Trojaner-Board - Sparkasse Sicherheitscontrolle

FRST

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01

Ran by Saturn (administrator) on ALPER-PC on 12-05-2014 18:09:57

Running from C:\Users\Saturn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5PFANW5U

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe

(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe

(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe

(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Windows\System32\osk.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)

HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)

HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-22] (Egis Technology Inc.)

HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)

HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)

HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)

HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-04-08] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)

HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)

HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files (x86)\Symantec <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

HKU\S-1-5-21-950273402-164745678-1594940136-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)

HKU\S-1-5-21-950273402-164745678-1594940136-1001\...\Run: [ijglep] => regsvr32.exe "C:\ProgramData\ijglep.dat"

AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-03-31] (NVIDIA Corporation)

AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [193128 2011-03-31] (NVIDIA Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 - {5a15c091-f3c2-4c8f-8964-e3434a2a4a95} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZJ^xpt251^YY^de&si=begin-download&ptb=645EE94D-B4B4-46AE-ABD9-D69FADE68BFD&ind=2013051213&n=77fcb94d&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKCU - DefaultScope {C0FAF04C-24E1-4133-8D78-F0FFB1CD1C1D} URL = hxxp://www.google.at/search?q={searchTerms}&rlz=

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {5a15c091-f3c2-4c8f-8964-e3434a2a4a95} URL = 

SearchScopes: HKCU - {C0FAF04C-24E1-4133-8D78-F0FFB1CD1C1D} URL = hxxp://www.google.at/search?q={searchTerms}&rlz=

SearchScopes: HKCU - {C9BFD39A-84E3-494D-AE6D-41ED7913625D} URL = hxxp://www.google.de/#output=search&sclient=psy-ab&q={searchTerms}&oq={searchTerms}&gs_l=hp.12..0l4.1888.3865.0.6336.4.4.0.0.0.0.93.360.4.4.0....0...1c.1.19.psy-ab.G8NMYofNwmU&pbx=1&bav=on.2,or.r_qf.&bvm=bv.48705608,d.Yms&fp=dc15fe3d09052815&biw=1366&bih=673

SearchScopes: HKCU - {F5BEC497-23EC-4FFC-9895-35709C57B978} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A012DE80032&p={SearchTerms}

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: No Name - {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} -  No File

BHO-x32: No Name - {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} -  No File

Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File

Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File

DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: HKLM-x32 {3A5EF8E2-34B2-4B01-962B-FF430245CCA4} hxxp://192.168.2.104/IPCamPluginDM.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Saturn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Saturn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 

Chrome: 

=======

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

CHR Extension: (Shopping Suggestion) - C:\Users\Saturn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbpjlaagejfakeobljhgplbgklgemll [2014-01-13]

CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2013-07-06]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-04-08] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-04-08] (Avira Operations GmbH & Co. KG)

S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)

R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)

R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
 

==================== Drivers (Whitelisted) ====================
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-06] (Avira Operations GmbH & Co. KG)

S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-05-12 18:09 - 2014-05-12 18:09 - 00000000 ____D () C:\FRST

2014-05-12 16:44 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE

2014-05-12 16:37 - 2014-05-12 16:44 - 00012256 _____ () C:\Windows\IE11_main.log

2014-05-12 15:23 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2014-05-12 15:21 - 2014-05-12 15:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-12 15:21 - 2014-05-12 15:21 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-12 15:21 - 2014-05-12 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-12 15:21 - 2014-05-12 15:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-12 15:21 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-12 15:21 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-12 15:21 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-12 14:45 - 2014-05-12 17:34 - 01396215 _____ () C:\Windows\WindowsUpdate.log

2014-05-12 14:30 - 2014-05-12 14:45 - 00000000 ____D () C:\Windows\erdnt

2014-05-12 14:11 - 2014-05-12 14:11 - 01325827 _____ () C:\Users\Saturn\Downloads\2-adwcleaner

2014-05-12 13:50 - 2014-05-12 13:51 - 00000000 ____D () C:\ProgramData\Max Secure

2014-05-12 13:34 - 2014-05-12 13:34 - 00000000 ____D () C:\Users\Saturn\AppData\Roaming\GetRightToGo

2014-05-12 12:12 - 2014-05-12 17:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-12 12:12 - 2014-05-12 12:12 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-05-12 12:12 - 2014-05-12 12:12 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-12 12:12 - 2014-05-12 12:12 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-12 12:08 - 2014-05-12 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-05-12 12:08 - 2014-05-12 12:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-05-12 12:08 - 2014-05-12 12:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-05-12 12:07 - 2014-05-12 12:07 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-05-12 12:07 - 2014-05-12 12:07 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-05-12 12:07 - 2014-05-12 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-05-10 10:10 - 2014-05-10 10:10 - 00000000 ____D () C:\ProgramData\SetupTemp_1

2014-05-10 10:10 - 2014-05-10 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3200 series

2014-05-10 10:10 - 2014-05-10 10:10 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool

2014-05-10 10:09 - 2014-05-10 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3200 series Benutzerregistrierung

2014-05-10 09:49 - 2014-05-10 09:49 - 00000000 ____D () C:\Program Files\Canon

2014-05-10 09:48 - 2014-05-10 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3200 series Manual

2014-05-09 10:15 - 2014-05-12 12:07 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-05-09 10:15 - 2014-05-12 12:07 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-05-09 10:15 - 2014-05-09 10:15 - 00000000 ____D () C:\Program Files\Java

2014-05-09 09:58 - 2014-05-09 09:58 - 00000000 ____D () C:\Users\Saturn\AppData\Roaming\TrojanHunter

2014-05-09 09:56 - 2014-05-09 09:59 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5

2014-05-09 09:56 - 2014-05-09 09:56 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll

2014-05-08 14:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-05-08 14:22 - 2014-05-12 14:24 - 00000000 ____D () C:\AdwCleaner

2014-05-06 15:37 - 2014-05-12 15:48 - 00000000 ____D () C:\ProgramData\a2snbz.cpp

2014-04-30 09:47 - 2014-04-30 09:47 - 00000000 _____ () C:\Users\Saturn\Desktop\Dr Grünholz, Muzaffer, 01.07., 9.30uhr.txt

2014-04-30 09:25 - 2014-04-30 09:25 - 00000000 _____ () C:\Users\Saturn\Desktop\HNO, Muzaffer, 20.05., 11.10 uhr.txt

2014-04-30 09:24 - 2014-04-30 09:24 - 00000000 _____ () C:\Users\Saturn\Desktop\Dr Caspers, Muzaffer + Ediz, 03.06., 16 Uhr.txt

2014-04-18 16:03 - 2014-04-18 16:03 - 00000000 _____ () C:\Windows\SysWOW64\shoDCEC.tmp
 

==================== One Month Modified Files and Folders =======
 

2014-05-12 18:09 - 2014-05-12 18:09 - 00000000 ____D () C:\FRST

2014-05-12 17:48 - 2014-05-12 12:12 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-12 17:36 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-12 17:36 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-12 17:34 - 2014-05-12 14:45 - 01396215 _____ () C:\Windows\WindowsUpdate.log

2014-05-12 17:31 - 2012-05-11 13:32 - 00000000 ____D () C:\ProgramData\clear.fi

2014-05-12 17:29 - 2013-12-07 16:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-12 17:28 - 2013-04-30 14:22 - 00046704 _____ () C:\Windows\setupact.log

2014-05-12 17:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-12 17:18 - 2013-12-07 16:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-12 16:58 - 2013-02-07 14:01 - 00224250 _____ () C:\Windows\PFRO.log

2014-05-12 16:55 - 2013-08-24 14:36 - 01649680 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-05-12 16:55 - 2013-06-24 13:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client

2014-05-12 16:55 - 2012-04-29 00:54 - 00700134 _____ () C:\Windows\system32\perfh007.dat

2014-05-12 16:55 - 2012-04-29 00:54 - 00149984 _____ () C:\Windows\system32\perfc007.dat

2014-05-12 16:51 - 2009-07-14 07:13 - 01643880 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-12 16:44 - 2014-05-12 16:37 - 00012256 _____ () C:\Windows\IE11_main.log

2014-05-12 16:27 - 2013-07-16 14:05 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-05-12 16:27 - 2011-08-12 09:12 - 00000000 ____D () C:\ProgramData\Skype

2014-05-12 15:48 - 2014-05-06 15:37 - 00000000 ____D () C:\ProgramData\a2snbz.cpp

2014-05-12 15:22 - 2014-05-12 15:21 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-12 15:21 - 2014-05-12 15:21 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-12 15:21 - 2014-05-12 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-12 15:21 - 2014-05-12 15:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-12 15:21 - 2013-12-11 11:47 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-12 14:48 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default

2014-05-12 14:45 - 2014-05-12 14:30 - 00000000 ____D () C:\Windows\erdnt

2014-05-12 14:41 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-05-12 14:24 - 2014-05-08 14:22 - 00000000 ____D () C:\AdwCleaner

2014-05-12 14:12 - 2012-05-10 13:42 - 00060816 _____ () C:\Users\Saturn\AppData\Local\GDIPFONTCACHEV1.DAT

2014-05-12 14:12 - 2009-07-14 06:45 - 00291752 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-05-12 14:11 - 2014-05-12 14:11 - 01325827 _____ () C:\Users\Saturn\Downloads\2-adwcleaner

2014-05-12 13:51 - 2014-05-12 13:50 - 00000000 ____D () C:\ProgramData\Max Secure

2014-05-12 13:34 - 2014-05-12 13:34 - 00000000 ____D () C:\Users\Saturn\AppData\Roaming\GetRightToGo

2014-05-12 12:13 - 2012-05-14 12:21 - 00000000 ____D () C:\Users\Saturn\AppData\Local\Adobe

2014-05-12 12:12 - 2014-05-12 12:12 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-05-12 12:12 - 2014-05-12 12:12 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-12 12:12 - 2014-05-12 12:12 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-12 12:11 - 2012-05-12 12:23 - 00000000 ____D () C:\Users\Saturn\AppData\Roaming\Skype

2014-05-12 12:08 - 2014-05-12 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-05-12 12:08 - 2014-05-12 12:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-05-12 12:08 - 2014-05-12 12:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-05-12 12:07 - 2014-05-12 12:07 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-05-12 12:07 - 2014-05-12 12:07 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-05-12 12:07 - 2014-05-12 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-05-12 12:07 - 2014-05-09 10:15 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-05-12 12:07 - 2014-05-09 10:15 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-05-12 12:01 - 2013-07-14 13:08 - 00000000 ____D () C:\Windows\SysWOW64\Adobe

2014-05-12 12:01 - 2011-08-12 09:32 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2014-05-11 17:10 - 2013-04-30 11:11 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-05-11 16:10 - 2011-08-12 09:10 - 00000000 ____D () C:\Program Files (x86)\Acer Games

2014-05-10 15:52 - 2011-08-12 09:10 - 00000000 ____D () C:\ProgramData\WildTangent

2014-05-10 15:52 - 2011-08-12 09:10 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games

2014-05-10 15:35 - 2013-04-30 11:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-05-10 10:12 - 2013-12-22 11:44 - 00000000 ____D () C:\ProgramData\CanonIJPLM

2014-05-10 10:10 - 2014-05-10 10:10 - 00000000 ____D () C:\ProgramData\SetupTemp_1

2014-05-10 10:10 - 2014-05-10 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3200 series

2014-05-10 10:10 - 2014-05-10 10:10 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool

2014-05-10 10:10 - 2013-08-19 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities

2014-05-10 10:10 - 2013-08-18 14:26 - 00000000 ____D () C:\Program Files (x86)\Canon

2014-05-10 10:10 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media

2014-05-10 10:09 - 2014-05-10 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3200 series Benutzerregistrierung

2014-05-10 09:56 - 2013-12-22 11:55 - 00001985 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk

2014-05-10 09:56 - 2013-08-18 14:39 - 00000000 ____D () C:\ProgramData\CanonIJWSpt

2014-05-10 09:49 - 2014-05-10 09:49 - 00000000 ____D () C:\Program Files\Canon

2014-05-10 09:48 - 2014-05-10 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3200 series Manual

2014-05-10 09:48 - 2013-12-22 11:47 - 00002320 _____ () C:\Users\Public\Desktop\Canon MG3200 series Online-Handbuch.lnk

2014-05-10 09:38 - 2013-08-18 14:53 - 00000000 ____D () C:\Users\Saturn\AppData\Roaming\Canon

2014-05-10 09:13 - 2013-12-07 16:33 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-05-10 09:13 - 2013-12-07 16:33 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-09 18:19 - 2012-05-10 13:42 - 00000000 ____D () C:\Users\Saturn

2014-05-09 18:18 - 2012-05-10 13:42 - 00000000 ____D () C:\Users\Saturn\AppData\Local\PowerCinema

2014-05-09 18:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration

2014-05-09 10:15 - 2014-05-09 10:15 - 00000000 ____D () C:\Program Files\Java

2014-05-09 09:59 - 2014-05-09 09:56 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5

2014-05-09 09:58 - 2014-05-09 09:58 - 00000000 ____D () C:\Users\Saturn\AppData\Roaming\TrojanHunter

2014-05-09 09:56 - 2014-05-09 09:56 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll

2014-05-08 14:23 - 2012-05-10 13:44 - 00001132 _____ () C:\Users\Saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-05-08 14:23 - 2012-05-10 13:44 - 00000949 _____ () C:\Users\Saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2014-05-07 17:08 - 2012-05-10 13:44 - 00000000 ___RD () C:\Users\Saturn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-06 19:10 - 2012-10-29 00:09 - 00000000 ____D () C:\Users\Saturn\AppData\Roaming\SFBot

2014-05-06 19:09 - 2013-12-22 12:15 - 00000000 ___HD () C:\ProgramData\CanonIJEGV

2014-05-06 19:06 - 2013-07-14 13:12 - 00000000 ____D () C:\Program Files (x86)\Java

2014-04-30 09:47 - 2014-04-30 09:47 - 00000000 _____ () C:\Users\Saturn\Desktop\Dr Grünholz, Muzaffer, 01.07., 9.30uhr.txt

2014-04-30 09:25 - 2014-04-30 09:25 - 00000000 _____ () C:\Users\Saturn\Desktop\HNO, Muzaffer, 20.05., 11.10 uhr.txt

2014-04-30 09:24 - 2014-04-30 09:24 - 00000000 _____ () C:\Users\Saturn\Desktop\Dr Caspers, Muzaffer + Ediz, 03.06., 16 Uhr.txt

2014-04-26 15:34 - 2012-06-27 11:30 - 00000000 ____D () C:\Users\Saturn\AppData\Local\Microsoft Games

2014-04-26 15:25 - 2011-08-12 09:10 - 00002662 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk

2014-04-26 15:25 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-04-25 19:24 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-04-20 18:00 - 2012-10-29 15:20 - 00000000 ____D () C:\Users\Saturn\Desktop\SFBot_v2.1.0

2014-04-20 17:15 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-18 16:03 - 2014-04-18 16:03 - 00000000 _____ () C:\Windows\SysWOW64\shoDCEC.tmp
 

Files to move or delete:

====================

C:\ProgramData\zj7bmqmqfr.bxx

C:\ProgramData\zj7bmqmqfr.fvv
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-05-10 16:20
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition

Zitat:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01
Ran by Saturn at 2014-05-12 18:10:34
Running from C:\Users\Saturn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5PFANW5U
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1820 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1820 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.8.2.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ‪Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG3200 series Benutzerregistrierung (HKLM-x32\...\Canon MG3200 series Benutzerregistrierung) (Version: - Canon Inc.‎)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Crazy Chicken Kart 2 (HKLM-x32\...\{26B458CF-4B7F-49A2-B131-4169F0685E13}_is1) (Version: - MyPlayBus.com)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das Rettungsteam 2 (HKLM-x32\...\McGame.com Das Rettungsteam 2) (Version: 1.0.0.0 - McGame.com)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GPU Monitor (HKLM-x32\...\VLC Player GPU+11.041.44) (Version: 11.041.44 - GPU Usage) <==== ATTENTION
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
IPCam Admin v3.0.31 (HKLM-x32\...\IPCam Admin Utility_is1) (Version: - Edimax Technology Co., Ltd.)
iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 268.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.00 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.39.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.21 (Version: 1.0.21 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Systemsteuerung 268.00 (Version: 268.00 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.0.21 - NVIDIA Corporation) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
WGDeutsch (HKLM-x32\...\{34DB4D31-908F-4D96-96B8-62E1868B9FB0}) (Version: 1.00.0000 - Westermann)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points =========================

06-05-2014 17:04:04 Wiederherstellungsvorgang
09-05-2014 08:14:56 Installed Java 7 Update 55 (64-bit)
09-05-2014 16:11:58 Wiederherstellungsvorgang
12-05-2014 10:02:03 Removed Microsoft Silverlight
12-05-2014 10:03:13 Removed Java 7 Update 51
12-05-2014 10:06:58 Installed Java 7 Update 55 (64-bit)
12-05-2014 11:52:36 Installed Spyware Detector
12-05-2014 13:54:27 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-12 14:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0B60358C-43BE-47BC-9C11-F9AF66EADDC5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07] (Google Inc.)
Task: {0D7C1C21-4EAB-4C39-AC78-640A1DE37F5E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-12] (Adobe Systems Incorporated)
Task: {161E81BF-4A6C-493E-AC78-03EAA71DF77F} - System32\Tasks\{D8B118BE-C0DB-4FBF-9FE6-C914EFB966DA} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain
Task: {22A92CB3-6468-4BCE-9B43-E0423265B06C} - System32\Tasks\{A5162675-8CD8-49BC-96AB-DF7253019D67} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.115.367/en/abandoninstall?page=tsMain
Task: {2F496728-A35F-47BC-8D23-63651B4FB33A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-07] (Google Inc.)
Task: {37987B87-6344-4C90-B12B-F936957D6697} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {38AB495B-06AD-4576-8F08-654CE683FB3B} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {41B2EC03-DD3F-40AE-B427-53CEF1552856} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {506E0C36-3A40-4735-8DD9-7330B66DDA22} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2013-12-18] (Adobe Systems Incorporated)
Task: {65A8F291-6105-4B0B-AD25-2B0A3ADE5923} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {6B74DF1D-16CE-4D2C-BF1A-E47CABEAA49D} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2011-06-18] (Acer)
Task: {6DB87FDA-FCF1-4CE2-9E23-CF4F60347E9B} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {BA4ED67D-62C6-40B0-A6BB-306A79FC8350} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {E4A6FE71-ED83-4877-BF0B-CAA508236A16} - System32\Tasks\{6F858E4C-790D-4420-AD3F-8BEFCF7E3DF4} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.8.0.158/en/abandoninstall?page=tsMain
Task: {F3A3CC50-29C6-4F72-8778-6C8980DF0411} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {FE86FE32-2C92-4FCB-89E0-453A027B4A14} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-22 12:15 - 2012-03-28 14:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2011-08-12 09:37 - 2011-06-10 19:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-03-14 13:14 - 2012-12-18 10:31 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-08-24 18:03 - 2011-08-24 18:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-03-17 12:59 - 2014-03-17 12:59 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2014-03-17 12:58 - 2014-03-17 12:58 - 00082808 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2014-03-17 12:58 - 2014-03-17 12:58 - 00357752 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2013-01-12 22:59 - 2013-01-12 22:59 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\fd7fa1aa086fc23a60b1536d346f5657\IsdiInterop.ni.dll
2011-08-12 08:58 - 2011-04-30 09:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Saturn:gs5sys
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Temp:E6537A16
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Saturn\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Saturn\Cookies:gs5sys
AlternateDataStreams: C:\Users\Saturn\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\Saturn\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\Saturn\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Saturn\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Saturn\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Saturn\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Saturn\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\Saturn\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/12/2014 05:29:57 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 05:00:25 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 04:32:05 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) (EventID: 11935)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {74C57B6B-FF6E-3825-BED2-78E14E3E0E3C}

Error: (05/12/2014 03:16:52 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 03:01:02 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 02:56:35 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 02:42:15 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) (EventID: 4122)
Description: Die Datei AvShadow konnte nicht geladen werden.
Fehlercode: 0x3fa

Error: (05/12/2014 02:41:42 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 02:25:25 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 02:12:54 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/12/2014 05:34:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) (EventID: 20)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0826 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2862152)

Error: (05/12/2014 05:34:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) (EventID: 20)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0826 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme (KB2929755)

Error: (05/12/2014 05:32:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) (EventID: 20)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0826 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2835361)

Error: (05/12/2014 05:32:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) (EventID: 20)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0826 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2834886)

Error: (05/12/2014 05:32:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) (EventID: 20)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0826 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 für x64-basierte Systeme (KB2832414)

Error: (05/12/2014 05:32:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) (EventID: 20)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0826 fehlgeschlagen: Update für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 SP1 für x64-basierte Systeme (KB2836943)

Error: (05/12/2014 05:32:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) (EventID: 20)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0826 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2876284)

Error: (05/12/2014 05:32:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) (EventID: 20)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0826 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2835361)

Error: (05/12/2014 05:32:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) (EventID: 20)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0826 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2834886)

Error: (05/12/2014 05:32:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) (EventID: 20)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0826 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 für x64-basierte Systeme (KB2832414)

Microsoft Office Sessions:
=========================
Error: (05/12/2014 05:29:57 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 05:00:25 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 04:32:05 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) (EventID: 11935)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {74C57B6B-FF6E-3825-BED2-78E14E3E0E3C}(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/12/2014 03:16:52 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 03:01:02 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 02:56:35 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 02:42:15 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) (EventID: 4122)
Description: AvShadow0x3fa

Error: (05/12/2014 02:41:42 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 02:25:25 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 02:12:54 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2014-05-12 14:39:36.493
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2014-05-12 14:39:36.462
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 3947.86 MB
Available physical RAM: 1998.89 MB
Total Pagefile: 7893.91 MB
Available Pagefile: 5721.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:279.99 GB) (Free:210.08 GB) NTFS
Drive d: (CANON_IJ) (CDROM) (Total:0.51 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 10655FFF)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS)

==================== End Of Log ============================