| |
| |||||||
Log-Analyse und Auswertung: Bonanza Deals in Systemsteuerung\Programme gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.02.2014, 23:16
| #1 |
| |  Bonanza Deals in Systemsteuerung\Programme gefunden Hallo Ihr Lieben. ich bin neu hier und habe Euer Forum durch Google gefunden, da ich beim deinstallieren einen Programms "Bonanza Deals" entdeckt habe und mich informieren wollte, um was es sich dabei handelt. Als BS nutze ich Win 7 Pro 64 bit. Ich hatte in letzter Zeit ständig Probleme mit Firefox, welches mir ständig abschmiert, und kann seit heute auch keine Savegames mehr laden bzw. lässt sich kein Spiel mehr starten, es hängt sich jedes auf. Heute habe ich mir eine 60 Tage Version Norton Internet Security installiert, welches auf der Treiber CD meines Boards dabei war. Gefunden wurde "Suspicios.Cloud.7.F", "WS.Trojan.H" und "bonanzadealslive.exe" welche Norton isoliert hat, die Probleme bestehen aber noch und "Bonanza Deals" ist auch noch installiert. Danach habe ich mir Avira heruntergeladen und installiert. Dieses findet die Datei "uninstaller.exe", Adware\InstallCore.Gen welches in Quarantäne geschoben wurde. Das folgende Logfile stammt vom Echtzeit-Scanner. Der System-Scanner lässt sich nicht starten und es kommt folgende Fehlermeldung: "Die Ausnahme "unknown software exception" (0xc0000417) ist in der Anwendung an der Stelle 0x7365af3e aufgetreten." Code:
ATTFilter 12.02.2014,19:35:43 [FEHLER] Laden der Komponente 'c:\program files (x86)\avira\antivir desktop\gavidb.dll' ist fehlgeschlagen (Fehlercode: 1060)!
12.02.2014,19:35:53 [INFO] ---------------------------------------------------------
12.02.2014,19:35:53 [INFO] Engine-Version: 8.2.12.164
12.02.2014,19:35:53 [INFO] VDF-Version: 7.11.70.0
12.02.2014,19:35:53 [INFO] APC-Version: 2.6.5.2
12.02.2014,19:35:53 [INFO] RDF-Version: 13.0.1.62
12.02.2014,19:35:53 [INFO] Echtzeit-Scanner-Version: 14.00.02.292
12.02.2014,19:35:54 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
12.02.2014,19:35:54 [INFO] Verwendete Konfiguration der Echtzeit-Scanner:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
12.02.2014,19:35:58 [INFO] Online-Dienste stehen zur Verfügung.
12.02.2014,19:36:03 [INFO] Verwendete Konfiguration der Echtzeit-Scanner:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
12.02.2014,19:37:51 [INFO] Update-Auftrag gestartet!
12.02.2014,19:38:03 [INFO] ---------------------------------------------------------
12.02.2014,19:38:03 [INFO] Engine-Version: 8.2.14.8
12.02.2014,19:38:03 [INFO] VDF-Version: 7.11.70.0
12.02.2014,19:38:03 [INFO] APC-Version: 2.6.5.2
12.02.2014,19:38:03 [INFO] RDF-Version: 14.0.3.26
12.02.2014,19:38:03 [INFO] Echtzeit-Scanner-Version: 14.00.02.292
12.02.2014,19:42:08 [INFO] Verwendete Konfiguration der Echtzeit-Scanner:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
12.02.2014,19:58:44 [FEHLER] Laden der Komponente 'c:\program files (x86)\avira\antivir desktop\gavidb.dll' ist fehlgeschlagen (Fehlercode: 1060)!
12.02.2014,20:00:19 [INFO] ---------------------------------------------------------
12.02.2014,20:00:19 [INFO] Engine-Version: 8.2.14.8
12.02.2014,20:00:19 [INFO] VDF-Version: 7.11.70.0
12.02.2014,20:00:19 [INFO] APC-Version: 2.6.5.2
12.02.2014,20:00:19 [INFO] RDF-Version: 14.0.3.26
12.02.2014,20:00:19 [INFO] Echtzeit-Scanner-Version: 14.00.02.292
12.02.2014,20:00:23 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
12.02.2014,20:00:28 [INFO] Verwendete Konfiguration der Echtzeit-Scanner:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
12.02.2014,20:00:32 [INFO] Online-Dienste stehen zur Verfügung.
12.02.2014,20:00:32 [FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen7!
C:\Users\Admin\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
12.02.2014,20:01:41 [FUND] Ist das Trojanische Pferd TR/Dropper.MSIL.Gen!
C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
12.02.2014,20:03:03 [FUND] Ist das Trojanische Pferd TR/Dropper.MSIL.Gen!
C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
12.02.2014,20:04:25 [FUND] Ist das Trojanische Pferd TR/Dropper.MSIL.Gen!
C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
12.02.2014,20:08:15 [FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen!
C:\Program Files (x86)\VideoConverter\Uninstall\__Uninstall_.exe
12.02.2014,20:08:16 [FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen!
C:\Users\Admin\AppData\Roaming\0D0S1L2Z1P1B\Video Converter Packages\uninstaller.exe
12.02.2014,20:32:23 [FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen!
C:\Users\Admin\AppData\Roaming\0D0S1L2Z1P1B\Video Converter Packages\uninstaller.exe
12.02.2014,20:49:54 [FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen!
C:\Users\Admin\AppData\Roaming\0D0S1L2Z1P1B\Video Converter Packages\uninstaller.exe
12.02.2014,21:15:43 [FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen!
C:\Users\Admin\AppData\Roaming\0D0S1L2Z1P1B\Video Converter Packages\uninstaller.exe
12.02.2014,21:49:10 [FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen!
C:\Users\Admin\AppData\Roaming\0D0S1L2Z1P1B\Video Converter Packages\uninstaller.exe
12.02.2014,21:59:27 [FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen!
C:\Users\Admin\AppData\Roaming\0D0S1L2Z1P1B\Video Converter Packages\uninstaller.exe
Defogger-Log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:49 on 12/02/2014 (Admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2014
Ran by Admin (administrator) on MIL_RS_WS001 on 12-02-2014 23:32:06
Running from C:\Users\Admin\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
() C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Broadcom Corporation) C:\Program Files (x86)\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(LucidLogix) C:\Program Files\Lucidlogix Technologies\VIRTU MVP\LucidSrv.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Broadcom Corporation) C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
() C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft) C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
(Siliten) C:\Program Files (x86)\SilverCrest MTS2219-SLN Driver\KbClient_FD2.exe
(Siliten) C:\Program Files (x86)\SilverCrest MTS2219-SLN Driver\MouClient_FD2.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Software Security System) C:\Program Files\Lucidlogix Technologies\VIRTU MVP\EKAG20NT.EXE
(LucidLogix) C:\Program Files\Lucidlogix Technologies\VIRTU MVP\lucidservices.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
() C:\Users\Admin\Downloads\Gmer-19357.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Seagate Scheduler2 Service] - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [395624 2011-06-30] (Seagate)
HKLM\...\Run: [VIRTU MVP] - C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe [3104488 2013-03-05] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] - C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2552856 2014-02-03] ()
HKLM-x32\...\Run: [DiscWizardMonitor.exe] - C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [2674104 2011-06-30] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Launch SilverCrest MTS2219-SLN-K] - C:\Program Files (x86)\SilverCrest MTS2219-SLN Driver\KbClient_FD2.exe [1424384 2010-10-29] (Siliten)
HKLM-x32\...\Run: [Launch SilverCrest MTS2219-SLN-M] - C:\Program Files (x86)\SilverCrest MTS2219-SLN Driver\MouClient_FD2.exe [862720 2010-10-29] (Siliten)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [676608 2013-06-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1757648 2014-01-06] (APN)
HKLM-x32\...\Run: [MobileConnect] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2499584 2010-03-25] (Vodafone)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [BrowserPlugInHelper] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe [1966992 2013-09-04] ()
HKLM-x32\...\Run: [Bonus.SSR.FR11] - C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [925960 2011-08-18] (ABBYY.)
HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [172600 2014-01-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-289391169-4248948918-1477503724-1000\...\Run: [RGSC] - D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-289391169-4248948918-1477503724-1000\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-03-28] (AMD)
HKU\S-1-5-21-289391169-4248948918-1477503724-1000\...\Run: [Steam] - D:\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\S-1-5-21-289391169-4248948918-1477503724-1000\...\MountPoints2: H - H:\SETUP.EXE
HKU\S-1-5-21-289391169-4248948918-1477503724-1000\...\MountPoints2: O - O:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-289391169-4248948918-1477503724-1000\...\MountPoints2: {133b6099-56d5-11e2-a159-bc5ff452f5e7} - H:\setup.exe
HKU\S-1-5-21-289391169-4248948918-1477503724-1000\...\MountPoints2: {45d9b1b9-7cae-11e2-9d88-806e6f6e6963} - I:\menue.exe
HKU\S-1-5-21-289391169-4248948918-1477503724-1000\...\MountPoints2: {4cec2463-569b-11e2-88cd-806e6f6e6963} - N:\ASRSetup.exe
HKU\S-1-5-21-289391169-4248948918-1477503724-1000\...\MountPoints2: {76f514ea-56a2-11e2-abfe-806e6f6e6963} - "O:\Install Navigator.exe"
HKU\S-1-5-21-289391169-4248948918-1477503724-1000\...\MountPoints2: {ae0b68fa-901f-11e3-8a11-806e6f6e6963} - I:\ASRSetup.exe
HKU\S-1-5-21-289391169-4248948918-1477503724-1000\...\MountPoints2: {d315038c-f44d-11e2-9e9f-bc5ff452f5e7} - O:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-289391169-4248948918-1477503724-1000\...\MountPoints2: {e090797d-8142-11e3-aae8-bc5ff452f5e7} - P:\MotorolaDeviceManagerSetup.exe -a
AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [502504 2013-03-05] (Lucidlogix Inc.)
AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [461032 2013-03-05] (Lucidlogix Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x06F3EDD2AEEACD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385265658&from=cor&uid=ST3000DM001-9YN166_W1F16D94XXXXW1F16D94&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1385265658&from=cor&uid=ST3000DM001-9YN166_W1F16D94XXXXW1F16D94&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385265658&from=cor&uid=ST3000DM001-9YN166_W1F16D94XXXXW1F16D94&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1385265658&from=cor&uid=ST3000DM001-9YN166_W1F16D94XXXXW1F16D94&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1385265658&from=cor&uid=ST3000DM001-9YN166_W1F16D94XXXXW1F16D94
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385265658&from=cor&uid=ST3000DM001-9YN166_W1F16D94XXXXW1F16D94&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385265658&from=cor&uid=ST3000DM001-9YN166_W1F16D94XXXXW1F16D94&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385265658&from=cor&uid=ST3000DM001-9YN166_W1F16D94XXXXW1F16D94&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385265658&from=cor&uid=ST3000DM001-9YN166_W1F16D94XXXXW1F16D94&q={searchTerms}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={ECAE491B-0DBE-4BEE-BEC5-45173288DDF0}&mid=b217545d48b647d0ba686d16b2b61c14-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=mt011&pr=sa&d=2013-01-04 21:15:15&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={ECAE491B-0DBE-4BEE-BEC5-45173288DDF0}&mid=b217545d48b647d0ba686d16b2b61c14-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=mt011&pr=sa&d=2013-01-04 21:15:15&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Wondershare Video Converter Ultimate - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll No File
BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Handler-x32: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\Windows\SysWOW64\btxppanel.dll (Broadcom Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7w7ptl1g.default-1362817222390
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7w7ptl1g.default-1362817222390\user.js
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Yahoo! Toolbar - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7w7ptl1g.default-1362817222390\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-08-20]
FF Extension: Ask Toolbar - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7w7ptl1g.default-1362817222390\Extensions\toolbar_SGT-V7@apn.ask.com.xpi [2013-08-20]
FF Extension: BonanzaDeals - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7w7ptl1g.default-1362817222390\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi [2013-12-18]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 [2014-01-08]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFF [2014-02-12]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ []
FF HKCU\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ []
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (BonanzaDeals) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj [2013-11-24]
CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx [2013-11-24]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\Extensions\Chrome.crx [2014-02-12]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-01-08]
==================== Services (Whitelisted) =================
R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [819976 2011-08-18] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-01-06] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [109112 2014-01-29] (Avira Operations GmbH & Co. KG)
R2 btwdins; C:\Program Files (x86)\WIDCOMM\Bluetooth Software\bin\btwdins.exe [163840 2004-10-01] (Broadcom Corporation)
R2 LucidSrv; C:\Program Files\Lucidlogix Technologies\VIRTU MVP\LucidSrv.exe [16616 2013-03-05] (LucidLogix)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-01-09] ()
R2 Time; C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [10752 2013-08-07] (Microsoft)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2010-03-25] (Vodafone)
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-08] (AVG Secure Search)
S4 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] ()
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [499856 2014-01-02] (Cherished Technololgy LIMITED)
==================== Drivers (Whitelisted) ====================
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-01-05] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-21] (Symantec Corporation)
S0 BTKRNL; C:\Windows\SysWOW64\drivers\btkrnl.sys [1241482 2004-10-01] (Broadcom Corporation)
S2 BTSERIAL; C:\Windows\SysWOW64\drivers\btserial.sys [23271 2004-10-01] (Broadcom Corporation)
S2 BTSLBCSP; C:\Windows\SysWOW64\drivers\btslbcsp.sys [222876 2004-10-01] (Broadcom Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-05] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-12] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20140211.001\IDSvia64.sys [521944 2014-02-11] (Symantec Corporation)
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-01-05] ()
R3 MouFilter_Mou_FlexDef4; C:\Windows\System32\DRIVERS\MouFilter_FlexDef4.sys [15360 2010-10-20] (Siliten)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20140212.002\ENG64.SYS [126040 2014-02-12] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20140212.002\EX64.SYS [2099288 2014-02-12] (Symantec Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
R1 SRTSP; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1309000.009\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309000.009\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2014-02-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation)
R3 SymNetS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-01-05] (Acronis)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
U3 kwdoyfoc; \??\C:\Users\Admin\AppData\Local\Temp\kwdoyfoc.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-12 23:09 - 2014-02-12 23:09 - 00011819 _____ () C:\Users\Admin\Documents\Gmer.txt
2014-02-12 22:56 - 2014-02-12 22:56 - 00380416 _____ () C:\Users\Admin\Downloads\Gmer-19357.exe
2014-02-12 22:51 - 2014-02-12 23:32 - 00028158 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-02-12 22:51 - 2014-02-12 23:32 - 00000000 ____D () C:\FRST
2014-02-12 22:51 - 2014-02-12 22:52 - 00037279 _____ () C:\Users\Admin\Downloads\Addition.txt
2014-02-12 22:50 - 2014-02-12 22:50 - 02152448 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2014-02-12 22:49 - 2014-02-12 22:49 - 00000542 _____ () C:\Users\Admin\Downloads\defogger_disable.log
2014-02-12 22:49 - 2014-02-12 22:49 - 00000168 _____ () C:\Users\Admin\defogger_reenable
2014-02-12 22:48 - 2014-02-12 22:48 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe
2014-02-12 22:46 - 2014-02-12 22:46 - 00009355 _____ () C:\Users\Admin\Documents\Bonanza Deals.txt
2014-02-12 19:36 - 2014-02-12 19:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Avira
2014-02-12 19:35 - 2013-12-18 09:32 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-12 19:35 - 2013-12-18 09:32 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-12 19:35 - 2013-12-18 09:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-12 19:26 - 2014-02-12 19:35 - 00000000 ____D () C:\ProgramData\Avira
2014-02-12 19:26 - 2014-02-12 19:35 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-02-12 19:26 - 2014-02-12 19:26 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-02-12 17:44 - 2014-02-12 19:26 - 04011472 _____ (Avira Operations GmbH & Co. KG) C:\Users\Admin\Downloads\avira_oe_client_antivirus_de.exe
2014-02-12 17:12 - 2014-02-12 17:12 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-02-12 17:11 - 2014-02-12 21:54 - 00175736 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-02-12 17:11 - 2014-02-12 21:54 - 00007488 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-02-12 17:11 - 2014-02-12 21:54 - 00000000 ____D () C:\Program Files\Symantec
2014-02-12 17:11 - 2014-02-12 21:53 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-02-12 17:11 - 2014-02-12 17:11 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-02-12 17:11 - 2014-02-12 17:11 - 00002573 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-02-12 17:11 - 2014-02-12 17:11 - 00000634 _____ () C:\Windows\KB942288-v3.log
2014-02-12 17:11 - 2014-02-12 17:11 - 00000000 ____D () C:\ProgramData\Norton
2014-02-12 17:11 - 2014-02-12 17:11 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-02-12 17:11 - 2014-02-12 17:11 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-02-12 16:58 - 2014-02-12 16:58 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-12 16:35 - 2014-02-12 16:35 - 00000857 _____ () C:\Users\Admin\Desktop\Men of War Vietnam.lnk
2014-02-05 02:12 - 2014-02-05 02:12 - 00000000 ____D () C:\Users\Admin\Documents\Eidos
2014-02-05 02:03 - 2014-02-05 02:03 - 00000000 ____D () C:\ProgramData\Eidos
2014-02-05 00:15 - 2014-02-05 00:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-04 09:52 - 2014-02-04 11:00 - 00031502 _____ () C:\Users\Admin\Documents\Rente_Schiller.odt
2014-02-04 09:03 - 2014-02-04 09:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ABBYY
2014-02-04 09:01 - 2014-02-04 09:01 - 00002865 _____ () C:\Users\Public\Desktop\ABBYY FineReader 11.lnk
2014-02-04 09:00 - 2014-02-04 09:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\ABBYY
2014-02-04 09:00 - 2014-02-04 09:01 - 00000000 ____D () C:\Program Files (x86)\ABBYY FineReader 11
2014-02-04 09:00 - 2014-02-04 09:00 - 00000000 ____D () C:\ProgramData\ABBYY
2014-02-04 08:53 - 2014-02-04 08:58 - 374860336 _____ () C:\Users\Admin\Downloads\ABBYY_FR11_PE_TRIAL.exe
2014-02-03 23:40 - 2014-02-11 02:00 - 00000000 ____D () C:\Users\Admin\Documents\Uni_Fernbedienung
2014-01-19 21:12 - 2014-01-19 21:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Motorola Mobility
2014-01-19 21:00 - 2014-01-19 21:00 - 00000000 ____D () C:\ProgramData\Motorola
2014-01-19 20:59 - 2014-01-19 20:59 - 00000000 ____D () C:\Program Files (x86)\Motorola Mobility
2014-01-19 20:59 - 2014-01-19 20:59 - 00000000 ____D () C:\Program Files (x86)\Motorola
2014-01-19 20:58 - 2014-01-19 20:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Motorola
2014-01-19 20:58 - 2014-01-19 20:58 - 00000000 ____D () C:\Program Files\Motorola Mobility LLC
2014-01-19 20:58 - 2014-01-19 20:58 - 00000000 ____D () C:\Program Files\Common Files\Motorola Shared
2014-01-19 20:56 - 2014-01-19 20:56 - 00054681 _____ () C:\Users\Admin\Downloads\stageline-preisliste-3216.html
2014-01-15 06:24 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 06:24 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 06:24 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 06:24 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 06:24 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 06:24 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 06:24 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 06:24 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 06:24 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-13 23:54 - 2014-01-13 23:54 - 00002212 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-01-13 23:53 - 2014-02-12 23:03 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-13 23:53 - 2014-02-12 19:59 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-13 23:53 - 2014-01-13 23:58 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-13 23:53 - 2014-01-13 23:58 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-13 23:53 - 2014-01-13 23:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-01-13 23:52 - 2014-01-13 23:53 - 00819144 _____ (Google Inc.) C:\Users\Admin\Downloads\GoogleEarthSetup.exe
==================== One Month Modified Files and Folders =======
2014-02-12 23:32 - 2014-02-12 22:51 - 00028158 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-02-12 23:32 - 2014-02-12 22:51 - 00000000 ____D () C:\FRST
2014-02-12 23:09 - 2014-02-12 23:09 - 00011819 _____ () C:\Users\Admin\Documents\Gmer.txt
2014-02-12 23:03 - 2014-01-13 23:53 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-12 23:02 - 2013-12-29 18:02 - 00000290 _____ () C:\Windows\Tasks\Bonanza.job
2014-02-12 22:59 - 2013-01-04 19:28 - 01269382 _____ () C:\Windows\WindowsUpdate.log
2014-02-12 22:56 - 2014-02-12 22:56 - 00380416 _____ () C:\Users\Admin\Downloads\Gmer-19357.exe
2014-02-12 22:52 - 2014-02-12 22:51 - 00037279 _____ () C:\Users\Admin\Downloads\Addition.txt
2014-02-12 22:50 - 2014-02-12 22:50 - 02152448 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2014-02-12 22:49 - 2014-02-12 22:49 - 00000542 _____ () C:\Users\Admin\Downloads\defogger_disable.log
2014-02-12 22:49 - 2014-02-12 22:49 - 00000168 _____ () C:\Users\Admin\defogger_reenable
2014-02-12 22:49 - 2013-01-04 19:28 - 00000000 ____D () C:\Users\Admin
2014-02-12 22:48 - 2014-02-12 22:48 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe
2014-02-12 22:46 - 2014-02-12 22:46 - 00009355 _____ () C:\Users\Admin\Documents\Bonanza Deals.txt
2014-02-12 22:40 - 2013-08-01 22:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-12 21:54 - 2014-02-12 17:11 - 00175736 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-02-12 21:54 - 2014-02-12 17:11 - 00007488 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-02-12 21:54 - 2014-02-12 17:11 - 00000000 ____D () C:\Program Files\Symantec
2014-02-12 21:53 - 2014-02-12 17:11 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-02-12 20:08 - 2009-07-14 05:45 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-12 20:08 - 2009-07-14 05:45 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-12 20:01 - 2013-01-04 20:29 - 00000344 _____ () C:\Windows\lgfwup.ini
2014-02-12 20:01 - 2013-01-04 20:29 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-02-12 20:00 - 2013-01-04 20:43 - 00000000 ____D () C:\Users\Admin\Lucidlogix
2014-02-12 19:59 - 2014-01-13 23:53 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-12 19:58 - 2013-06-08 00:12 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-02-12 19:58 - 2013-06-03 17:46 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-02-12 19:58 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-12 19:58 - 2009-07-14 05:51 - 00099889 _____ () C:\Windows\setupact.log
2014-02-12 19:57 - 2010-11-21 04:47 - 00103176 _____ () C:\Windows\PFRO.log
2014-02-12 19:36 - 2014-02-12 19:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Avira
2014-02-12 19:35 - 2014-02-12 19:26 - 00000000 ____D () C:\ProgramData\Avira
2014-02-12 19:35 - 2014-02-12 19:26 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-02-12 19:26 - 2014-02-12 19:26 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-02-12 19:26 - 2014-02-12 17:44 - 04011472 _____ (Avira Operations GmbH & Co. KG) C:\Users\Admin\Downloads\avira_oe_client_antivirus_de.exe
2014-02-12 19:26 - 2013-06-17 00:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-12 17:12 - 2014-02-12 17:12 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-02-12 17:11 - 2014-02-12 17:11 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-02-12 17:11 - 2014-02-12 17:11 - 00002573 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-02-12 17:11 - 2014-02-12 17:11 - 00000634 _____ () C:\Windows\KB942288-v3.log
2014-02-12 17:11 - 2014-02-12 17:11 - 00000000 ____D () C:\ProgramData\Norton
2014-02-12 17:11 - 2014-02-12 17:11 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-02-12 17:11 - 2014-02-12 17:11 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-02-12 16:58 - 2014-02-12 16:58 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-12 16:58 - 2013-07-19 10:30 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-12 16:38 - 2013-01-04 18:37 - 00000000 ____D () C:\Users\Admin\Documents\my games
2014-02-12 16:36 - 2013-01-04 23:54 - 01007414 _____ () C:\Windows\DirectX.log
2014-02-12 16:35 - 2014-02-12 16:35 - 00000857 _____ () C:\Users\Admin\Desktop\Men of War Vietnam.lnk
2014-02-12 16:24 - 2013-01-05 08:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\UseNeXT
2014-02-12 05:19 - 2013-04-22 00:25 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{346B0024-68CF-4019-95D2-7E226FA029E0}
2014-02-11 02:00 - 2014-02-03 23:40 - 00000000 ____D () C:\Users\Admin\Documents\Uni_Fernbedienung
2014-02-08 13:40 - 2013-03-10 00:51 - 00000000 ____D () C:\Users\Admin\Documents\Witcher 2
2014-02-07 19:01 - 2011-04-12 08:43 - 00696620 _____ () C:\Windows\system32\perfh007.dat
2014-02-07 19:01 - 2011-04-12 08:43 - 00147916 _____ () C:\Windows\system32\perfc007.dat
2014-02-07 19:01 - 2009-07-14 06:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-06 23:36 - 2013-08-05 03:06 - 00000000 ____D () C:\Users\Administrator
2014-02-06 00:03 - 2013-01-04 21:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-05 03:40 - 2013-08-01 22:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 03:40 - 2013-06-27 12:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 03:40 - 2013-06-27 12:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 02:12 - 2014-02-05 02:12 - 00000000 ____D () C:\Users\Admin\Documents\Eidos
2014-02-05 02:03 - 2014-02-05 02:03 - 00000000 ____D () C:\ProgramData\Eidos
2014-02-05 00:15 - 2014-02-05 00:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-04 11:00 - 2014-02-04 09:52 - 00031502 _____ () C:\Users\Admin\Documents\Rente_Schiller.odt
2014-02-04 09:06 - 2014-02-04 09:00 - 00000000 ____D () C:\Users\Admin\AppData\Local\ABBYY
2014-02-04 09:06 - 2013-01-04 19:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-02-04 09:03 - 2014-02-04 09:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ABBYY
2014-02-04 09:01 - 2014-02-04 09:01 - 00002865 _____ () C:\Users\Public\Desktop\ABBYY FineReader 11.lnk
2014-02-04 09:01 - 2014-02-04 09:00 - 00000000 ____D () C:\Program Files (x86)\ABBYY FineReader 11
2014-02-04 09:00 - 2014-02-04 09:00 - 00000000 ____D () C:\ProgramData\ABBYY
2014-02-04 08:58 - 2014-02-04 08:53 - 374860336 _____ () C:\Users\Admin\Downloads\ABBYY_FR11_PE_TRIAL.exe
2014-02-04 08:30 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-02-03 22:19 - 2013-01-04 21:15 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-02-01 00:02 - 2014-01-08 00:02 - 00000127 _____ () C:\Users\Admin\AppData\Roaming\WB.CFG
2014-01-28 19:59 - 2013-01-05 04:40 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2014-01-19 22:19 - 2013-07-19 10:30 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-01-19 22:19 - 2013-04-24 13:28 - 00000000 ____D () C:\ProgramData\mvp
2014-01-19 22:19 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-01-19 22:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-01-19 21:12 - 2014-01-19 21:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Motorola Mobility
2014-01-19 21:00 - 2014-01-19 21:00 - 00000000 ____D () C:\ProgramData\Motorola
2014-01-19 20:59 - 2014-01-19 20:59 - 00000000 ____D () C:\Program Files (x86)\Motorola Mobility
2014-01-19 20:59 - 2014-01-19 20:59 - 00000000 ____D () C:\Program Files (x86)\Motorola
2014-01-19 20:59 - 2013-01-06 23:37 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-01-19 20:59 - 2013-01-04 19:28 - 00000000 ____D () C:\Users\Admin\AppData\Local\VirtualStore
2014-01-19 20:58 - 2014-01-19 20:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Motorola
2014-01-19 20:58 - 2014-01-19 20:58 - 00000000 ____D () C:\Program Files\Motorola Mobility LLC
2014-01-19 20:58 - 2014-01-19 20:58 - 00000000 ____D () C:\Program Files\Common Files\Motorola Shared
2014-01-19 20:56 - 2014-01-19 20:56 - 00054681 _____ () C:\Users\Admin\Downloads\stageline-preisliste-3216.html
2014-01-16 07:32 - 2009-07-14 05:45 - 00417744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:01 - 2013-08-16 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 03:00 - 2013-04-24 16:54 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 23:19 - 2013-01-09 22:10 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-01-14 23:19 - 2013-01-09 21:12 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-13 23:58 - 2014-01-13 23:53 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-13 23:58 - 2014-01-13 23:53 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-13 23:54 - 2014-01-13 23:54 - 00002212 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-01-13 23:54 - 2014-01-13 23:53 - 00000000 ____D () C:\Program Files (x86)\Google
2014-01-13 23:54 - 2013-03-26 02:42 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-01-13 23:53 - 2014-01-13 23:52 - 00819144 _____ (Google Inc.) C:\Users\Admin\Downloads\GoogleEarthSetup.exe
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\6q6u49mc.dll
C:\Users\Admin\AppData\Local\Temp\7za.exe
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Admin\AppData\Local\Temp\avguidx.dll
C:\Users\Admin\AppData\Local\Temp\CRCCheck.exe
C:\Users\Admin\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Admin\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\Admin\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\Admin\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\Admin\AppData\Local\Temp\Lucidlogix VIRTU MVP Setup_64Bit_2.1.110.20705.exe
C:\Users\Admin\AppData\Local\Temp\Lucidlogix VIRTU MVP_2.1.224.26520 Setup_64Bit.exe
C:\Users\Admin\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Admin\AppData\Local\Temp\MotoCast_Installer_2.0405.exe
C:\Users\Admin\AppData\Local\Temp\msvcr80.dll
C:\Users\Admin\AppData\Local\Temp\MxUpdater.exe
C:\Users\Admin\AppData\Local\Temp\oi_{B384CEB2-57B7-4428-9FBE-4CD6EE891F3E}.exe
C:\Users\Admin\AppData\Local\Temp\SimPack.exe
C:\Users\Admin\AppData\Local\Temp\tmp1D93.tmp.exe
C:\Users\Admin\AppData\Local\Temp\ubi46C1.tmp.exe
C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
C:\Users\Admin\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Admin\AppData\Local\Temp\zlib1.dll
C:\Users\Admin\AppData\Local\Temp\_is1AE4.exe
C:\Users\Admin\AppData\Local\Temp\_isAE2A.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-09 10:50
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2014
Ran by Admin at 2014-02-12 22:51:39
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
3DMark 11 (x32 Version: 1.0.5 - Futuremark Corporation)
ABBYY FineReader 11 (x32 Version: 11.0.289 - ABBYY)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (x32 Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 13.10.100.30604 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0604.1838.31590 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80604.1838 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.12 - Advanced Micro Devices, Inc.) Hidden
Any Video Converter 5.0.5 (x32 Version: - Any-Video-Converter.com)
Apple Application Support (x32 Version: 2.3.4 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Application Profiles (x32 Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
ArmA 2 Uninstall (x32 Version: - )
Ask Toolbar (x32 Version: 12.10.2.3526 - APN, LLC) <==== ATTENTION
Asmedia ASM106x SATA Host Controller Driver (x32 Version: 1.3.1.000 - Asmedia Technology)
ASRock 3TB+ Unlocker v1.0 (Version: - ASRock Inc.)
Assassin's Creed (x32 Version: 1.02 - Ubisoft)
AVG Security Toolbar (x32 Version: 17.3.0.49 - AVG Technologies)
Avira (x32 Version: 1.0.5142.23462 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (x32 Version: 14.0.2.344 - Avira)
Baldur's Gate - Enhanced Edition (x32 Version: - )
BattlEye Uninstall (x32 Version: - )
Bonanza Deals (remove only) (x32 Version: 5.0.1.0 - Bonanza Deals) <==== ATTENTION
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.02 - Piriform)
Citadels (x32 Version: - bitComposer Games)
Cities XL (x32 Version: 1.0.0 - Monte Cristo Games)
Company of Heroes 2 v3.0.0.9704 *GERMAN* (x32 Version: 1 - )
CPU-Control (x32 Version: - Koma-Code)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5220 - CyberLink Corp.)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5220 - CyberLink Corp.) Hidden
CyberLink Media Suite 8 (x32 Version: 8.0.2820b - CyberLink Corp.)
CyberLink Media Suite 8 (x32 Version: 8.0.2820b - CyberLink Corp.) Hidden
CyberLink Power2Go 7 (x32 Version: 7.0.0.2719b - CyberLink Corp.)
CyberLink Power2Go 7 (x32 Version: 7.0.0.2719b - CyberLink Corp.) Hidden
CyberLink PowerBackup 2.5 (x32 Version: 2.5.9102 - CyberLink Corp.)
CyberLink YouCam 3.1 (x32 Version: 3.1.5324 - CyberLink Corp.)
CyberLink YouCam 3.1 (x32 Version: 3.1.5324 - CyberLink Corp.) Hidden
DAEMON Tools Lite (x32 Version: 4.46.1.0327 - DT Soft Ltd)
Dead Island Ultimate Zombie Edition MULTI - 7 1.0 (x32 Version: - )
Divinity II - Ego Draconis (x32 Version: - dtp)
Dracula Origin (x32 Version: - )
EAX4 Unified Redist (x32 Version: 4.001 - Creative Labs)
Far Cry 3 (x32 Version: 1.01 - Ubisoft)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.29.0 - MAGIX AG)
FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25) - Martijn de Visser)
Free YouTube Download version 3.2.1.319 (x32 Version: 3.2.1.319 - DVDVideoSoft Ltd.)
Futuremark SystemInfo (x32 Version: 4.17.0 - Futuremark Corporation)
Geeks3D FurMark 1.11.0 (x32 Version: - Geeks3D)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0002.135 - Rockstar Games Inc.) Hidden
Grand Theft Auto: Episodes From Liberty City (x32 Version: 1.1.0.0 - Rockstar Games)
HD Tune Pro 5.00 (x32 Version: - EFD Software)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (x32 Version: - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214 - Intel Corporation)
ISO Recorder (Version: 3.1.0 - Alex Feinman)
Jagged Alliance - Back in Action (x32 Version: - )
K-Lite Codec Pack 9.7.5 (64-bit) (Version: 9.7.5 - )
L.A. Noire (x32 Version: 1.00.0000 - Rockstar Games)
LG ODD Auto Firmware Update (x32 Version: 10.01.0712.01 - )
Mafia II (x32 Version: 1.0 - Take-Two Interactive Software, Inc.)
MAGIX Foto Manager 10 (x32 Version: 8.0.1.141 - MAGIX AG)
MAGIX Foto Manager 10 (x32 Version: 8.0.1.141 - MAGIX AG) Hidden
MAGIX Music Maker Silver (x32 Version: 17.0.2.10 - MAGIX AG)
MAGIX Music Maker Silver (x32 Version: 17.0.2.10 - MAGIX AG) Hidden
MAGIX Online Druck Service (x32 Version: 1.1.0 - myphotobook GmbH) Hidden
MAGIX Online Druck Service (x32 Version: 1.1.0-478 - myphotobook GmbH)
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG)
MAGIX Video easy SE (x32 Version: 1.0.4.6 - MAGIX AG)
MAGIX Video easy SE (x32 Version: 1.0.4.6 - MAGIX AG) Hidden
McAfee Security Scan Plus (Version: 3.8.141.11 - McAfee, Inc.)
Men of War (Nur entfernen) (x32 Version: 1.11.3.0 - 505games)
Men of War Red Tide German Hotfix Version 1.0.0.1 (x32 Version: 1.0.0.1 - 1C Company)
Men of War: Assault Squad (Nur entfernen) (x32 Version: 1.90.4.0 - 1C Company)
Men of War: Condemned Heroes (x32 Version: 1.00.1 - 1C Company)
Men of War: Vietnam (Nur entfernen) (x32 Version: 1.0.0.0 - Morphicon Limited)
Metro: Last Light (c) Deep Silver version 1 (x32 Version: 1 - )
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Excel Viewer (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Works (x32 Version: 08.04.0702 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 7.6 (x32 Version: - MiniTool Solution Ltd.)
Mozilla Firefox 27.0 (x86 de) (x32 Version: 27.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0 - Mozilla)
MPC-HC 1.6.5.6366 (64-bit) (Version: 1.6.5.6366 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
mufin player 2.0 (x32 Version: 2.0.3.680 - mufin GmbH)
mufin player 2.0 (x32 Version: 2.0.3.680 - mufin GmbH) Hidden
Norton Internet Security (x32 Version: 19.1.0.28 - Symantec Corporation)
Notepad++ (x32 Version: 6.3.3 - Notepad++ Team)
NVIDIA PhysX (x32 Version: 9.10.0512 - NVIDIA Corporation)
Omerta - City of Gangsters (x32 Version: 2.1.0.9 - GOG.com)
OpenAL (x32 Version: - )
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593 - Apache Software Foundation)
Patrizier IV (x32 Version: 1.3.0.0 - Kalypso Media)
Port Royale 3 (x32 Version: 1.0.0.0 - Gaming Minds Studios GmbH)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
QuickPar 0.9 (x32 Version: 0.9 - Peter B. Clements)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Risen (x32 Version: 1.00.0000 - Deep Silver)
Rockstar Games Social Club (x32 Version: 1.0.0.0 - Rockstar Games)
Rome - Total War - Gold Edition (x32 Version: 1.6 - The Creative Assembly)
R-Studio 5.0 (x32 Version: 5.0.129021 - R-Tools Technology Inc.)
Seagate DiscWizard (x32 Version: 13.0.14387 - Seagate)
SeaTools for Windows (x32 Version: 1.2.0.7 - Seagate Technology)
Shellshock 2 (x32 Version: - )
SilverCrest MTS2219-SLN Driver (x32 Version: 1.0 - SilverCrest)
Sleeping Dogs Game Of The Year (30 DLCs) 1.0 (x32 Version: 1.0 - .x.X.RIDDICK.X.x.)
Star Wars Empire at War Gold Pack (x32 Version: - )
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TechPowerUp GPU-Z (x32 Version: - TechPowerUp)
The Witcher 2 - Assassins of Kings Enhanced Edition (x32 Version: - GOG.com)
Tom Clancy's Splinter Cell Double Agent (x32 Version: 1.00.0000 - Ubisoft)
Torchlight (x32 Version: 1.15 - JoWooD)
Total War: ROME II - Caesar in Gaul (x32 Version: 1 - )
Update &1 für Spiel Men of War (x32 Version: 1.11.3.0 - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update_for_BonanzaDeals (HKCU Version: - Update_for_BonanzaDeals) <==== ATTENTION
Uplay (x32 Version: 2.0 - Ubisoft)
UseNeXT (x32 Version: - Tangysoft Ltd.)
Video Converter (HKCU Version: - )
Video Converter Packages (HKCU Version: - ) <==== ATTENTION
VIRTU MVP 2.1.224 (Version: 2.1.224 - Lucidlogix Technologies LTD)
VLC media player 2.0.4 (Version: 2.0.4 - VideoLAN)
Vodafone Mobile Connect Lite (x32 Version: 9.4.9.22273 - Vodafone)
WD SmartWare (Version: 1.4.1.1 - Western Digital)
WIDCOMM Bluetooth Software (x32 Version: 3.0.1.912 - WIDCOMM, Inc.)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
Wondershare Video Converter Ultimate(Build 6.6.0.5) (x32 Version: 6.6.0.5 - Wondershare Software)
WPM17.8.0.3297 (x32 Version: 17.8.0.3297 - Cherished Technololgy LIMITED) <==== ATTENTION
X - Beyond the Frontier v2.2 (x32 Version: - EGOSOFT)
X - Tension v2.2 (x32 Version: - EGOSOFT)
YTD Video Downloader 4.3 (x32 Version: 4.3 - GreenTree Applications SRL)
==================== Restore Points =========================
07-02-2014 23:34:55 Windows Update
11-02-2014 07:59:00 Windows Update
12-02-2014 11:07:09 DirectX wurde installiert
12-02-2014 15:35:20 DirectX wurde installiert
12-02-2014 19:05:27 Avira Free Antivirus - 12.02.2014 20:05
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0E34D04A-1CAA-4316-9D11-04035975445E} - System32\Tasks\BonanzaDealsUpdate => C:\Program <==== ATTENTION
Task: {153230AA-BB84-49CC-91C5-1546FF961472} - System32\Tasks\Bonanza => C:\Users\Admin\AppData\Roaming\Bonanza\UpdateProc\UpdateTask.exe [2013-04-30] ()
Task: {4A480AB0-85EE-470D-A294-E3325314F903} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.)
Task: {4F9390E8-617E-43C2-903B-D1E62020113C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.)
Task: {508D0FF6-051F-4B50-A822-8EB38D6B0BDF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {68646267-99BB-4E2F-AB3C-D1B3B30595C3} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe [2011-08-11] (Symantec Corporation)
Task: {6CE236CF-6372-4E35-B94E-FAD5A2B65167} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe [2011-08-11] (Symantec Corporation)
Task: {87CB9502-0B05-4AAF-8450-2C66C36F547B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-06-14] (CyberLink)
Task: {94F9F1AF-7F53-4727-8811-F32AD8D6A2CE} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{2B56DB47-5F02-4966-B5C1-C4143EE794F0}.exe
Task: {99AB83CF-5A5F-4096-BA2E-69F8BCC01FFF} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe [2011-08-13] (Symantec Corporation)
Task: {A143433E-9D73-440C-8649-7DCFB8C7408B} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File
Task: {D6E73B04-B996-4302-8D45-BFB249010611} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {E50B54B2-CB4F-41EB-87D4-D617BE21C7DE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {F07459F3-AEB3-4B58-891F-2C0941D24C18} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{1050B52B-B398-453D-8707-3930064A7B8F}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{2B56DB47-5F02-4966-B5C1-C4143EE794F0}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{1050B52B-B398-453D-8707-3930064A7B8F}.exe
Task: C:\Windows\Tasks\Bonanza.job => C:\Users\Admin\AppData\Roaming\Bonanza\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-06-30 15:54 - 2011-06-30 15:54 - 01233720 _____ () C:\Program Files (x86)\Seagate\DiscWizard\tishell64.dll
2013-11-24 05:17 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-04-24 13:28 - 2013-03-05 17:20 - 03104488 _____ () C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
2013-04-24 13:28 - 2013-03-05 17:20 - 00148712 _____ () C:\Program Files\Lucidlogix Technologies\VIRTU MVP\GuiCommon.dll
2013-01-04 19:58 - 2012-01-05 10:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-04 21:15 - 2014-02-03 22:19 - 02552856 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2011-06-30 15:52 - 2011-06-30 15:52 - 02674104 _____ () C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
2014-02-12 19:35 - 2013-12-18 09:32 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2004-10-01 15:13 - 2004-10-01 15:13 - 00053248 _____ () C:\Program Files (x86)\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-01-09 21:12 - 2013-01-09 21:12 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-01-08 19:29 - 2014-01-08 19:29 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2011-06-30 15:52 - 2011-06-30 15:52 - 00071008 _____ () C:\Program Files (x86)\Seagate\DiscWizard\Common\rpc_client.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-01-05 07:29 - 2010-09-03 14:31 - 00053248 _____ () C:\Program Files (x86)\SilverCrest MTS2219-SLN Driver\UniFunc.dll
2014-01-08 19:29 - 2014-01-08 19:29 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-01-29 13:04 - 2014-01-29 13:04 - 00300088 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-02-12 19:35 - 2014-01-29 13:04 - 00039480 _____ () C:\Users\Admin\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-02-12 19:36 - 2014-01-29 13:04 - 00300088 _____ () C:\Users\Admin\AppData\Local\Temp\avgnt.exe\Avira.OE.NativeCore.dll
2014-01-29 13:04 - 2014-01-29 13:04 - 00077368 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2013-08-16 02:31 - 2013-08-16 02:31 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll
2013-01-04 20:10 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2012-12-18 20:08 - 2012-12-18 20:08 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
2014-02-05 00:15 - 2014-02-05 00:15 - 03583600 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-05 03:40 - 2014-02-05 03:40 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Admin\Downloads\Backe_backe_KELLOGG_SX.eml:OECustomProperty
AlternateDataStreams: C:\Users\Admin\Downloads\Bitte_um_Rückruf_bzgl_eBay_AZ_S44110.eml:OECustomProperty
AlternateDataStreams: C:\Users\Admin\Downloads\Ihre_Bestellung_bei_getgoods_de.eml:OECustomProperty
AlternateDataStreams: C:\Users\Admin\Downloads\Kellogg_s_FrXhstXck_fertig_los(1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Admin\Downloads\Kellogg_s_FrXhstXck_fertig_los.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/12/2014 10:03:00 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi
Error: (02/12/2014 09:30:42 PM) (Source: Application Hang) (User: )
Description: Programm vietnam.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1654
Startzeit: 01cf2831209a4a9b
Endzeit: 91
Anwendungspfad: D:\Morphicon Limited\Men of War Vietnam\vietnam.exe
Berichts-ID:
Error: (02/12/2014 09:03:00 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi
Error: (02/12/2014 08:15:14 PM) (Source: Application Hang) (User: )
Description: Programm vietnam.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1804
Startzeit: 01cf2826a284cac2
Endzeit: 94
Anwendungspfad: D:\Morphicon Limited\Men of War Vietnam\vietnam.exe
Berichts-ID:
Error: (02/12/2014 08:03:09 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi
Error: (02/12/2014 08:01:12 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (02/12/2014 08:00:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/12/2014 08:00:01 PM) (Source: VMCService) (User: )
Description: conflictManagerTypeValue
Error: (02/12/2014 07:26:07 PM) (Source: Application Hang) (User: )
Description: Programm ccSvcHst.exe, Version 11.1.0.16 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: aa4
Startzeit: 01cf280e9406a6ef
Endzeit: 10
Anwendungspfad: C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
Berichts-ID: 1e27c3e1-9413-11e3-a86c-bc5ff452f5e7
Error: (02/12/2014 07:03:00 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi
System errors:
=============
Error: (02/12/2014 08:00:57 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
Error: (02/12/2014 08:00:50 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BTKRNL
Error: (02/12/2014 07:58:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Port Client Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (02/12/2014 07:58:41 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\btslbcsp.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (02/12/2014 07:58:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Serial Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (02/12/2014 07:58:41 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\btserial.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (02/12/2014 07:57:46 PM) (Source: Ntfs) (User: )
Description: Auf dem Volume "L:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (02/12/2014 07:58:05 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 12.02.2014 um 19:56:53 unerwartet heruntergefahren.
Error: (02/12/2014 05:24:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BonanzaDealsLive-Dienst (bonanzadealslive)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/12/2014 05:22:34 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BTKRNL
Microsoft Office Sessions:
=========================
Error: (02/12/2014 10:03:00 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (02/12/2014 09:30:42 PM) (Source: Application Hang)(User: )
Description: vietnam.exe1.0.0.0165401cf2831209a4a9b91D:\Morphicon Limited\Men of War Vietnam\vietnam.exe
Error: (02/12/2014 09:03:00 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (02/12/2014 08:15:14 PM) (Source: Application Hang)(User: )
Description: vietnam.exe1.0.0.0180401cf2826a284cac294D:\Morphicon Limited\Men of War Vietnam\vietnam.exe
Error: (02/12/2014 08:03:09 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (02/12/2014 08:01:12 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
Error: (02/12/2014 08:00:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/12/2014 08:00:01 PM) (Source: VMCService)(User: )
Description: conflictManagerTypeValue
Error: (02/12/2014 07:26:07 PM) (Source: Application Hang)(User: )
Description: ccSvcHst.exe11.1.0.16aa401cf280e9406a6ef10C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe1e27c3e1-9413-11e3-a86c-bc5ff452f5e7
Error: (02/12/2014 07:03:00 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
==================== Memory info ===========================
Percentage of memory in use: 34%
Total physical RAM: 8087.04 MB
Available physical RAM: 5273.98 MB
Total Pagefile: 16172.26 MB
Available Pagefile: 12555.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:199.9 GB) (Free:22.48 GB) NTFS
Drive d: (Spiele) (Fixed) (Total:500 GB) (Free:17.57 GB) NTFS
Drive e: (Downloads) (Fixed) (Total:1000 GB) (Free:10.5 GB) NTFS
Drive f: (Musik) (Fixed) (Total:348 GB) (Free:2.13 GB) NTFS
Drive g: (Movies) (Fixed) (Total:746.51 GB) (Free:7.86 GB) NTFS
Drive h: (MOWVIETNAM) (CDROM) (Total:2.47 GB) (Free:0 GB) UDF
Drive j: (Programme) (Fixed) (Total:150 GB) (Free:0.97 GB) NTFS
Drive k: (Spiele) (Fixed) (Total:300 GB) (Free:2.93 GB) NTFS
Drive l: (Archiv) (Fixed) (Total:180.99 GB) (Free:0 GB) NTFS
Drive m: (SharedFiles) (Fixed) (Total:100.01 GB) (Free:2.23 GB) NTFS
Drive n: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive o: (SAMSUNG SSD) (CDROM) (Total:0.04 GB) (Free:0 GB) UDF
Drive p: () (Fixed) (Total:232.66 GB) (Free:192.06 GB) NTFS
Drive q: (Neues Win) (Fixed) (Total:200.51 GB) (Free:4.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive r: (Media) (Fixed) (Total:372.6 GB) (Free:15.65 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2048 GB) (Disk ID: 444C544E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-214753575424) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 00000000)
Partition: GPT Partition Type
========================================================
Disk: 2 (Size: 932 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=201 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=731 GB) - (Type=OF Extended)
========================================================
Disk: 3 (Size: 373 GB) (Disk ID: 0001FC3D)
Partition 1: (Active) - (Size=373 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (Size: 747 GB) (Disk ID: 24B3C74F)
Partition 1: (Not Active) - (Size=747 GB) - (Type=OF Extended)
==================== End Of Log ============================
Gmer-Log Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-12 23:09:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 ST3000DM rev.CC4B 2048,00GB
Running: Gmer-19357.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kwdoyfoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033bd000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800033bd02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\ProgramData\WPM\wprotectmanager.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077061465 2 bytes [06, 77]
.text C:\ProgramData\WPM\wprotectmanager.exe[1376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770614bb 2 bytes [06, 77]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[3628] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073c91a22 2 bytes [C9, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3628] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073c91ad0 2 bytes [C9, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3628] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073c91b08 2 bytes [C9, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3628] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073c91bba 2 bytes [C9, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3628] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073c91bda 2 bytes [C9, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077061465 2 bytes [06, 77]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770614bb 2 bytes [06, 77]
.text ... * 2
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077061465 2 bytes [06, 77]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770614bb 2 bytes [06, 77]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077061465 2 bytes [06, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770614bb 2 bytes [06, 77]
.text ... * 2
.text C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe[3956] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077061465 2 bytes [06, 77]
.text C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe[3956] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770614bb 2 bytes [06, 77]
.text ... * 2
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077061465 2 bytes [06, 77]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770614bb 2 bytes [06, 77]
.text ... * 2
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[4432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077061465 2 bytes [06, 77]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[4432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770614bb 2 bytes [06, 77]
.text ... * 2
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077061465 2 bytes [06, 77]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770614bb 2 bytes [06, 77]
.text ... * 2
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[4588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077061465 2 bytes [06, 77]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[4588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770614bb 2 bytes [06, 77]
.text ... * 2
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[5208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077061465 2 bytes [06, 77]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[5208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770614bb 2 bytes [06, 77]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [3312:3316] 00000000013a0a14
Thread C:\Windows\SysWOW64\ntdll.dll [3312:4224] 000000006bbae096
Thread C:\Windows\SysWOW64\ntdll.dll [3312:4016] 0000000066a30eb8
Thread C:\Windows\SysWOW64\ntdll.dll [3312:1980] 0000000066a30eb8
Thread C:\Windows\SysWOW64\ntdll.dll [3312:1904] 0000000066a30eb8
Thread C:\Windows\SysWOW64\ntdll.dll [3312:4476] 000000006bee3ce9
Thread C:\Windows\SysWOW64\ntdll.dll [3312:4128] 0000000072108d99
Thread C:\Windows\SysWOW64\ntdll.dll [3312:5556] 0000000072084b0d
Thread C:\Windows\SysWOW64\ntdll.dll [3312:6688] 000000005fec1854
Thread C:\Windows\SysWOW64\ntdll.dll [1196:1692] 00000000013a0a14
Thread C:\Windows\SysWOW64\ntdll.dll [1196:4892] 000000006524143d
Thread C:\Windows\SysWOW64\ntdll.dll [1196:4232] 000000007255a3e0
Thread C:\Windows\SysWOW64\ntdll.dll [1196:3116] 000000006bbae096
---- Processes - GMER 2.1 ----
Process C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe (*** suspicious ***) @ C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [3956] (Time Service/Microsoft)(2013-08-06 14:52:00) 0000000000320000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272cb028b
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272cb028b (not active ControlSet)
---- EOF - GMER 2.1 ----
Vielen Dank im Voraus Geändert von snakebite (13.02.2014 um 00:07 Uhr) Grund: Ausbessern |
Baum-Darstellung