____D () C:\Users\MaZZ21
2014-04-18 18:07 - 2014-04-18 18:07 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-17 19:35 - 2010-11-08 23:40 - 00001760 _____ () C:\Users\MaZZ21\Desktop\LOL-DOC.txt
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-15 04:04 - 2013-06-12 18:25 - 00000000 ____D () C:\Users\MaZZ21\AppData\Local\Adobe
2014-04-14 04:24 - 2014-04-25 00:55 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-04-25 00:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-11 19:51 - 2013-12-18 14:45 - 00000000 ____D () C:\Users\MaZZ21\AppData\Roaming\vlc
2014-04-11 13:18 - 2013-12-12 22:03 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-10 14:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 11:21 - 2014-04-10 11:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-09 03:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-09 01:05 - 2013-07-25 20:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-07 14:17 - 2013-09-15 19:35 - 00000000 ____D () C:\Users\MaZZ21\AppData\Roaming\WordToPDF
2014-04-07 13:21 - 2009-07-14 12:53 - 00746486 _____ () C:\Windows\system32\perfh010.dat
2014-04-07 13:21 - 2009-07-14 12:53 - 00154606 _____ () C:\Windows\system32\perfc010.dat
2014-04-07 13:21 - 2009-07-14 07:13 - 01703982 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 16:46 - 2014-04-01 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-04-01 16:43 - 2014-04-01 16:43 - 00000000 ____D () C:\Users\MaZZ21\AppData\Local\Foxit Reader
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-31 03:51 - 2010-10-02 17:49 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-31 02:30 - 2010-10-03 14:57 - 00000000 ____D () C:\Windows\System32\Tasks\Games

Some content of TEMP:
====================
C:\Users\MaZZ21\AppData\Local\Temp\HitmanPro.exe
C:\Users\MaZZ21\AppData\Local\Temp\ntdll_dump.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-20 01:01

==================== End Of Log ============================
--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014
Ran by MaZZ21 at 2014-04-29 13:40:35
Running from C:\Users\MaZZ21\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

3DMark06 (HKLM-x32\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.2.0 - Futuremark Corporation)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{10813B5C-D346-C028-5550-220FA31EC809}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Venedig (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4577 - AVG Technologies)
AVG 2014 (Version: 14.0.3931 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4577 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 1.122.0 - EA Digital Illusions CE AB)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands GotY Edition (HKLM-x32\...\{71A88700-6CC4-4DA8-9B2A-1ADB24C6028B}_is1) (Version: 1.30 - pcblizzard)
Celestia 1.6.1 (HKLM-x32\...\Celestia_is1) (Version:  - Shatters Software)
Command & Conquer 3 (HKLM-x32\...\{B0C30E93-D3D9-4F04-A2AC-54749B573275}) (Version: 1.00.0000 - Ihr Firmenname)
Command & Conquer Red Alert 2 (HKLM-x32\...\Red Alert 2) (Version:  - )
Command & Conquer Teil 3: Operation Tiberian Sun (HKLM-x32\...\Tiberian Sun) (Version:  - )
Command & Conquer™ 3: Kanes Rache (HKLM-x32\...\{CC2422C9-F7B5-4175-B295-5EC2283AA674}) (Version: 1.00.0000 - Ihr Firmenname)
Command && Conquer Red Alert 2 - Yuri's Revenge (HKLM-x32\...\Yuri's Revenge) (Version:  - )
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DOOM 3: BFG Edition (HKLM-x32\...\Steam App 208200) (Version:  - id Software)
Driver Sweeper 2.1.0 (HKLM-x32\...\{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1) (Version:  - Phyxion.net)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
ForceBindIP (HKLM-x32\...\ForceBindIP) (Version:  - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FullRA Plus V3.03 (HKLM-x32\...\RA+ V3.03_is1) (Version: Plus - N3tRunn3r)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.17.0 - Futuremark Corporation)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Team Garry)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Logitech Gaming Software (Version: 8.20.74 - Logitech Inc.) Hidden
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.154 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.188 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.188 - LogMeIn, Inc.) Hidden
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios AB)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1036 - Marvell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Miranda IM 0.9.41 (HKLM-x32\...\Miranda IM) (Version:  - )
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 29.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0 (x86 en-US)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Control Panel 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenRA (HKLM-x32\...\OpenRA) (Version:  - OpenRA developers)
OpenTTD 1.2.1 (HKLM-x32\...\OpenTTD) (Version: 1.2.1 - OpenTTD)
Origin (HKLM-x32\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
OS SHP Builder 3.36 (HKLM-x32\...\OS SHP Builder 3.36) (Version:  - )
paint.net 4.0 Pre-Release (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version:  - TeamSpeak Systems GmbH)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
The Stanley Parable Demo (HKLM-x32\...\Steam App 247750) (Version:  - Galactic Cafe)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - )
Unreal Tournament 2004 (HKLM-x32\...\Unreal Tournament 2004_is1) (Version:  - GOG.com)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.5.0 - Flagship Industries, Inc.)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Voxel Section Editor III 1.38 (HKLM-x32\...\Voxel Section Editor III 1.38) (Version:  - )
Watson (HKLM-x32\...\{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}) (Version: 1.0.0 - Windows Live Safety Center)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Color Themes Pack 2.0 (HKLM-x32\...\Winamp Color Themes Pack) (Version: 2.0 - Paweł Porwisz)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wolfenstein - Enemy Territory (HKLM-x32\...\Wolfenstein - Enemy Territory) (Version:  - )
WordToPDF 2.9 (HKLM-x32\...\WordToPDF_is1) (Version: 2.9 - Mario Noack)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Worms Armageddon (HKLM-x32\...\Steam App 217200) (Version:  - Team17 Digital Ltd.)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
YTD Video Downloader 3.9.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 3.9.6 - GreenTree Applications SRL)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2010-01-31 11:25 - 2014-04-29 12:35 - 00450629 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        localhost
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {84A5E113-C7CD-4B0A-A23A-CA5034C5409D} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
Task: {B7B57352-B632-463F-AA0A-F3511A168FC0} - System32\Tasks\Ad-Aware Update (Weekly) => E:\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F51FB2E1-F185-4CA7-99C5-6A559FF790D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll

==================== Loaded Modules (whitelisted) =============

2014-04-28 18:47 - 2013-12-19 20:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-10-28 00:48 - 2012-05-12 23:18 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-11 20:21 - 2014-02-11 20:21 - 00860160 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-02-11 20:22 - 2014-02-11 20:22 - 01043968 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-02-11 20:21 - 2014-02-11 20:21 - 00052736 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-02-11 20:22 - 2014-02-11 20:22 - 00236032 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\MaZZ21\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-23 14:16 - 2014-04-23 14:16 - 03845232 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:24051EFF
AlternateDataStreams: C:\ProgramData\TEMP:63238B95
AlternateDataStreams: C:\ProgramData\TEMP:EC2E1DEC

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^MaZZ21^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk => C:\Windows\pss\Logitech . Produktregistrierung.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MaZZ21^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^net.lnk => C:\Windows\pss\net.lnk.Startup
MSCONFIG\startupreg: MessengerPlusForSkypeService => "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: PlusService => C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
MSCONFIG\startupreg: RunDLLEntry => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: AJQHNXQJ IDE Controller
Description: AJQHNXQJ IDE Controller
Class Guid:
Manufacturer:
Service: aa5g2hjz
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Description: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/28/2014 02:58:36 PM) (Source: MsiInstaller) (User: game2)
Description: Product: Logitech Gaming Software -- Error 1101. Error reading from file: C:\Users\MaZZ21\AppData\Local\Temp\Uninstall_x64.vbs.  System error 2.  Verify that the file exists and that you can access it.

Error: (04/13/2014 07:43:55 PM) (Source: MsiInstaller) (User: game2)
Description: Product: Logitech Gaming Software -- Error 1101. Error reading from file: C:\Users\MaZZ21\AppData\Local\Temp\Uninstall_x64.vbs.  System error 2.  Verify that the file exists and that you can access it.

Error: (04/01/2014 04:48:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: Foxit Reader.exe, version: 6.1.4.217, time stamp: 0x5301d8a7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1530
Faulting application start time: 0xFoxit Reader.exe0
Faulting application path: Foxit Reader.exe1
Faulting module path: Foxit Reader.exe2
Report Id: Foxit Reader.exe3

Error: (04/01/2014 04:45:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: Foxit Reader.exe, version: 6.1.2.1224, time stamp: 0x52cbd71c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x14fc
Faulting application start time: 0xFoxit Reader.exe0
Faulting application path: Foxit Reader.exe1
Faulting module path: Foxit Reader.exe2
Report Id: Foxit Reader.exe3

Error: (04/01/2014 04:44:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: Foxit Reader.exe, version: 6.1.2.1224, time stamp: 0x52cbd71c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xd24
Faulting application start time: 0xFoxit Reader.exe0
Faulting application path: Foxit Reader.exe1
Faulting module path: Foxit Reader.exe2
Report Id: Foxit Reader.exe3

Error: (04/01/2014 04:43:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: Foxit Reader.exe, version: 6.1.2.1224, time stamp: 0x52cbd71c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x130c
Faulting application start time: 0xFoxit Reader.exe0
Faulting application path: Foxit Reader.exe1
Faulting module path: Foxit Reader.exe2
Report Id: Foxit Reader.exe3

Error: (03/18/2014 11:12:09 PM) (Source: MsiInstaller) (User: game2)
Description: Product: Logitech Gaming Software -- Error 1101. Error reading from file: C:\Users\MaZZ21\AppData\Local\Temp\Uninstall_x64.vbs.  System error 2.  Verify that the file exists and that you can access it.

Error: (03/12/2014 04:10:10 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 27.0.1.5156 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d5c

Start Time: 01cf3df76b72fb4a

Termination Time: 63

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 03192029-a9f0-11e3-a902-6cf0495833a0

Error: (02/27/2014 08:46:13 PM) (Source: Application Hang) (User: )
Description: The program Diablo III Launcher.exe version 1.9.1.2110 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c90

Start Time: 01cf33ebf8b7c393

Termination Time: 10

Application Path: T:\Games\Diablo III\Diablo III\Diablo III Launcher.exe

Report Id: 6d1c4316-9fdf-11e3-9ecc-6cf0495833a0

Error: (02/14/2014 08:03:49 PM) (Source: Application Hang) (User: )
Description: The program javaw.exe version 7.0.450.18 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 38c

Start Time: 01cf29aeb9d9f32c

Termination Time: 40

Application Path: C:\Program Files\Java\jre7\bin\javaw.exe

Report Id: 571662bc-95a2-11e3-a5c4-6cf0495833a0


System errors:
=============
Error: (04/29/2014 05:35:50 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error:
%%1053

Error: (04/29/2014 05:35:50 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.

Error: (04/29/2014 04:04:58 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/29/2014 04:04:58 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/29/2014 04:04:58 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/29/2014 04:04:58 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/29/2014 04:04:58 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/29/2014 04:04:57 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/29/2014 04:04:57 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/29/2014 04:04:56 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (04/28/2014 02:58:36 PM) (Source: MsiInstaller)(User: game2)
Description: Product: Logitech Gaming Software -- Error 1101. Error reading from file: C:\Users\MaZZ21\AppData\Local\Temp\Uninstall_x64.vbs.  System error 2.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/13/2014 07:43:55 PM) (Source: MsiInstaller)(User: game2)
Description: Product: Logitech Gaming Software -- Error 1101. Error reading from file: C:\Users\MaZZ21\AppData\Local\Temp\Uninstall_x64.vbs.  System error 2.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/01/2014 04:48:49 PM) (Source: Application Error)(User: )
Description: Foxit Reader.exe6.1.4.2175301d8a7unknown0.0.0.000000000c000000500000000153001cf4db9748fc4e1C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exeunknownbba7dffc-b9ac-11e3-8a3f-6cf0495833a0

Error: (04/01/2014 04:45:02 PM) (Source: Application Error)(User: )
Description: Foxit Reader.exe6.1.2.122452cbd71cunknown0.0.0.000000000c00000050000000014fc01cf4db8dac809f9C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exeunknown34976945-b9ac-11e3-8a3f-6cf0495833a0

Error: (04/01/2014 04:44:15 PM) (Source: Application Error)(User: )
Description: Foxit Reader.exe6.1.2.122452cbd71cunknown0.0.0.000000000c000000500000000d2401cf4db8d0cdb6d2C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exeunknown1882fc5a-b9ac-11e3-8a3f-6cf0495833a0

Error: (04/01/2014 04:43:51 PM) (Source: Application Error)(User: )
Description: Foxit Reader.exe6.1.2.122452cbd71cunknown0.0.0.000000000c000000500000000130c01cf4db8bcacd055C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exeunknown0a1967cd-b9ac-11e3-8a3f-6cf0495833a0

Error: (03/18/2014 11:12:09 PM) (Source: MsiInstaller)(User: game2)
Description: Product: Logitech Gaming Software -- Error 1101. Error reading from file: C:\Users\MaZZ21\AppData\Local\Temp\Uninstall_x64.vbs.  System error 2.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/12/2014 04:10:10 PM) (Source: Application Hang)(User: )
Description: firefox.exe27.0.1.5156d5c01cf3df76b72fb4a63C:\Program Files (x86)\Mozilla Firefox\firefox.exe03192029-a9f0-11e3-a902-6cf0495833a0

Error: (02/27/2014 08:46:13 PM) (Source: Application Hang)(User: )
Description: Diablo III Launcher.exe1.9.1.2110c9001cf33ebf8b7c39310T:\Games\Diablo III\Diablo III\Diablo III Launcher.exe6d1c4316-9fdf-11e3-9ecc-6cf0495833a0

Error: (02/14/2014 08:03:49 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.450.1838c01cf29aeb9d9f32c40C:\Program Files\Java\jre7\bin\javaw.exe571662bc-95a2-11e3-a5c4-6cf0495833a0


CodeIntegrity Errors:
===================================
  Date: 2013-01-26 17:40:56.214
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\MaZZ21\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-26 17:40:56.167
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\MaZZ21\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-26 17:40:55.761
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-26 17:40:55.714
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-04 15:46:33.023
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\MaZZ21\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-04 15:46:33.007
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\MaZZ21\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-04 15:46:32.750
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-04 15:46:32.733
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-04 15:33:38.023
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\MaZZ21\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-04 15:33:38.001
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\MaZZ21\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 8189.48 MB
Available physical RAM: 4479.01 MB
Total Pagefile: 10747.66 MB
Available Pagefile: 7581.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:34.98 GB) (Free:9.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:78.08 GB) (Free:26.99 GB) NTFS
Drive e: () (Fixed) (Total:73.24 GB) (Free:37.82 GB) NTFS
Drive t: () (Fixed) (Total:1862.89 GB) (Free:1710.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186 GB) (Disk ID: 16371637)
Partition 1: (Active) - (Size=35 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=151 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

cosinus 29.04.2014 12:54
Zitat:
Andere logs hab ich leider nicht
Und was mit Malwarebytes und AVG?

MaZZ21 29.04.2014 12:56
Bin gerade am scannen mit diesen programmen.

Edit1: AVG hat nix gefunden.

cosinus 29.04.2014 13:08
Es steht hier nirgends du sollst neue Scans machen! Bitte mein erstes Posting lesen

Du solltest AVG und Malwarebytes nach Logs mit durchforsten

Zitat:
Zitat von cosinus
Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

MaZZ21 29.04.2014 13:19
Konnte leider keine logs von AVG und Malwarebytes finden.

cosinus 29.04.2014 13:22
Bei MBAM bitte mal richtig nachsehen

http://img.trojaner-board.de/alle-lo...-alle-logs.png

MaZZ21 29.04.2014 13:24
Hatte ich aber dummerweise war bei der option die logs zu speichern kein harken gesetzt, deswegen waren dort keine logs drin. In der Quarantäne befinden sich noch die zwei sachen, die gefunden wurden. Mit dem Namen PUP.Optional.Conduit.A.

cosinus 29.04.2014 13:37
Adware/Junkware/Toolbars entfernen

Alle Tools neu runterladen!


1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


MaZZ21 29.04.2014 21:27
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 29.04.2014
Suchlauf-Zeit: 14:59:03
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.29.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: MaZZ21

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 257707
Verstrichene Zeit: 15 Min, 3 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Tiefer Rootkit-Suchlauf: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 1
PUP.Optional.Conduit.A, C:\Users\MaZZ21\AppData\Roaming\Mozilla\Firefox\Profiles\1jx9uaim.default\searchplugins\conduit-search.xml, In Quarantäne, [4bb545bb15eb37c99e5d6616ab5713ed],

Physische Sektoren: 0
(No malicious items detected)


(end)
Ist in italienisch weil die sprache vorher so war.:D
Code:
# AdwCleaner v3.205 - Rapporto creato 29/04/2014 in 15:20:13
# Aggiornato 28/04/2014 di Xplode
# Sistema operativo : Windows 7 Ultimate Service Pack 1 (64 bits)
# Nome utente : MaZZ21 - GAME2
# In esecuzione da : C:\Users\MaZZ21\AppData\Local\Temp\dlmC65A.tmp\adwcleaner.exe
# Opzione : Pulisci

***** [ Servizi ] *****

[#] Servizio Eliminato : BackupStack
Servizio Eliminato : CltMngSvc

***** [ File / Cartelle ] *****

Cartella Eliminato : C:\Program Files (x86)\MyPC Backup
Cartella Eliminato : C:\Program Files (x86)\SearchProtect
Cartella Eliminato : C:\Users\MaZZ21\AppData\Local\SearchProtect
Cartella Eliminato : C:\Users\MaZZ21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
File Eliminato : C:\Users\MaZZ21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Eliminato : C:\Users\MaZZ21\Desktop\MyPC Backup.lnk
File Eliminato : C:\Users\MaZZ21\AppData\Roaming\Mozilla\Firefox\Profiles\1jx9uaim.default\searchplugins\conduit-search.xml

***** [ Collegamenti ] *****


***** [ Registro ] *****

Chiave Eliminati : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Chiave Eliminati : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Chiave Eliminati : HKCU\Software\OCS
Chiave Eliminati : HKCU\Software\AppDataLow\Software\adawarebp
Chiave Eliminati : HKLM\Software\SearchProtect
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Dato Eliminati : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Dato Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041

Impostazioni Ripristinato : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v29.0 (en-US)

[ File : C:\Users\MaZZ21\AppData\Roaming\Mozilla\Firefox\Profiles\1jx9uaim.default\prefs.js ]

Riga eliminata : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M67CE1855-9C15-4247-B8C9-968CC2337CA5&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPFF271243-821[...]
Riga eliminata : user_pref("browser.search.defaultenginename", "Conduit Search");
Riga eliminata : user_pref("browser.search.selectedEngine", "Conduit Search");
Riga eliminata : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M67CE1855-9C15-4247-B8C9-968CC2337CA5&SearchSource=55&CUI=&UM=5&UP=SPFF271243-821F-4D23[...]

[ File : C:\Users\MaZZ21\AppData\Roaming\Mozilla\Firefox\Profiles\bq6ok74a.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3633 octets] - [29/04/2014 15:19:35]
AdwCleaner[S0].txt - [3376 octets] - [29/04/2014 15:20:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3436 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by MaZZ21 on 29.04.2014 at 15:34:16,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yuna software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\msgplusforskype.skinpack
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\messenger plus! for skype_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\messenger plus! for skype_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\plusskypeservice_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\plusskypeservice_rasmancs



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ FireFox

Emptied folder: C:\Users\MaZZ21\AppData\Roaming\mozilla\firefox\profiles\1jx9uaim.default\minidumps [12 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.04.2014 at 15:39:06,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hatte vergessen zu sagen, das AVG den Trojan Horse Small.FHT gefunden hatte und entfernt hatte.

Hatte ganz vergessen diesen log anzuhängen.

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014
Ran by MaZZ21 (administrator) on GAME2 on 29-04-2014 22:16:36
Running from C:\Users\MaZZ21\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Italian Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dropbox, Inc.) C:\Users\MaZZ21\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
( ) E:\Miranda IM\miranda32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-15] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)
HKU\S-1-5-21-3326291706-2201942250-4221259721-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [33120 2010-08-20] (Alcohol Soft Development Team)
HKU\S-1-5-21-3326291706-2201942250-4221259721-1000\...\MountPoints2: {e73d39d1-ce38-11df-bc2b-806e6f6e6963} - F:\Autorun.exe
Startup: C:\Users\MaZZ21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\MaZZ21\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x52E93BEA948ECB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{A7A98D77-7490-4573-B896-2448FB862755}: [NameServer]192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\MaZZ21\AppData\Roaming\Mozilla\Firefox\Profiles\gf6ocrjc.default-1398793440428
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.6 - E:\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - E:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - E:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - E:\VLC\npvlc.dll (VideoLAN)
FF Extension: Adblock Plus - C:\Users\MaZZ21\AppData\Roaming\Mozilla\Firefox\Profiles\gf6ocrjc.default-1398793440428\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-29]
FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird\

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-05-12] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
S3 SXDS10; "C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe" \Service [X]

==================== Drivers (Whitelisted) ====================

S3 arusb_win7x; C:\Windows\System32\DRIVERS\arusb_win7x.sys [769024 2009-11-26] (Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-12-01] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-12-06] (GFI Software)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-08-29] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-12-01] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564792 2012-01-29] (Duplex Secure Ltd.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [44848 2011-05-16] (Oracle Corporation)
U3 ab3zohzw; C:\Windows\System32\Drivers\ab3zohzw.sys [0 ] (Advanced Micro Devices)
U3 axdmx8n5; No ImagePath
S3 amdkmdag; system32\DRIVERS\atikmdag.sys [X]
S3 cpuz130; \??\C:\Users\MaZZ21\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-29 20:26 - 2014-04-29 20:26 - 00540072 _____ (Neuber Software) C:\Users\MaZZ21\Downloads\SvchostAnalyzer.exe
2014-04-29 15:34 - 2014-04-29 15:34 - 00000000 ____D () C:\Windows\ERUNT
2014-04-29 15:33 - 2014-04-29 15:34 - 01016261 _____ (Thisisu) C:\Users\MaZZ21\Downloads\JRT.exe
2014-04-29 15:19 - 2014-04-29 17:44 - 00000000 ____D () C:\AdwCleaner
2014-04-29 15:10 - 2014-04-29 15:10 - 00929416 _____ (CNET Download.com) C:\Users\MaZZ21\Downloads\cbsidlm-cbsi188-AdwCleaner-ORG-75851221.exe
2014-04-29 14:57 - 2014-04-29 14:57 - 01310621 _____ () C:\Users\MaZZ21\Downloads\adwcleaner(1).exe
2014-04-29 14:55 - 2014-04-29 14:55 - 01310621 _____ () C:\Users\MaZZ21\Downloads\adwcleaner.exe
2014-04-29 14:41 - 2014-04-29 22:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 14:41 - 2014-04-29 14:41 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-29 14:41 - 2014-04-29 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-29 14:41 - 2014-04-29 14:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-29 14:41 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-29 14:41 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-29 13:40 - 2014-04-29 13:41 - 00036384 _____ () C:\Users\MaZZ21\Downloads\Addition.txt
2014-04-29 12:28 - 2014-04-29 22:16 - 00013018 _____ () C:\Users\MaZZ21\Downloads\FRST.txt
2014-04-29 12:28 - 2014-04-29 22:16 - 00000000 ____D () C:\FRST
2014-04-29 12:27 - 2014-04-29 12:28 - 02061824 _____ (Farbar) C:\Users\MaZZ21\Downloads\FRST64.exe
2014-04-29 03:11 - 2014-04-29 03:11 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\MaZZ21\Downloads\rkill64.exe
2014-04-29 00:42 - 2014-04-29 01:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-29 00:21 - 2014-04-29 00:21 - 04527616 _____ () C:\Users\MaZZ21\Downloads\RogueKillerX64.exe
2014-04-28 23:56 - 2014-04-28 23:56 - 01243655 _____ () C:\Users\MaZZ21\Downloads\processexplorer.zip
2014-04-28 18:47 - 2014-04-28 18:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-28 18:47 - 2013-12-19 20:53 - 06671648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-04-28 18:47 - 2013-12-19 20:53 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-04-28 18:47 - 2013-12-19 20:53 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-04-28 18:47 - 2013-12-19 20:53 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-04-28 18:47 - 2013-12-19 20:53 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-04-28 18:47 - 2013-12-19 07:01 - 03539040 _____ () C:\Windows\system32\nvcoproc.bin
2014-04-28 18:46 - 2013-12-19 22:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-04-28 18:46 - 2013-12-19 22:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 03071656 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 02698272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-04-28 18:46 - 2013-12-19 22:33 - 00023754 _____ () C:\Windows\system32\nvinfo.pb
2014-04-28 18:45 - 2014-04-28 18:45 - 00000000 ____D () C:\NVIDIA
2014-04-28 17:35 - 2014-04-28 17:31 - 00450643 ____R () C:\Windows\system32\Drivers\etc\hosts.20140428-173528.backup
2014-04-28 15:59 - 2014-04-28 15:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\MaZZ21\Downloads\rkill.exe
2014-04-28 14:58 - 2014-04-28 14:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-28 14:41 - 2014-04-28 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-04-28 14:41 - 2014-04-28 14:41 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-04-28 12:42 - 2014-04-28 12:42 - 00000000 ____D () C:\Users\MaZZ21\AppData\Roaming\LavasoftStatistics
2014-04-28 12:22 - 2014-04-28 12:22 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-04-27 12:52 - 2014-04-27 12:52 - 00000000 ____D () C:\Users\MaZZ21\AppData\Local\AVG
2014-04-27 12:50 - 2014-04-27 13:07 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-04-25 00:55 - 2014-04-25 00:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-25 00:55 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-25 00:55 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-23 16:20 - 2014-04-23 16:20 - 00051024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcomp100.dll
2014-04-23 14:16 - 2014-04-23 14:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-18 18:07 - 2014-04-18 18:07 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-10 11:21 - 2014-04-29 18:09 - 00002880 _____ () C:\Windows\setupact.log
2014-04-10 11:21 - 2014-04-10 11:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-09 01:05 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 01:05 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 01:05 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-09 01:05 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 01:05 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-09 01:05 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-09 01:05 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-09 01:05 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 01:05 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 01:05 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-09 01:05 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 01:05 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 01:05 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-09 01:05 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-09 01:05 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-09 01:05 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-09 01:05 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 01:05 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-09 01:05 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-09 01:05 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-09 01:05 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-09 01:05 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-09 01:05 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-09 01:05 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-09 01:05 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-09 01:05 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-09 01:05 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-09 01:05 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-09 01:05 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-09 01:05 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-09 01:05 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-09 01:05 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-09 01:05 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-09 01:05 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 01:05 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-09 01:05 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-09 01:05 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-09 01:05 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-09 01:05 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 01:05 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-09 01:05 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-09 01:05 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-09 01:05 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 01:05 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 01:05 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-09 01:05 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-09 01:05 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-09 01:05 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 01:03 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 01:03 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 01:03 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 01:03 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 01:03 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 01:03 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 01:03 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 01:03 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 01:03 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 01:03 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 01:03 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 01:03 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 01:03 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 01:03 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 01:03 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 01:03 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 01:02 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-01 16:46 - 2014-04-01 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-04-01 16:43 - 2014-04-01 16:43 - 00000000 ____D () C:\Users\MaZZ21\AppData\Local\Foxit Reader
2014-03-31 19:19 - 2014-04-27 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys

==================== One Month Modified Files and Folders =======

2014-04-29 22:16 - 2014-04-29 12:28 - 00013018 _____ () C:\Users\MaZZ21\Downloads\FRST.txt
2014-04-29 22:16 - 2014-04-29 12:28 - 00000000 ____D () C:\FRST
2014-04-29 22:04 - 2014-04-29 14:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 21:49 - 2013-08-27 14:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-29 20:52 - 2014-03-06 23:53 - 02925760 _____ (Sysinternals - www.sysinternals.com) C:\Users\MaZZ21\Desktop\procexp.exe
2014-04-29 20:26 - 2014-04-29 20:26 - 00540072 _____ (Neuber Software) C:\Users\MaZZ21\Downloads\SvchostAnalyzer.exe
2014-04-29 19:57 - 2010-10-02 19:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-29 19:42 - 2010-10-02 17:26 - 01666958 _____ () C:\Windows\WindowsUpdate.log
2014-04-29 19:14 - 2009-07-14 06:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-29 19:14 - 2009-07-14 06:45 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-29 18:48 - 2011-05-23 02:57 - 00007586 _____ () C:\Users\MaZZ21\AppData\Local\resmon.resmoncfg
2014-04-29 18:10 - 2013-07-27 22:34 - 00000000 ___RD () C:\Users\MaZZ21\Dropbox
2014-04-29 18:10 - 2013-07-27 22:32 - 00000000 ____D () C:\Users\MaZZ21\AppData\Roaming\Dropbox
2014-04-29 18:09 - 2014-04-10 11:21 - 00002880 _____ () C:\Windows\setupact.log
2014-04-29 18:09 - 2010-10-04 13:03 - 00000000 ____D () C:\Users\MaZZ21\AppData\Local\LogMeIn Hamachi
2014-04-29 18:09 - 2010-10-02 17:57 - 00332698 _____ () C:\Windows\PFRO.log
2014-04-29 18:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-29 18:00 - 2011-07-11 21:16 - 00000468 _____ () C:\Windows\Tasks\ParetoLogic Registration.job
2014-04-29 17:44 - 2014-04-29 15:19 - 00000000 ____D () C:\AdwCleaner
2014-04-29 17:11 - 2009-07-14 07:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-29 15:34 - 2014-04-29 15:34 - 00000000 ____D () C:\Windows\ERUNT
2014-04-29 15:34 - 2014-04-29 15:33 - 01016261 _____ (Thisisu) C:\Users\MaZZ21\Downloads\JRT.exe
2014-04-29 15:20 - 2010-10-02 17:38 - 00000000 ___RD () C:\Users\MaZZ21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-29 15:10 - 2014-04-29 15:10 - 00929416 _____ (CNET Download.com) C:\Users\MaZZ21\Downloads\cbsidlm-cbsi188-AdwCleaner-ORG-75851221.exe
2014-04-29 14:57 - 2014-04-29 14:57 - 01310621 _____ () C:\Users\MaZZ21\Downloads\adwcleaner(1).exe
2014-04-29 14:55 - 2014-04-29 14:55 - 01310621 _____ () C:\Users\MaZZ21\Downloads\adwcleaner.exe
2014-04-29 14:41 - 2014-04-29 14:41 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-29 14:41 - 2014-04-29 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-29 14:41 - 2014-04-29 14:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-29 14:41 - 2010-10-09 18:22 - 00000000 ____D () C:\Users\MaZZ21\AppData\Roaming\Malwarebytes
2014-04-29 14:41 - 2010-10-09 18:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-29 13:52 - 2011-01-04 13:48 - 00000000 ____D () C:\Users\MaZZ21\Tracing
2014-04-29 13:41 - 2014-04-29 13:40 - 00036384 _____ () C:\Users\MaZZ21\Downloads\Addition.txt
2014-04-29 12:28 - 2014-04-29 12:27 - 02061824 _____ (Farbar) C:\Users\MaZZ21\Downloads\FRST64.exe
2014-04-29 04:49 - 2013-08-27 14:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 04:49 - 2013-08-27 14:03 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 04:49 - 2013-08-27 14:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 04:39 - 2010-10-02 17:37 - 00000000 ____D () C:\Users\MaZZ21\AppData\Local\VirtualStore
2014-04-29 03:19 - 2010-01-31 11:25 - 00000741 ____R () C:\Windows\system32\Drivers\etc\hosts.20140429-032844.backup
2014-04-29 03:11 - 2014-04-29 03:11 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\MaZZ21\Downloads\rkill64.exe
2014-04-29 01:01 - 2014-04-29 00:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-29 00:29 - 2010-01-31 11:25 - 00000741 ____R () C:\Windows\system32\Drivers\etc\hosts.20140429-030857.backup
2014-04-29 00:21 - 2014-04-29 00:21 - 04527616 _____ () C:\Users\MaZZ21\Downloads\RogueKillerX64.exe
2014-04-28 23:56 - 2014-04-28 23:56 - 01243655 _____ () C:\Users\MaZZ21\Downloads\processexplorer.zip
2014-04-28 23:52 - 2014-01-21 00:25 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-04-28 18:47 - 2014-04-28 18:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-28 18:47 - 2014-02-28 17:41 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-28 18:47 - 2012-05-11 15:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-28 18:47 - 2012-05-11 15:34 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-28 18:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-04-28 18:45 - 2014-04-28 18:45 - 00000000 ____D () C:\NVIDIA
2014-04-28 18:15 - 2010-12-03 20:16 - 00000000 ____D () C:\Users\MaZZ21\AppData\Roaming\.minecraft
2014-04-28 17:35 - 2010-01-31 11:25 - 00000869 ____R () C:\Windows\system32\Drivers\etc\hosts.20140428-181031.backup
2014-04-28 17:31 - 2014-04-28 17:35 - 00450643 ____R () C:\Windows\system32\Drivers\etc\hosts.20140428-173528.backup
2014-04-28 15:59 - 2014-04-28 15:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\MaZZ21\Downloads\rkill.exe
2014-04-28 15:32 - 2013-01-06 14:44 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-04-28 14:59 - 2011-03-10 14:37 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-04-28 14:59 - 2011-03-10 14:37 - 00009754 _____ () C:\Windows\LkmdfCoInst.log
2014-04-28 14:59 - 2011-03-10 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-04-28 14:58 - 2014-04-28 14:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-28 14:41 - 2014-04-28 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-04-28 14:41 - 2014-04-28 14:41 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-04-28 12:42 - 2014-04-28 12:42 - 00000000 ____D () C:\Users\MaZZ21\AppData\Roaming\LavasoftStatistics
2014-04-28 12:22 - 2014-04-28 12:22 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-04-27 23:20 - 2013-12-12 22:03 - 00000000 ____D () C:\Users\MaZZ21\AppData\Local\Battle.net
2014-04-27 13:53 - 2014-03-31 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-27 13:43 - 2011-05-01 13:24 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-27 13:07 - 2014-04-27 12:50 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-04-27 13:07 - 2013-04-10 16:10 - 00000000 __SHD () C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2014-04-27 13:07 - 2013-02-24 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-04-27 13:07 - 2011-09-09 14:33 - 00000000 ____D () C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2014-04-27 12:54 - 2013-04-10 16:10 - 00000000 ____D () C:\ProgramData\AVG
2014-04-27 12:52 - 2014-04-27 12:52 - 00000000 ____D () C:\Users\MaZZ21\AppData\Local\AVG
2014-04-27 12:52 - 2012-05-29 19:46 - 00000000 ____D () C:\Users\MaZZ21\AppData\Roaming\AVG
2014-04-25 01:37 - 2010-10-22 16:08 - 00000836 _____ () C:\Users\Public\Desktop\Paint.NET.lnk
2014-04-25 01:37 - 2010-10-22 16:08 - 00000836 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-04-25 00:55 - 2014-04-25 00:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-25 00:38 - 2012-04-26 03:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-23 16:20 - 2014-04-23 16:20 - 00051024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcomp100.dll
2014-04-23 14:16 - 2014-04-23 14:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-20 04:12 - 2010-10-02 17:37 - 00000000 ____D () C:\Users\MaZZ21
2014-04-18 18:07 - 2014-04-18 18:07 - 00000000 ____D () C:\ProgramData\Avg_Update_0414b
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-17 19:35 - 2010-11-08 23:40 - 00001760 _____ () C:\Users\MaZZ21\Desktop\LOL-DOC.txt
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-16 13:06 - 2014-04-16 13:06 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-15 04:04 - 2013-06-12 18:25 - 00000000 ____D () C:\Users\MaZZ21\AppData\Local\Adobe
2014-04-14 04:24 - 2014-04-25 00:55 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-04-25 00:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-11 19:51 - 2013-12-18 14:45 - 00000000 ____D () C:\Users\MaZZ21\AppData\Roaming\vlc
2014-04-11 13:18 - 2013-12-12 22:03 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-10 14:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 11:21 - 2014-04-10 11:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-09 03:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-09 01:05 - 2013-07-25 20:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-07 14:17 - 2013-09-15 19:35 - 00000000 ____D () C:\Users\MaZZ21\AppData\Roaming\WordToPDF
2014-04-07 13:21 - 2009-07-14 12:53 - 00746486 _____ () C:\Windows\system32\perfh010.dat
2014-04-07 13:21 - 2009-07-14 12:53 - 00154606 _____ () C:\Windows\system32\perfc010.dat
2014-04-07 13:21 - 2009-07-14 07:13 - 01703982 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 09:51 - 2014-04-29 14:41 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-29 14:41 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2010-10-09 18:22 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 16:46 - 2014-04-01 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-04-01 16:43 - 2014-04-01 16:43 - 00000000 ____D () C:\Users\MaZZ21\AppData\Local\Foxit Reader
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-31 03:51 - 2010-10-02 17:49 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-31 02:30 - 2010-10-03 14:57 - 00000000 ____D () C:\Windows\System32\Tasks\Games

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 19:36

==================== End Of Log ============================
--- --- ---

--- --- ---

cosinus 29.04.2014 21:41
Bitte auch ein neues Addition.txt Logfile. Haken setzen bei addition.txt dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

MaZZ21 30.04.2014 12:30
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014
Ran by MaZZ21 at 2014-04-30 13:26:24
Running from C:\Users\MaZZ21\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

3DMark06 (HKLM-x32\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.2.0 - Futuremark Corporation)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{10813B5C-D346-C028-5550-220FA31EC809}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Venedig (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4577 - AVG Technologies)
AVG 2014 (Version: 14.0.3931 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4577 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 1.122.0 - EA Digital Illusions CE AB)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands GotY Edition (HKLM-x32\...\{71A88700-6CC4-4DA8-9B2A-1ADB24C6028B}_is1) (Version: 1.30 - pcblizzard)
Celestia 1.6.1 (HKLM-x32\...\Celestia_is1) (Version:  - Shatters Software)
Command & Conquer 3 (HKLM-x32\...\{B0C30E93-D3D9-4F04-A2AC-54749B573275}) (Version: 1.00.0000 - Ihr Firmenname)
Command & Conquer Red Alert 2 (HKLM-x32\...\Red Alert 2) (Version:  - )
Command & Conquer Teil 3: Operation Tiberian Sun (HKLM-x32\...\Tiberian Sun) (Version:  - )
Command & Conquer™ 3: Kanes Rache (HKLM-x32\...\{CC2422C9-F7B5-4175-B295-5EC2283AA674}) (Version: 1.00.0000 - Ihr Firmenname)
Command && Conquer Red Alert 2 - Yuri's Revenge (HKLM-x32\...\Yuri's Revenge) (Version:  - )
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DOOM 3: BFG Edition (HKLM-x32\...\Steam App 208200) (Version:  - id Software)
Driver Sweeper 2.1.0 (HKLM-x32\...\{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1) (Version:  - Phyxion.net)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
ForceBindIP (HKLM-x32\...\ForceBindIP) (Version:  - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FullRA Plus V3.03 (HKLM-x32\...\RA+ V3.03_is1) (Version: Plus - N3tRunn3r)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.17.0 - Futuremark Corporation)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Team Garry)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Logitech Gaming Software (Version: 8.20.74 - Logitech Inc.) Hidden
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.154 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.188 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.188 - LogMeIn, Inc.) Hidden
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios AB)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1036 - Marvell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Miranda IM 0.9.41 (HKLM-x32\...\Miranda IM) (Version:  - )
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 29.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0 (x86 en-US)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 en-US)) (Version: 24.5.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Control Panel 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenRA (HKLM-x32\...\OpenRA) (Version:  - OpenRA developers)
OpenTTD 1.2.1 (HKLM-x32\...\OpenTTD) (Version: 1.2.1 - OpenTTD)
Origin (HKLM-x32\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
OS SHP Builder 3.36 (HKLM-x32\...\OS SHP Builder 3.36) (Version:  - )
paint.net 4.0 Pre-Release (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version:  - TeamSpeak Systems GmbH)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
The Stanley Parable Demo (HKLM-x32\...\Steam App 247750) (Version:  - Galactic Cafe)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - )
Unreal Tournament 2004 (HKLM-x32\...\Unreal Tournament 2004_is1) (Version:  - GOG.com)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.5.0 - Flagship Industries, Inc.)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Voxel Section Editor III 1.38 (HKLM-x32\...\Voxel Section Editor III 1.38) (Version:  - )
Watson (HKLM-x32\...\{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}) (Version: 1.0.0 - Windows Live Safety Center)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Color Themes Pack 2.0 (HKLM-x32\...\Winamp Color Themes Pack) (Version: 2.0 - Paweł Porwisz)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wolfenstein - Enemy Territory (HKLM-x32\...\Wolfenstein - Enemy Territory) (Version:  - )
WordToPDF 2.9 (HKLM-x32\...\WordToPDF_is1) (Version: 2.9 - Mario Noack)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Worms Armageddon (HKLM-x32\...\Steam App 217200) (Version:  - Team17 Digital Ltd.)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
YTD Video Downloader 3.9.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 3.9.6 - GreenTree Applications SRL)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2010-01-31 11:25 - 2014-04-29 12:35 - 00450629 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1        localhost
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {84A5E113-C7CD-4B0A-A23A-CA5034C5409D} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
Task: {B7B57352-B632-463F-AA0A-F3511A168FC0} - System32\Tasks\Ad-Aware Update (Weekly) => E:\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F51FB2E1-F185-4CA7-99C5-6A559FF790D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll

==================== Loaded Modules (whitelisted) =============

2014-04-28 18:47 - 2013-12-19 20:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-11 20:21 - 2014-02-11 20:21 - 00860160 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-02-11 20:22 - 2014-02-11 20:22 - 01043968 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-02-11 20:21 - 2014-02-11 20:21 - 00052736 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-02-11 20:22 - 2014-02-11 20:22 - 00236032 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2011-10-28 00:48 - 2012-05-12 23:18 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\MaZZ21\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:24051EFF
AlternateDataStreams: C:\ProgramData\TEMP:63238B95
AlternateDataStreams: C:\ProgramData\TEMP:EC2E1DEC

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^MaZZ21^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk => C:\Windows\pss\Logitech . Produktregistrierung.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MaZZ21^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^net.lnk => C:\Windows\pss\net.lnk.Startup
MSCONFIG\startupreg: MessengerPlusForSkypeService => "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: PlusService => C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
MSCONFIG\startupreg: RunDLLEntry => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: AJQHNXQJ IDE Controller
Description: AJQHNXQJ IDE Controller
Class Guid:
Manufacturer:
Service: aebn50v5
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Description: Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (04/30/2014 01:21:19 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error:
%%1053

Error: (04/30/2014 01:21:19 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-01-26 17:40:56.214
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\MaZZ21\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-26 17:40:56.167
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\MaZZ21\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-26 17:40:55.761
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-26 17:40:55.714
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-04 15:46:33.023
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\MaZZ21\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-04 15:46:33.007
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\MaZZ21\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-04 15:46:32.750
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-04 15:46:32.733
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-04 15:33:38.023
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\MaZZ21\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-04 15:33:38.001
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\MaZZ21\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8189.48 MB
Available physical RAM: 6054.43 MB
Total Pagefile: 16889.13 MB
Available Pagefile: 14824.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:34.98 GB) (Free:9.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:78.08 GB) (Free:26.99 GB) NTFS
Drive e: () (Fixed) (Total:73.24 GB) (Free:39.84 GB) NTFS
Drive t: () (Fixed) (Total:1862.89 GB) (Free:1702.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186 GB) (Disk ID: 16371637)
Partition 1: (Active) - (Size=35 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=151 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

cosinus 30.04.2014 13:19
Okay, dann bitte Kontrollscan mit ESET bitte:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


MaZZ21 30.04.2014 14:34
Hat nix gefunden.:)

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ce7f2c72978a0e4c9f52c3d0f47b7139
# engine=18087
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-30 01:31:37
# local_time=2014-04-30 03:31:37 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 25408435 150494547 0 0
# scanned=353989
# found=0
# cleaned=0
# scan_time=4061


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:10 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131