Windows 7 64 bit: TR/Injector.bsy.2

W4llb4ch · 22.05.2014, 12:55

Gestern Abend,am 21.05.14,fand Avira einen mir unbekannten Virus:TR/Injector.bsy.2. Daraufhin steckte Avira ihn in Quarantäne und wollte einen Neustart des Computers. Beim Hochfahren des PCs wurde der Bildschirm in 800:600 anstatt in 1600:900 angezeigt. Außerdem waren die sonst transparenten Leisten farbig. Das Format konnte ich ändern doch die Einstellung der Leisten nicht.

Wäre schön wenn mir jemand helfen könnte,der sich mit so etwas auskennt.

Mit freundlichen Grüßen
W4llb4ch

schrauber · 22.05.2014, 12:58

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

W4llb4ch · 22.05.2014, 13:02

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by Jakob Rehbein_2 (ATTENTION: The logged in user is not administrator) on TRAVELMATE on 22-05-2014 13:31:14
Running from C:\Users\Jakob Rehbein_2\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Windows\SysWOW64\jmdp\stij.exe
() C:\Windows\System32\ljkb\stij.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Opera Software) C:\Program Files (x86)\Opera\21.0.1432.67\opera.exe
() C:\Program Files (x86)\Opera\21.0.1432.67\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\21.0.1432.67\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\21.0.1432.67\opera.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-02-25] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [961184 2011-08-02] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [798880 2011-08-02] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589480 2011-02-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1100880 2011-06-14] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-03-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Runonce: [InnoSetupRegFile.0000000001] - "C:\Windows\is-C1D98.exe" /REG /REGSVRMODE [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1583174529-1693183719-1453601109-1001\...\Run: [Facebook Update] => C:\Users\Jakob Rehbein_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-13] (Facebook Inc.)
HKU\S-1-5-21-1583174529-1693183719-1453601109-1001\...\Run: [openvpntray.EXE] => C:\Users\Jakob Rehbein_2\AppData\Roaming\Hotspot Shield\bin\openvpntray.EXE -nonadmin
HKU\S-1-5-21-1583174529-1693183719-1453601109-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1775808 2014-05-21] (Valve Corporation)
HKU\S-1-5-21-1583174529-1693183719-1453601109-1001\...\Run: [Hoolapp Android] => "C:\Users\JAKOBR~2\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized
HKU\S-1-5-21-1583174529-1693183719-1453601109-1001\...\Run: [CursorFX] => "C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe"
HKU\S-1-5-21-1583174529-1693183719-1453601109-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
HKU\S-1-5-21-1583174529-1693183719-1453601109-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1583174529-1693183719-1453601109-1001\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-1583174529-1693183719-1453601109-1001\...\MountPoints2: {bc861310-4c4f-11e1-9202-9439e54ce7cd} - E:\LaunchU3.exe -a
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\Jakob Rehbein_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aluagent.lnk
ShortcutTarget: aluagent.lnk -> C:\ProgramData\Acer\Acer Updater\aluagent.exe (Acer Incorporated)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll [489992 2014-05-12] ()
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetycrt.dll [664584 2014-05-12] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll No File
URLSearchHook: HKCU - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=100&systemid=473&v=a12627-145&apn_uid=3362403919214444&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=100&systemid=473&v=a12627-145&apn_uid=3362403919214444&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=100&systemid=473&v=a12627-145&apn_uid=3362403919214444&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PRaYeIkoV&loc=skw&search={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {120A8821-2BEE-4C29-BCDA-62C577781992} -  No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll No File
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MinibarBHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Minibar.dll (KangoExtensions)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll No File
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Jakob Rehbein_2\AppData\Roaming\Mozilla\Firefox\Profiles\autq5fny.default
FF user.js: detected! => C:\Users\Jakob Rehbein_2\AppData\Roaming\Mozilla\Firefox\Profiles\autq5fny.default\user.js
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-100&v=a12627-145&t=4
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=100&systemid=473&v=a12627-145&apn_dtid=BND101&apn_ptnrs=AG1&apn_uid=3362403919214444&o=APN10640&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Jakob Rehbein_2\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jakob Rehbein_2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Jakob Rehbein_2\AppData\Roaming\Mozilla\Firefox\Profiles\autq5fny.default\searchplugins\Ask.xml
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Users\Jakob Rehbein_2\AppData\Roaming\Mozilla\Firefox\Profiles\autq5fny.default\Extensions\afurladvisor@anchorfree.com [2012-11-13]
FF Extension: Funmoods.com - C:\Users\Jakob Rehbein_2\AppData\Roaming\Mozilla\Firefox\Profiles\autq5fny.default\Extensions\ffxtlbr@funmoods.com [2013-04-28]
FF Extension: Yahoo! Toolbar - C:\Users\Jakob Rehbein_2\AppData\Roaming\Mozilla\Firefox\Profiles\autq5fny.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-02-23]
FF Extension: Ask New Tabs - C:\Users\Jakob Rehbein_2\AppData\Roaming\Mozilla\Firefox\Profiles\autq5fny.default\Extensions\{987FF466-80DE-000D-C392-986458FA318B} [2014-05-18]
FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\Jakob Rehbein_2\AppData\Roaming\Mozilla\Firefox\Profiles\autq5fny.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012-03-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-25]
FF HKLM\...\Firefox\Extensions: [{FEFE89E5-A43F-4f4b-8211-B11D91D02135}] - C:\Program Files\CoolPic\Firefox
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FEFE89E5-A43F-4f4b-8211-B11D91D02135}] - C:\Program Files\CoolPic\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox

Chrome: 
=======
CHR StartupUrls: "chrome://newtab/"
CHR Extension: (Angry Birds) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-03-12]
CHR Extension: (Google Drive) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-24]
CHR Extension: (YouTube) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-24]
CHR Extension: (Google Search) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-24]
CHR Extension: (AdBlock) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-24]
CHR Extension: (Classic) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn [2014-03-01]
CHR Extension: (theHunter) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jangaedeekciafhlanphhnalogmhefmo [2014-03-12]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-03-01]
CHR Extension: (Cut the Rope) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbadlndcminbkfojhlimnkgaackjmdo [2014-03-01]
CHR Extension: (Google Wallet) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-24]
CHR Extension: (Gmail) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-24]
CHR HKLM-x32\...\Chrome\Extension: [fbdagnimlohkpamglloopgfnoiijpmoj] - C:\Program Files (x86)\Pass-Widget\135.crx [2013-11-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx [2014-04-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [2276144 2014-04-07] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-02-24] ()
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 SafetyNutManager; C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe [3544072 2014-05-12] (Somoto LTD)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\configmgrc1.cfg [36224 2014-05-12] (Somoto LTD)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-02-02] (Duplex Secure Ltd.)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-22 13:31 - 2014-05-22 13:31 - 00020208 _____ () C:\Users\Jakob Rehbein_2\Desktop\FRST.txt
2014-05-22 13:31 - 2014-05-22 13:31 - 00000000 ____D () C:\FRST
2014-05-22 13:30 - 2014-05-22 13:30 - 02067456 _____ (Farbar) C:\Users\Jakob Rehbein_2\Desktop\FRST64.exe
2014-05-22 13:26 - 2014-05-22 13:26 - 00000582 _____ () C:\Users\Jakob Rehbein_2\Desktop\defogger_disable.log
2014-05-22 13:26 - 2014-05-22 13:26 - 00000020 _____ () C:\Users\Admin\defogger_reenable
2014-05-22 13:25 - 2014-05-22 13:25 - 00050477 _____ () C:\Users\Jakob Rehbein_2\Desktop\Defogger.exe
2014-05-18 21:55 - 2014-05-22 13:29 - 00000000 ____D () C:\ProgramData\SafetyNut
2014-05-14 16:23 - 2014-05-14 16:23 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-09 20:51 - 2014-05-08 20:07 - 01167284 _____ () C:\Users\Jakob Rehbein_2\Desktop\KN Launcher.exe
2014-04-26 21:40 - 2014-04-26 21:40 - 00844464 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\uninstall_flash_player.exe
2014-04-26 21:38 - 2014-04-26 21:38 - 01069776 _____ (Solid State Networks) C:\Users\Admin\Downloads\install_flashplayer13x32_chra_aaa_aih.exe
2014-04-26 21:35 - 2014-04-26 21:35 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Roaming\Opera Software
2014-04-26 21:35 - 2014-04-26 21:35 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Local\Opera Software
2014-04-26 21:33 - 2014-04-26 21:35 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-04-26 18:52 - 2014-05-19 17:26 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-26 18:52 - 2014-04-26 18:52 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-04-26 18:52 - 2014-04-26 18:52 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Opera Software
2014-04-26 18:52 - 2014-04-26 18:52 - 00000000 ____D () C:\Users\Admin\AppData\Local\Opera Software
2014-04-25 21:38 - 2014-04-25 21:38 - 00000000 ____D () C:\TPQIigt PsFuv (y86)
2014-04-25 21:02 - 2014-04-25 21:02 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Local\LogMeIn
2014-04-25 19:38 - 2014-04-25 19:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\LogMeIn
2014-04-25 19:38 - 2014-04-25 19:38 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-04-25 19:30 - 2014-04-25 19:30 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-25 19:30 - 2014-04-25 19:30 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-25 19:23 - 2014-04-30 19:52 - 00000000 ____D () C:\Users\Jakob Rehbein_2\Downloads\Kacke
2014-04-24 20:17 - 2014-04-24 20:17 - 00001217 _____ () C:\Users\Admin\Desktop\TeamSpeak 3 Client.lnk
2014-04-24 20:17 - 2014-04-24 20:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-04-24 20:17 - 2014-04-24 20:17 - 00000000 ____D () C:\Users\Admin\AppData\Local\TeamSpeak 3 Client
2014-04-23 16:52 - 2014-04-23 16:52 - 00000000 ____D () C:\Users\Jakob Rehbein_2\minecraft
2014-04-23 16:34 - 2014-04-23 16:34 - 00000092 _____ () C:\Windows\system32\KeiNett_Launch.properties
2014-04-22 15:10 - 2014-04-22 15:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ATI
2014-04-22 15:10 - 2014-04-22 15:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\ATI
2014-04-22 14:49 - 2014-04-22 14:49 - 00001536 _____ () C:\Users\Jakob Rehbein_2\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

2014-05-22 13:31 - 2014-05-22 13:31 - 00020208 _____ () C:\Users\Jakob Rehbein_2\Desktop\FRST.txt
2014-05-22 13:31 - 2014-05-22 13:31 - 00000000 ____D () C:\FRST
2014-05-22 13:31 - 2011-11-25 12:42 - 01202065 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 13:30 - 2014-05-22 13:30 - 02067456 _____ (Farbar) C:\Users\Jakob Rehbein_2\Desktop\FRST64.exe
2014-05-22 13:30 - 2012-01-31 16:16 - 00000402 _____ () C:\Windows\Tasks\Acer Registration - Data Sending task.job
2014-05-22 13:29 - 2014-05-18 21:55 - 00000000 ____D () C:\ProgramData\SafetyNut
2014-05-22 13:29 - 2012-12-08 18:49 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-22 13:28 - 2014-01-16 17:05 - 00000284 _____ () C:\Windows\Tasks\FF Watcher {4B90D93B-CC50-49D4-BB3C-3EEBA278ABED}.job
2014-05-22 13:28 - 2013-11-17 11:29 - 00000384 _____ () C:\Windows\Tasks\PassWidget Update.job
2014-05-22 13:28 - 2013-09-01 13:16 - 00040285 _____ () C:\Windows\setupact.log
2014-05-22 13:28 - 2012-04-17 17:27 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-05-22 13:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 13:26 - 2014-05-22 13:26 - 00000582 _____ () C:\Users\Jakob Rehbein_2\Desktop\defogger_disable.log
2014-05-22 13:26 - 2014-05-22 13:26 - 00000020 _____ () C:\Users\Admin\defogger_reenable
2014-05-22 13:26 - 2012-08-14 11:38 - 00000000 ____D () C:\Users\Admin
2014-05-22 13:25 - 2014-05-22 13:25 - 00050477 _____ () C:\Users\Jakob Rehbein_2\Desktop\Defogger.exe
2014-05-22 13:23 - 2012-07-07 16:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-22 13:15 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-22 13:15 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-22 13:13 - 2013-08-03 20:35 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-22 13:13 - 2013-08-03 20:35 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-22 13:10 - 2011-11-25 21:32 - 24996786 _____ () C:\Windows\system32\perfh007.dat
2014-05-22 13:10 - 2011-11-25 21:32 - 08065412 _____ () C:\Windows\system32\perfc007.dat
2014-05-22 13:10 - 2009-07-14 07:13 - 00006520 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-21 22:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-05-21 21:59 - 2012-02-10 21:50 - 00001178 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1583174529-1693183719-1453601109-1001UA.job
2014-05-21 21:52 - 2014-02-14 18:52 - 00000318 _____ () C:\Windows\Tasks\Hoolapp For Android.job
2014-05-21 21:50 - 2012-01-31 21:49 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Roaming\.minecraft
2014-05-21 20:23 - 2012-12-22 21:23 - 00000314 _____ () C:\Windows\Tasks\MT66 Software Update.job
2014-05-21 18:54 - 2012-02-17 20:19 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Roaming\Skype
2014-05-21 15:53 - 2012-02-10 21:50 - 00001156 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1583174529-1693183719-1453601109-1001Core.job
2014-05-19 17:26 - 2014-04-26 18:52 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-17 23:04 - 2013-06-11 16:44 - 00000000 ____D () C:\Users\Jakob Rehbein_2\Downloads\yolo swag
2014-05-14 16:23 - 2014-05-14 16:23 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 16:23 - 2012-07-07 16:39 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 16:23 - 2011-08-31 11:12 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 17:56 - 2012-09-19 19:38 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Local\LogMeIn Hamachi
2014-05-13 16:46 - 2012-12-08 18:56 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-05-10 19:40 - 2012-02-02 19:15 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Roaming\vlc
2014-05-08 20:31 - 2013-09-08 07:55 - 00108150 _____ () C:\Windows\PFRO.log
2014-05-08 20:07 - 2014-05-09 20:51 - 01167284 _____ () C:\Users\Jakob Rehbein_2\Desktop\KN Launcher.exe
2014-05-03 02:11 - 2012-02-19 20:49 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Roaming\dvdcss
2014-04-30 19:52 - 2014-04-25 19:23 - 00000000 ____D () C:\Users\Jakob Rehbein_2\Downloads\Kacke
2014-04-29 07:55 - 2013-05-25 15:36 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-26 21:48 - 2012-01-31 16:25 - 00064024 _____ () C:\Users\Jakob Rehbein_2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-26 21:46 - 2009-07-14 06:45 - 00294736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-26 21:40 - 2014-04-26 21:40 - 00844464 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\uninstall_flash_player.exe
2014-04-26 21:38 - 2014-04-26 21:38 - 01069776 _____ (Solid State Networks) C:\Users\Admin\Downloads\install_flashplayer13x32_chra_aaa_aih.exe
2014-04-26 21:35 - 2014-04-26 21:35 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Roaming\Opera Software
2014-04-26 21:35 - 2014-04-26 21:35 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Local\Opera Software
2014-04-26 21:35 - 2014-04-26 21:33 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-04-26 21:35 - 2013-05-25 15:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-04-26 21:21 - 2013-06-13 17:23 - 00000000 ___HD () C:\Users\Public\Documents\Klett_Prefs
2014-04-26 20:56 - 2014-03-01 20:21 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-26 18:52 - 2014-04-26 18:52 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-04-26 18:52 - 2014-04-26 18:52 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Opera Software
2014-04-26 18:52 - 2014-04-26 18:52 - 00000000 ____D () C:\Users\Admin\AppData\Local\Opera Software
2014-04-26 18:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-26 12:33 - 2012-02-02 22:19 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Local\CrashDumps
2014-04-25 21:50 - 2012-12-25 12:20 - 00282472 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-04-25 21:50 - 2012-12-24 21:20 - 00282472 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-04-25 21:38 - 2014-04-25 21:38 - 00000000 ____D () C:\TPQIigt PsFuv (y86)
2014-04-25 21:26 - 2012-12-24 21:20 - 00282472 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-04-25 21:02 - 2014-04-25 21:02 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Local\LogMeIn
2014-04-25 19:38 - 2014-04-25 19:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\LogMeIn
2014-04-25 19:38 - 2014-04-25 19:38 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-04-25 19:35 - 2012-11-16 15:54 - 00064024 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-25 19:30 - 2014-04-25 19:30 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-25 19:30 - 2014-04-25 19:30 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-24 20:17 - 2014-04-24 20:17 - 00001217 _____ () C:\Users\Admin\Desktop\TeamSpeak 3 Client.lnk
2014-04-24 20:17 - 2014-04-24 20:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-04-24 20:17 - 2014-04-24 20:17 - 00000000 ____D () C:\Users\Admin\AppData\Local\TeamSpeak 3 Client
2014-04-23 16:52 - 2014-04-23 16:52 - 00000000 ____D () C:\Users\Jakob Rehbein_2\minecraft
2014-04-23 16:52 - 2012-01-31 16:25 - 00000000 ____D () C:\Users\Jakob Rehbein_2
2014-04-23 16:34 - 2014-04-23 16:34 - 00000092 _____ () C:\Windows\system32\KeiNett_Launch.properties
2014-04-22 19:37 - 2013-12-23 14:15 - 00000448 ____H () C:\Users\Jakob Rehbein_2\Downloads\.picasa.ini
2014-04-22 15:12 - 2011-11-25 12:50 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-04-22 15:10 - 2014-04-22 15:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ATI
2014-04-22 15:10 - 2014-04-22 15:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\ATI
2014-04-22 14:49 - 2014-04-22 14:49 - 00001536 _____ () C:\Users\Jakob Rehbein_2\AppData\Local\recently-used.xbel
2014-04-22 14:49 - 2013-08-06 18:48 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Local\gtk-2.0
2014-04-22 14:49 - 2013-08-06 18:38 - 00000000 ____D () C:\Users\Jakob Rehbein_2\.gimp-2.8

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Admin\AppData\Local\Temp\AutoRun.exe
C:\Users\Admin\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Admin\AppData\Local\Temp\BabylonTB.exe
C:\Users\Admin\AppData\Local\Temp\BI_RunOnce.exe
C:\Users\Admin\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Admin\AppData\Local\Temp\catalyst_mobility_64-bit_util.exe
C:\Users\Admin\AppData\Local\Temp\instloffer.exe
C:\Users\Admin\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe
C:\Users\Admin\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Admin\AppData\Local\Temp\OnlineWeatherSetup.exe
C:\Users\Admin\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Admin\AppData\Local\Temp\propsys.dll
C:\Users\Admin\AppData\Local\Temp\raptrpatch.exe
C:\Users\Admin\AppData\Local\Temp\uninst1.exe
C:\Users\Admin\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Admin\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Jakob Rehbein\AppData\Local\Temp\AutoRun.exe
C:\Users\Jakob Rehbein\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Jakob Rehbein\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\AskSLib.dll
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\AutoRun.exe
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\avgnt.exe
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\avg_10.2.0.3.exe
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\contentDATs.exe
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\i4jdel0.exe
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\i4jdel1.exe
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\i4jdel2.exe
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\i4jdel3.exe
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\PicasaUpdater_17ef.exe
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\SIntf16.dll
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\SIntf32.dll
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\SIntfNT.dll
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\ubi6258.tmp.exe
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\vlc-2.0.8-win64.exe
C:\Users\Jakob Rehbein_2\AppData\Local\Temp\_isB9B0.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2014
Ran by Jakob Rehbein_2 at 2014-05-22 13:32:05
Running from C:\Users\Jakob Rehbein_2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.3018.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.3018.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3007 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3502 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0530.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Assassin's Creed(R) III v1.06 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.06 - Ubisoft)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.90 - Atheros Communications)
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - ) <==== ATTENTION
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward - Sledgehammer Games)
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Empire Earth II (HKLM-x32\...\{DF315348-721C-40B8-BAE2-58C6C7D935A2}) (Version: 1.02 - Sierra)
ETDWare PS/2-X64 8.0.6.2_WHQL (HKLM\...\Elantech) (Version: 8.0.6.2 - ELAN Microelectronic Corp.)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.7.0.0 - Electronic Arts)
FilesFrog Update Checker (HKLM-x32\...\FilesFrog Update Checker) (Version:  - ) <==== ATTENTION
Formatwandler 2013 (HKLM-x32\...\{98C7891F-4BA8-48D3-0001-D4DD055B2886}) (Version: 5.0.12.625 - S.A.D.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.11.225 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Hotspot Shield 2.76 (HKCU\...\HotspotShield) (Version: 2.76 - AnchorFree Inc.)
IB Updater Service (HKLM-x32\...\WNLT) (Version: 5.0.8.6 - ) <==== ATTENTION
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Install Absolute Data Protect (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0.42 - Absolute Software)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Internet Explorer Toolbar 4.6 by SweetPacks (HKLM-x32\...\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}) (Version: 4.6.0004 - SweetIM Technologies Ltd.) <==== ATTENTION
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lagarith lossless video codec (Remove Only) (HKLM-x32\...\LAGARITH) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 6.0.7 - Acer Inc.)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F112F66E-25CA-42DD-983C-6118EB38F606}) (Version: 3.0.89.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 26.0 (x86 de) (HKCU\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MT66 Software Update (HKLM-x32\...\{F2E4F3A5-A8F0-46F4-8E91-E8C1DE1FCFE5}_is1) (Version:  - )
NBA 2K14 (HKLM-x32\...\Steam App 255480) (Version:  - Visual Concepts)
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 21.0.1432.67 (HKLM-x32\...\Opera 21.0.1432.67) (Version: 21.0.1432.67 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PassWidget (HKLM-x32\...\{29616186-e10b-4298-b44c-582a18b90223}) (Version:  - PassWidget Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6318 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SweetIM for Messenger 3.7 (HKLM-x32\...\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}) (Version: 3.7.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
SweetPacks bundle uninstaller (HKLM-x32\...\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}) (Version: 1.0.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
Windows Live Argazki Galeria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
Xvid MPEG-4 Video Codec (HKLM-x32\...\Xvid_is1) (Version:  - )
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Acer Registration - Data Sending task.job => ?
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1583174529-1693183719-1453601109-1001Core.job => C:\Users\Jakob Rehbein_2\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1583174529-1693183719-1453601109-1001UA.job => C:\Users\Jakob Rehbein_2\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FF Watcher {4B90D93B-CC50-49D4-BB3C-3EEBA278ABED}.job => ?
Task: C:\Windows\Tasks\Hoolapp For Android.job => C:\Users\JAKOBR~2\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\MT66 Software Update.job => ?
Task: C:\Windows\Tasks\PassWidget Update.job => ?

==================== Loaded Modules (whitelisted) =============

2013-09-01 15:28 - 2014-05-12 15:28 - 00664584 _____ () C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetycrt.dll
2014-04-07 16:57 - 2014-04-07 16:57 - 01100592 _____ () C:\Windows\SysWOW64\jmdp\stij.exe
2014-04-07 16:57 - 2014-04-07 16:57 - 01303856 _____ () C:\Windows\System32\ljkb\stij.exe
2014-04-07 16:57 - 2014-04-07 16:57 - 01571120 _____ () C:\Windows\System32\ljkb\lmrn.dll
2014-05-19 17:26 - 2014-05-12 07:51 - 01397880 _____ () C:\Program Files (x86)\Opera\21.0.1432.67\opera_crashreporter.exe
2014-04-07 16:57 - 2014-04-07 16:57 - 01266992 _____ () C:\Windows\SysWOW64\jmdp\lmrn.dll
2013-09-01 15:28 - 2014-05-12 15:28 - 00489992 _____ () C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll
2014-05-19 17:26 - 2014-05-12 07:51 - 00957048 _____ () C:\Program Files (x86)\Opera\21.0.1432.67\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: hamachi
Description: hamachi
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2014 01:28:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2014 01:10:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (05/22/2014 01:10:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (05/22/2014 01:10:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (05/22/2014 01:08:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2014 10:14:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2014 06:57:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (05/21/2014 06:57:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (05/21/2014 06:57:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (05/21/2014 03:49:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.


System errors:
=============
Error: (05/21/2014 10:16:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/21/2014 10:16:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (05/19/2014 08:25:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR8 gefunden.

Error: (05/19/2014 08:25:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR8 gefunden.

Error: (05/19/2014 08:25:40 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR8 gefunden.

Error: (05/19/2014 08:08:48 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden.

Error: (05/19/2014 08:08:48 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden.

Error: (05/19/2014 08:08:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden.

Error: (05/19/2014 05:18:58 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.

Error: (05/18/2014 09:56:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "F06DEFF2-5B9C-490D-910F-35D3A91196222" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (05/22/2014 01:28:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2014 01:10:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/22/2014 01:10:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (05/22/2014 01:10:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (05/22/2014 01:08:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2014 10:14:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2014 06:57:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/21/2014 06:57:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (05/21/2014 06:57:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (05/21/2014 03:49:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000


CodeIntegrity Errors:
===================================
  Date: 2014-05-22 13:28:07.450
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-22 13:28:07.388
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-22 13:08:23.814
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-22 13:08:23.736
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-21 22:13:53.728
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-21 22:13:53.665
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 4077.86 MB
Available physical RAM: 2465.39 MB
Total Pagefile: 8153.9 MB
Available Pagefile: 6501.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:683.54 GB) (Free:515.52 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

schrauber · 23.05.2014, 11:05

Bitte wiederholen, unsere Tools brauchen immer Adminrechte.

23.05.2014, 11:05	#4
schrauber /// the machine /// TB-Ausbilder	Windows 7 64 bit: TR/Injector.bsy.2 Bitte wiederholen, unsere Tools brauchen immer Adminrechte. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 7 64 bit: TR/Injector.bsy.2

Log-Analyse und Auswertung: Windows 7 64 bit: TR/Injector.bsy.2