|
Log-Analyse und Auswertung: Windows 7 64 bit: TR/Injector.bsy.2Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
22.05.2014, 12:55 | #1 |
| Windows 7 64 bit: TR/Injector.bsy.2 Gestern Abend,am 21.05.14,fand Avira einen mir unbekannten Virus:TR/Injector.bsy.2. Daraufhin steckte Avira ihn in Quarantäne und wollte einen Neustart des Computers. Beim Hochfahren des PCs wurde der Bildschirm in 800:600 anstatt in 1600:900 angezeigt. Außerdem waren die sonst transparenten Leisten farbig. Das Format konnte ich ändern doch die Einstellung der Leisten nicht. Wäre schön wenn mir jemand helfen könnte,der sich mit so etwas auskennt. Mit freundlichen Grüßen W4llb4ch |
22.05.2014, 12:58 | #2 |
/// the machine /// TB-Ausbilder | Windows 7 64 bit: TR/Injector.bsy.2 hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
22.05.2014, 13:02 | #3 |
| Windows 7 64 bit: TR/Injector.bsy.2 FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014 Ran by Jakob Rehbein_2 (ATTENTION: The logged in user is not administrator) on TRAVELMATE on 22-05-2014 13:31:14 Running from C:\Users\Jakob Rehbein_2\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe () C:\Windows\SysWOW64\jmdp\stij.exe () C:\Windows\System32\ljkb\stij.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Opera Software) C:\Program Files (x86)\Opera\21.0.1432.67\opera.exe () C:\Program Files (x86)\Opera\21.0.1432.67\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\21.0.1432.67\opera.exe (Opera Software) C:\Program Files (x86)\Opera\21.0.1432.67\opera.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-02-25] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [961184 2011-08-02] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [798880 2011-08-02] (Atheros Commnucations) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589480 2011-02-09] (ELAN Microelectronics Corp.) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1100880 2011-06-14] (Dritek System Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-03-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.) HKLM-x32\...\Run: [Sweetpacks Communicator] => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation) HKLM-x32\...\Runonce: [InnoSetupRegFile.0000000001] - "C:\Windows\is-C1D98.exe" /REG /REGSVRMODE [X] HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1583174529-1693183719-1453601109-1001\...\Run: [Facebook Update] => C:\Users\Jakob Rehbein_2\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-13] (Facebook Inc.) HKU\S-1-5-21-1583174529-1693183719-1453601109-1001\...\Run: [openvpntray.EXE] => C:\Users\Jakob Rehbein_2\AppData\Roaming\Hotspot Shield\bin\openvpntray.EXE -nonadmin HKU\S-1-5-21-1583174529-1693183719-1453601109-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1775808 2014-05-21] (Valve Corporation) HKU\S-1-5-21-1583174529-1693183719-1453601109-1001\...\Run: [Hoolapp Android] => "C:\Users\JAKOBR~2\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized HKU\S-1-5-21-1583174529-1693183719-1453601109-1001\...\Run: [CursorFX] => "C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe" HKU\S-1-5-21-1583174529-1693183719-1453601109-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe HKU\S-1-5-21-1583174529-1693183719-1453601109-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-1583174529-1693183719-1453601109-1001\...\MountPoints2: E - E:\LaunchU3.exe -a HKU\S-1-5-21-1583174529-1693183719-1453601109-1001\...\MountPoints2: {bc861310-4c4f-11e1-9202-9439e54ce7cd} - E:\LaunchU3.exe -a IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) Startup: C:\Users\Jakob Rehbein_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aluagent.lnk ShortcutTarget: aluagent.lnk -> C:\ProgramData\Acer\Acer Updater\aluagent.exe (Acer Incorporated) HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll [489992 2014-05-12] () HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetycrt.dll [664584 2014-05-12] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll No File URLSearchHook: HKCU - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=100&systemid=473&v=a12627-145&apn_uid=3362403919214444&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=100&systemid=473&v=a12627-145&apn_uid=3362403919214444&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=100&systemid=473&v=a12627-145&apn_uid=3362403919214444&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PRaYeIkoV&loc=skw&search={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name - {120A8821-2BEE-4C29-BCDA-62C577781992} - No File BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll No File BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: MinibarBHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Minibar.dll (KangoExtensions) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll No File Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll No File Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Jakob Rehbein_2\AppData\Roaming\Mozilla\Firefox\Profiles\autq5fny.default FF user.js: detected! => C:\Users\Jakob Rehbein_2\AppData\Roaming\Mozilla\Firefox\Profiles\autq5fny.default\user.js FF DefaultSearchEngine: Ask.com FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: Ask.com FF Homepage: hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-100&v=a12627-145&t=4 FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=100&systemid=473&v=a12627-145&apn_dtid=BND101&apn_ptnrs=AG1&apn_uid=3362403919214444&o=APN10640&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Jakob Rehbein_2\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jakob Rehbein_2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Users\Jakob Rehbein_2\AppData\Roaming\Mozilla\Firefox\Profiles\autq5fny.default\searchplugins\Ask.xml FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Users\Jakob Rehbein_2\AppData\Roaming\Mozilla\Firefox\Profiles\autq5fny.default\Extensions\afurladvisor@anchorfree.com [2012-11-13] FF Extension: Funmoods.com - C:\Users\Jakob Rehbein_2\AppData\Roaming\Mozilla\Firefox\Profiles\autq5fny.default\Extensions\ffxtlbr@funmoods.com [2013-04-28] FF Extension: Yahoo! Toolbar - C:\Users\Jakob Rehbein_2\AppData\Roaming\Mozilla\Firefox\Profiles\autq5fny.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-02-23] FF Extension: Ask New Tabs - C:\Users\Jakob Rehbein_2\AppData\Roaming\Mozilla\Firefox\Profiles\autq5fny.default\Extensions\{987FF466-80DE-000D-C392-986458FA318B} [2014-05-18] FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\Jakob Rehbein_2\AppData\Roaming\Mozilla\Firefox\Profiles\autq5fny.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012-03-09] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-25] FF HKLM\...\Firefox\Extensions: [{FEFE89E5-A43F-4f4b-8211-B11D91D02135}] - C:\Program Files\CoolPic\Firefox FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox FF HKLM-x32\...\Firefox\Extensions: [{FEFE89E5-A43F-4f4b-8211-B11D91D02135}] - C:\Program Files\CoolPic\Firefox FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox Chrome: ======= CHR StartupUrls: "chrome://newtab/" CHR Extension: (Angry Birds) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-03-12] CHR Extension: (Google Drive) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-24] CHR Extension: (YouTube) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-24] CHR Extension: (Google Search) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-24] CHR Extension: (AdBlock) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-24] CHR Extension: (Classic) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn [2014-03-01] CHR Extension: (theHunter) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jangaedeekciafhlanphhnalogmhefmo [2014-03-12] CHR Extension: (WEB.DE MailCheck) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2014-03-01] CHR Extension: (Cut the Rope) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbadlndcminbkfojhlimnkgaackjmdo [2014-03-01] CHR Extension: (Google Wallet) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-24] CHR Extension: (Gmail) - C:\Users\Jakob Rehbein_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-24] CHR HKLM-x32\...\Chrome\Extension: [fbdagnimlohkpamglloopgfnoiijpmoj] - C:\Program Files (x86)\Pass-Widget\135.crx [2013-11-17] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11] CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx [2014-04-06] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation) R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [2276144 2014-04-07] () R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-02-24] () R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) R2 SafetyNutManager; C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe [3544072 2014-05-12] (Somoto LTD) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\configmgrc1.cfg [36224 2014-05-12] (Somoto LTD) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-02-02] (Duplex Secure Ltd.) S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-22 13:31 - 2014-05-22 13:31 - 00020208 _____ () C:\Users\Jakob Rehbein_2\Desktop\FRST.txt 2014-05-22 13:31 - 2014-05-22 13:31 - 00000000 ____D () C:\FRST 2014-05-22 13:30 - 2014-05-22 13:30 - 02067456 _____ (Farbar) C:\Users\Jakob Rehbein_2\Desktop\FRST64.exe 2014-05-22 13:26 - 2014-05-22 13:26 - 00000582 _____ () C:\Users\Jakob Rehbein_2\Desktop\defogger_disable.log 2014-05-22 13:26 - 2014-05-22 13:26 - 00000020 _____ () C:\Users\Admin\defogger_reenable 2014-05-22 13:25 - 2014-05-22 13:25 - 00050477 _____ () C:\Users\Jakob Rehbein_2\Desktop\Defogger.exe 2014-05-18 21:55 - 2014-05-22 13:29 - 00000000 ____D () C:\ProgramData\SafetyNut 2014-05-14 16:23 - 2014-05-14 16:23 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-09 20:51 - 2014-05-08 20:07 - 01167284 _____ () C:\Users\Jakob Rehbein_2\Desktop\KN Launcher.exe 2014-04-26 21:40 - 2014-04-26 21:40 - 00844464 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\uninstall_flash_player.exe 2014-04-26 21:38 - 2014-04-26 21:38 - 01069776 _____ (Solid State Networks) C:\Users\Admin\Downloads\install_flashplayer13x32_chra_aaa_aih.exe 2014-04-26 21:35 - 2014-04-26 21:35 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Roaming\Opera Software 2014-04-26 21:35 - 2014-04-26 21:35 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Local\Opera Software 2014-04-26 21:33 - 2014-04-26 21:35 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2014-04-26 18:52 - 2014-05-19 17:26 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-26 18:52 - 2014-04-26 18:52 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-04-26 18:52 - 2014-04-26 18:52 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Opera Software 2014-04-26 18:52 - 2014-04-26 18:52 - 00000000 ____D () C:\Users\Admin\AppData\Local\Opera Software 2014-04-25 21:38 - 2014-04-25 21:38 - 00000000 ____D () C:\TPQIigt PsFuv (y86) 2014-04-25 21:02 - 2014-04-25 21:02 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Local\LogMeIn 2014-04-25 19:38 - 2014-04-25 19:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\LogMeIn 2014-04-25 19:38 - 2014-04-25 19:38 - 00000000 ____D () C:\ProgramData\LogMeIn 2014-04-25 19:30 - 2014-04-25 19:30 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-04-25 19:30 - 2014-04-25 19:30 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2014-04-25 19:23 - 2014-04-30 19:52 - 00000000 ____D () C:\Users\Jakob Rehbein_2\Downloads\Kacke 2014-04-24 20:17 - 2014-04-24 20:17 - 00001217 _____ () C:\Users\Admin\Desktop\TeamSpeak 3 Client.lnk 2014-04-24 20:17 - 2014-04-24 20:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-04-24 20:17 - 2014-04-24 20:17 - 00000000 ____D () C:\Users\Admin\AppData\Local\TeamSpeak 3 Client 2014-04-23 16:52 - 2014-04-23 16:52 - 00000000 ____D () C:\Users\Jakob Rehbein_2\minecraft 2014-04-23 16:34 - 2014-04-23 16:34 - 00000092 _____ () C:\Windows\system32\KeiNett_Launch.properties 2014-04-22 15:10 - 2014-04-22 15:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ATI 2014-04-22 15:10 - 2014-04-22 15:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\ATI 2014-04-22 14:49 - 2014-04-22 14:49 - 00001536 _____ () C:\Users\Jakob Rehbein_2\AppData\Local\recently-used.xbel ==================== One Month Modified Files and Folders ======= 2014-05-22 13:31 - 2014-05-22 13:31 - 00020208 _____ () C:\Users\Jakob Rehbein_2\Desktop\FRST.txt 2014-05-22 13:31 - 2014-05-22 13:31 - 00000000 ____D () C:\FRST 2014-05-22 13:31 - 2011-11-25 12:42 - 01202065 _____ () C:\Windows\WindowsUpdate.log 2014-05-22 13:30 - 2014-05-22 13:30 - 02067456 _____ (Farbar) C:\Users\Jakob Rehbein_2\Desktop\FRST64.exe 2014-05-22 13:30 - 2012-01-31 16:16 - 00000402 _____ () C:\Windows\Tasks\Acer Registration - Data Sending task.job 2014-05-22 13:29 - 2014-05-18 21:55 - 00000000 ____D () C:\ProgramData\SafetyNut 2014-05-22 13:29 - 2012-12-08 18:49 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-05-22 13:28 - 2014-01-16 17:05 - 00000284 _____ () C:\Windows\Tasks\FF Watcher {4B90D93B-CC50-49D4-BB3C-3EEBA278ABED}.job 2014-05-22 13:28 - 2013-11-17 11:29 - 00000384 _____ () C:\Windows\Tasks\PassWidget Update.job 2014-05-22 13:28 - 2013-09-01 13:16 - 00040285 _____ () C:\Windows\setupact.log 2014-05-22 13:28 - 2012-04-17 17:27 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-05-22 13:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-22 13:26 - 2014-05-22 13:26 - 00000582 _____ () C:\Users\Jakob Rehbein_2\Desktop\defogger_disable.log 2014-05-22 13:26 - 2014-05-22 13:26 - 00000020 _____ () C:\Users\Admin\defogger_reenable 2014-05-22 13:26 - 2012-08-14 11:38 - 00000000 ____D () C:\Users\Admin 2014-05-22 13:25 - 2014-05-22 13:25 - 00050477 _____ () C:\Users\Jakob Rehbein_2\Desktop\Defogger.exe 2014-05-22 13:23 - 2012-07-07 16:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-22 13:15 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-22 13:15 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-22 13:13 - 2013-08-03 20:35 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-05-22 13:13 - 2013-08-03 20:35 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-05-22 13:10 - 2011-11-25 21:32 - 24996786 _____ () C:\Windows\system32\perfh007.dat 2014-05-22 13:10 - 2011-11-25 21:32 - 08065412 _____ () C:\Windows\system32\perfc007.dat 2014-05-22 13:10 - 2009-07-14 07:13 - 00006520 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-21 22:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-05-21 21:59 - 2012-02-10 21:50 - 00001178 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1583174529-1693183719-1453601109-1001UA.job 2014-05-21 21:52 - 2014-02-14 18:52 - 00000318 _____ () C:\Windows\Tasks\Hoolapp For Android.job 2014-05-21 21:50 - 2012-01-31 21:49 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Roaming\.minecraft 2014-05-21 20:23 - 2012-12-22 21:23 - 00000314 _____ () C:\Windows\Tasks\MT66 Software Update.job 2014-05-21 18:54 - 2012-02-17 20:19 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Roaming\Skype 2014-05-21 15:53 - 2012-02-10 21:50 - 00001156 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1583174529-1693183719-1453601109-1001Core.job 2014-05-19 17:26 - 2014-04-26 18:52 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-05-17 23:04 - 2013-06-11 16:44 - 00000000 ____D () C:\Users\Jakob Rehbein_2\Downloads\yolo swag 2014-05-14 16:23 - 2014-05-14 16:23 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-05-14 16:23 - 2012-07-07 16:39 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 16:23 - 2011-08-31 11:12 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-13 17:56 - 2012-09-19 19:38 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Local\LogMeIn Hamachi 2014-05-13 16:46 - 2012-12-08 18:56 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-05-10 19:40 - 2012-02-02 19:15 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Roaming\vlc 2014-05-08 20:31 - 2013-09-08 07:55 - 00108150 _____ () C:\Windows\PFRO.log 2014-05-08 20:07 - 2014-05-09 20:51 - 01167284 _____ () C:\Users\Jakob Rehbein_2\Desktop\KN Launcher.exe 2014-05-03 02:11 - 2012-02-19 20:49 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Roaming\dvdcss 2014-04-30 19:52 - 2014-04-25 19:23 - 00000000 ____D () C:\Users\Jakob Rehbein_2\Downloads\Kacke 2014-04-29 07:55 - 2013-05-25 15:36 - 00000000 ____D () C:\Program Files (x86)\Google 2014-04-26 21:48 - 2012-01-31 16:25 - 00064024 _____ () C:\Users\Jakob Rehbein_2\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-26 21:46 - 2009-07-14 06:45 - 00294736 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-26 21:40 - 2014-04-26 21:40 - 00844464 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\uninstall_flash_player.exe 2014-04-26 21:38 - 2014-04-26 21:38 - 01069776 _____ (Solid State Networks) C:\Users\Admin\Downloads\install_flashplayer13x32_chra_aaa_aih.exe 2014-04-26 21:35 - 2014-04-26 21:35 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Roaming\Opera Software 2014-04-26 21:35 - 2014-04-26 21:35 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Local\Opera Software 2014-04-26 21:35 - 2014-04-26 21:33 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2014-04-26 21:35 - 2013-05-25 15:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google 2014-04-26 21:21 - 2013-06-13 17:23 - 00000000 ___HD () C:\Users\Public\Documents\Klett_Prefs 2014-04-26 20:56 - 2014-03-01 20:21 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-04-26 18:52 - 2014-04-26 18:52 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-04-26 18:52 - 2014-04-26 18:52 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Opera Software 2014-04-26 18:52 - 2014-04-26 18:52 - 00000000 ____D () C:\Users\Admin\AppData\Local\Opera Software 2014-04-26 18:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-26 12:33 - 2012-02-02 22:19 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Local\CrashDumps 2014-04-25 21:50 - 2012-12-25 12:20 - 00282472 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-04-25 21:50 - 2012-12-24 21:20 - 00282472 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-04-25 21:38 - 2014-04-25 21:38 - 00000000 ____D () C:\TPQIigt PsFuv (y86) 2014-04-25 21:26 - 2012-12-24 21:20 - 00282472 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-04-25 21:02 - 2014-04-25 21:02 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Local\LogMeIn 2014-04-25 19:38 - 2014-04-25 19:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\LogMeIn 2014-04-25 19:38 - 2014-04-25 19:38 - 00000000 ____D () C:\ProgramData\LogMeIn 2014-04-25 19:35 - 2012-11-16 15:54 - 00064024 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-25 19:30 - 2014-04-25 19:30 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-04-25 19:30 - 2014-04-25 19:30 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2014-04-24 20:17 - 2014-04-24 20:17 - 00001217 _____ () C:\Users\Admin\Desktop\TeamSpeak 3 Client.lnk 2014-04-24 20:17 - 2014-04-24 20:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-04-24 20:17 - 2014-04-24 20:17 - 00000000 ____D () C:\Users\Admin\AppData\Local\TeamSpeak 3 Client 2014-04-23 16:52 - 2014-04-23 16:52 - 00000000 ____D () C:\Users\Jakob Rehbein_2\minecraft 2014-04-23 16:52 - 2012-01-31 16:25 - 00000000 ____D () C:\Users\Jakob Rehbein_2 2014-04-23 16:34 - 2014-04-23 16:34 - 00000092 _____ () C:\Windows\system32\KeiNett_Launch.properties 2014-04-22 19:37 - 2013-12-23 14:15 - 00000448 ____H () C:\Users\Jakob Rehbein_2\Downloads\.picasa.ini 2014-04-22 15:12 - 2011-11-25 12:50 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies 2014-04-22 15:10 - 2014-04-22 15:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ATI 2014-04-22 15:10 - 2014-04-22 15:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\ATI 2014-04-22 14:49 - 2014-04-22 14:49 - 00001536 _____ () C:\Users\Jakob Rehbein_2\AppData\Local\recently-used.xbel 2014-04-22 14:49 - 2013-08-06 18:48 - 00000000 ____D () C:\Users\Jakob Rehbein_2\AppData\Local\gtk-2.0 2014-04-22 14:49 - 2013-08-06 18:38 - 00000000 ____D () C:\Users\Jakob Rehbein_2\.gimp-2.8 Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\appshat-distribution.exe C:\Users\Admin\AppData\Local\Temp\AutoRun.exe C:\Users\Admin\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Admin\AppData\Local\Temp\avgnt.exe C:\Users\Admin\AppData\Local\Temp\BabylonTB.exe C:\Users\Admin\AppData\Local\Temp\BI_RunOnce.exe C:\Users\Admin\AppData\Local\Temp\BundleSweetIMSetup.exe C:\Users\Admin\AppData\Local\Temp\catalyst_mobility_64-bit_util.exe C:\Users\Admin\AppData\Local\Temp\instloffer.exe C:\Users\Admin\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe C:\Users\Admin\AppData\Local\Temp\MybabylonTB.exe C:\Users\Admin\AppData\Local\Temp\OnlineWeatherSetup.exe C:\Users\Admin\AppData\Local\Temp\OptimizerPro.exe C:\Users\Admin\AppData\Local\Temp\propsys.dll C:\Users\Admin\AppData\Local\Temp\raptrpatch.exe C:\Users\Admin\AppData\Local\Temp\uninst1.exe C:\Users\Admin\AppData\Local\Temp\UNINSTALL.EXE C:\Users\Admin\AppData\Local\Temp\UpdateCheckerSetup.exe C:\Users\Jakob Rehbein\AppData\Local\Temp\AutoRun.exe C:\Users\Jakob Rehbein\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Jakob Rehbein\AppData\Local\Temp\drm_dyndata_7370014.dll C:\Users\Jakob Rehbein_2\AppData\Local\Temp\AskSLib.dll C:\Users\Jakob Rehbein_2\AppData\Local\Temp\AutoRun.exe C:\Users\Jakob Rehbein_2\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Jakob Rehbein_2\AppData\Local\Temp\avgnt.exe C:\Users\Jakob Rehbein_2\AppData\Local\Temp\avg_10.2.0.3.exe C:\Users\Jakob Rehbein_2\AppData\Local\Temp\conduitinstaller.exe C:\Users\Jakob Rehbein_2\AppData\Local\Temp\contentDATs.exe C:\Users\Jakob Rehbein_2\AppData\Local\Temp\i4jdel0.exe C:\Users\Jakob Rehbein_2\AppData\Local\Temp\i4jdel1.exe C:\Users\Jakob Rehbein_2\AppData\Local\Temp\i4jdel2.exe C:\Users\Jakob Rehbein_2\AppData\Local\Temp\i4jdel3.exe C:\Users\Jakob Rehbein_2\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\Jakob Rehbein_2\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\Jakob Rehbein_2\AppData\Local\Temp\PicasaUpdater_17ef.exe C:\Users\Jakob Rehbein_2\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\Jakob Rehbein_2\AppData\Local\Temp\SIntf16.dll C:\Users\Jakob Rehbein_2\AppData\Local\Temp\SIntf32.dll C:\Users\Jakob Rehbein_2\AppData\Local\Temp\SIntfNT.dll C:\Users\Jakob Rehbein_2\AppData\Local\Temp\SkypeSetup.exe C:\Users\Jakob Rehbein_2\AppData\Local\Temp\ubi6258.tmp.exe C:\Users\Jakob Rehbein_2\AppData\Local\Temp\vlc-2.0.8-win64.exe C:\Users\Jakob Rehbein_2\AppData\Local\Temp\_isB9B0.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2014 Ran by Jakob Rehbein_2 at 2014-05-22 13:32:05 Running from C:\Users\Jakob Rehbein_2\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.3018.00 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.5.3018.00 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3007 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3502 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0530.2011 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated) Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated) Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated) Assassin's Creed(R) III v1.06 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.06 - Ubisoft) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira) Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.90 - Atheros Communications) Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version: - ) <==== ATTENTION Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision) Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - ) Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward - Sledgehammer Games) Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version: - Infinity Ward - Sledgehammer Games) CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Empire Earth II (HKLM-x32\...\{DF315348-721C-40B8-BAE2-58C6C7D935A2}) (Version: 1.02 - Sierra) ETDWare PS/2-X64 8.0.6.2_WHQL (HKLM\...\Elantech) (Version: 8.0.6.2 - ELAN Microelectronic Corp.) Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited) FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.7.0.0 - Electronic Arts) FilesFrog Update Checker (HKLM-x32\...\FilesFrog Update Checker) (Version: - ) <==== ATTENTION Formatwandler 2013 (HKLM-x32\...\{98C7891F-4BA8-48D3-0001-D4DD055B2886}) (Version: 5.0.12.625 - S.A.D.) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.11.225 - DVDVideoSoft Ltd.) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden Hotspot Shield 2.76 (HKCU\...\HotspotShield) (Version: 2.76 - AnchorFree Inc.) IB Updater Service (HKLM-x32\...\WNLT) (Version: 5.0.8.6 - ) <==== ATTENTION Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) Install Absolute Data Protect (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0.42 - Absolute Software) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation) Internet Explorer Toolbar 4.6 by SweetPacks (HKLM-x32\...\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}) (Version: 4.6.0004 - SweetIM Technologies Ltd.) <==== ATTENTION Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lagarith lossless video codec (Remove Only) (HKLM-x32\...\LAGARITH) (Version: - ) Launch Manager (HKLM-x32\...\LManager) (Version: 6.0.7 - Acer Inc.) Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE (HKLM-x32\...\{F112F66E-25CA-42DD-983C-6118EB38F606}) (Version: 3.0.89.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft) Mozilla Firefox 26.0 (x86 de) (HKCU\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MT66 Software Update (HKLM-x32\...\{F2E4F3A5-A8F0-46F4-8E91-E8C1DE1FCFE5}_is1) (Version: - ) NBA 2K14 (HKLM-x32\...\Steam App 255480) (Version: - Visual Concepts) newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.) newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Opera Stable 21.0.1432.67 (HKLM-x32\...\Opera 21.0.1432.67) (Version: 21.0.1432.67 - Opera Software ASA) Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.) PassWidget (HKLM-x32\...\{29616186-e10b-4298-b44c-582a18b90223}) (Version: - PassWidget Software) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6318 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.) Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition) Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) SweetIM for Messenger 3.7 (HKLM-x32\...\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}) (Version: 3.7.0007 - SweetIM Technologies Ltd.) <==== ATTENTION SweetPacks bundle uninstaller (HKLM-x32\...\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}) (Version: 1.0.0000 - SweetIM Technologies Ltd.) <==== ATTENTION TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer) TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions) Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated) Windows Live Argazki Galeria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH) Xvid MPEG-4 Video Codec (HKLM-x32\...\Xvid_is1) (Version: - ) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: C:\Windows\Tasks\Acer Registration - Data Sending task.job => ? Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ? Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1583174529-1693183719-1453601109-1001Core.job => C:\Users\Jakob Rehbein_2\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1583174529-1693183719-1453601109-1001UA.job => C:\Users\Jakob Rehbein_2\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FF Watcher {4B90D93B-CC50-49D4-BB3C-3EEBA278ABED}.job => ? Task: C:\Windows\Tasks\Hoolapp For Android.job => C:\Users\JAKOBR~2\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\MT66 Software Update.job => ? Task: C:\Windows\Tasks\PassWidget Update.job => ? ==================== Loaded Modules (whitelisted) ============= 2013-09-01 15:28 - 2014-05-12 15:28 - 00664584 _____ () C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetycrt.dll 2014-04-07 16:57 - 2014-04-07 16:57 - 01100592 _____ () C:\Windows\SysWOW64\jmdp\stij.exe 2014-04-07 16:57 - 2014-04-07 16:57 - 01303856 _____ () C:\Windows\System32\ljkb\stij.exe 2014-04-07 16:57 - 2014-04-07 16:57 - 01571120 _____ () C:\Windows\System32\ljkb\lmrn.dll 2014-05-19 17:26 - 2014-05-12 07:51 - 01397880 _____ () C:\Program Files (x86)\Opera\21.0.1432.67\opera_crashreporter.exe 2014-04-07 16:57 - 2014-04-07 16:57 - 01266992 _____ () C:\Windows\SysWOW64\jmdp\lmrn.dll 2013-09-01 15:28 - 2014-05-12 15:28 - 00489992 _____ () C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll 2014-05-19 17:26 - 2014-05-12 07:51 - 00957048 _____ () C:\Program Files (x86)\Opera\21.0.1432.67\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: hamachi Description: hamachi Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/22/2014 01:28:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/22/2014 01:10:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (05/22/2014 01:10:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (05/22/2014 01:10:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (05/22/2014 01:08:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/21/2014 10:14:40 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/21/2014 06:57:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (05/21/2014 06:57:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (05/21/2014 06:57:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (05/21/2014 03:49:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. System errors: ============= Error: (05/21/2014 10:16:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/21/2014 10:16:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (05/19/2014 08:25:44 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR8 gefunden. Error: (05/19/2014 08:25:43 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR8 gefunden. Error: (05/19/2014 08:25:40 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR8 gefunden. Error: (05/19/2014 08:08:48 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden. Error: (05/19/2014 08:08:48 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden. Error: (05/19/2014 08:08:44 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden. Error: (05/19/2014 05:18:58 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden. Error: (05/18/2014 09:56:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "F06DEFF2-5B9C-490D-910F-35D3A91196222" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (05/22/2014 01:28:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/22/2014 01:10:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (05/22/2014 01:10:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (05/22/2014 01:10:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (05/22/2014 01:08:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/21/2014 10:14:40 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/21/2014 06:57:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (05/21/2014 06:57:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (05/21/2014 06:57:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (05/21/2014 03:49:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 CodeIntegrity Errors: =================================== Date: 2014-05-22 13:28:07.450 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-22 13:28:07.388 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-22 13:08:23.814 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-22 13:08:23.736 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-21 22:13:53.728 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-05-21 22:13:53.665 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 4077.86 MB Available physical RAM: 2465.39 MB Total Pagefile: 8153.9 MB Available Pagefile: 6501.51 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:683.54 GB) (Free:515.52 GB) NTFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================ |
23.05.2014, 11:05 | #4 |
/// the machine /// TB-Ausbilder | Windows 7 64 bit: TR/Injector.bsy.2 Bitte wiederholen, unsere Tools brauchen immer Adminrechte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 7 64 bit: TR/Injector.bsy.2 |
64 bit, abend, avira, bekannte, bildschirm, compu, einstellung, ellung, format, gestern, hochfahren, konnte, leiste, leisten, neustart, pcs, quarantäne, schön, tr/injector.bsy.2, transparente, unbekannte, unbekannten, virus, windows, windows 7, windows 7 64 bit, ändern |