Tut mir leid, das hab ich wohl überlesen.
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Michi (administrator) on MICHI-PC on 17-05-2014 11:37:39
Running from C:\Users\Michi\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Spotify Ltd) C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Spotify Ltd) C:\Users\Michi\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-07] (Microsoft Corporation)
HKU\S-1-5-21-472058247-168673788-3812701135-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-472058247-168673788-3812701135-1001\...\Run: [Spotify Web Helper] => C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-15] (Spotify Ltd)
HKU\S-1-5-21-472058247-168673788-3812701135-1001\...\MountPoints2: {cd659972-bce3-11e3-b887-6c626d99f7d3} - H:\Setup.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCB22C946EC50CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
Chrome:
=======
CHR HomePage: https://portal.kskmse.de/portal/portal/?IID=70250150&AID=IPSTANDARD&p=p.startseite_ophZZgW7o&n=%2Fprivatkunden%2Foph_start%2F
CHR StartupUrls: "hxxp://www.google.com"
CHR Extension: (Google Docs) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]
CHR Extension: (Google Drive) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (YouTube) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Adblock Plus) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-05]
CHR Extension: (Google-Suche) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (Google Kalender) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-04-05]
CHR Extension: (AdBlock) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-05]
CHR Extension: (Google Keep) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-04-05]
CHR Extension: (Google Maps) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-04-05]
CHR Extension: (Google Wallet) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (Google Mail) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-05] (Disc Soft Ltd)
S3 L6PODHD5; C:\Windows\System32\Drivers\L6PODHD564.sys [772864 2013-07-11] (Line 6)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-17 11:37 - 2014-05-17 11:37 - 00008282 _____ () C:\Users\Michi\Desktop\FRST.txt
2014-05-17 11:37 - 2014-05-17 11:37 - 00000000 ____D () C:\FRST
2014-05-17 11:36 - 2014-05-17 11:36 - 00380416 _____ () C:\Users\Michi\Desktop\Gmer-19357.exe
2014-05-17 11:36 - 2014-05-17 11:36 - 00000542 _____ () C:\Users\Michi\Desktop\defogger_disable.log
2014-05-17 11:36 - 2014-05-17 11:36 - 00000168 _____ () C:\Users\Michi\defogger_reenable
2014-05-17 11:35 - 2014-05-17 11:35 - 02067456 _____ (Farbar) C:\Users\Michi\Desktop\FRST64.exe
2014-05-17 11:35 - 2014-05-17 11:35 - 00050477 _____ () C:\Users\Michi\Desktop\Defogger.exe
2014-05-15 10:10 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 10:10 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 10:10 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 10:10 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 10:10 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 10:10 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 22:41 - 2014-05-14 22:41 - 00001287 _____ () C:\Users\Public\Desktop\F1 2013.lnk
2014-05-14 22:40 - 2014-05-14 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters
2014-05-14 16:44 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 16:44 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 16:44 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 16:44 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 16:44 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 16:44 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 16:44 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 16:44 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 16:44 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 16:44 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 16:44 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 16:44 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 16:44 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 16:44 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 16:44 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 16:44 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 16:44 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 16:44 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 16:44 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 16:44 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 16:44 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 16:44 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 16:44 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 16:44 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 16:44 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 16:44 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 16:44 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 16:44 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 16:44 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 16:44 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 16:44 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 16:44 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 16:44 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 16:44 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 16:44 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 16:44 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 16:44 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 16:44 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 16:44 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 16:44 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 16:44 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 16:44 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 16:44 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 16:44 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 16:44 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-12 18:44 - 2014-05-12 18:44 - 00006849 _____ () C:\Users\Michi\Desktop\Bestaetigung.htm
2014-05-12 18:44 - 2014-05-12 18:44 - 00000000 ____D () C:\Users\Michi\Desktop\Bestaetigung_files
2014-05-10 12:35 - 2014-05-10 12:35 - 00019254 _____ () C:\Users\Michi\Desktop\Auswahlverfahren.odt
2014-05-10 12:33 - 2014-05-10 12:33 - 00005618 _____ () C:\Users\Michi\Desktop\polizei.odt
2014-05-07 20:40 - 2014-05-07 20:40 - 03606844 _____ () C:\Users\Michi\Desktop\rld-tfuf.7z
2014-05-07 20:36 - 2014-05-07 20:38 - 434198680 _____ () C:\Users\Michi\Desktop\SWTFU_PC_EFIGS_1.2_Update.exe
2014-05-07 19:23 - 2014-05-15 18:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 21:18 - 2014-05-06 21:18 - 00000000 ____D () C:\Users\Michi\Documents\Aspyr
2014-05-06 21:11 - 2014-05-06 21:11 - 00001290 _____ () C:\Users\Michi\Desktop\Star Wars The Force Unleashed.lnk
2014-05-06 20:44 - 2014-05-06 20:44 - 00000000 ____D () C:\Program Files (x86)\Aspyr
2014-05-06 20:43 - 2014-05-06 20:43 - 00000000 ____D () C:\Users\Michi\AppData\Local\Aspyr
2014-05-05 23:07 - 2014-05-05 23:08 - 162247680 _____ (ThielHater) C:\Users\Michi\Desktop\Gothic_Reloaded_Mod_-_Demo_v1.5.exe
2014-04-23 10:24 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-23 10:24 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-23 10:24 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-23 10:24 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-23 10:23 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-23 10:23 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-23 10:23 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-23 10:23 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-23 10:23 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-23 10:23 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-23 10:23 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-23 10:23 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-23 10:23 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-23 10:23 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-23 10:23 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-23 10:23 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-23 10:23 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-23 10:23 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-23 10:23 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-23 10:23 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-23 10:23 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-23 10:23 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-23 10:23 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-23 10:23 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-23 10:23 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-23 10:23 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-23 10:23 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-23 10:23 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-23 10:23 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-23 10:23 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-23 10:23 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-23 10:23 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-23 10:23 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-23 10:23 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-23 10:23 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-23 10:23 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-23 10:23 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-23 10:23 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-23 10:23 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-23 10:23 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-23 10:23 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-23 10:23 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-23 10:23 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-23 10:23 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-20 23:29 - 2014-04-20 23:29 - 00000000 ____D () C:\ProgramData\Origin
==================== One Month Modified Files and Folders =======
2014-05-17 11:37 - 2014-05-17 11:37 - 00008282 _____ () C:\Users\Michi\Desktop\FRST.txt
2014-05-17 11:37 - 2014-05-17 11:37 - 00000000 ____D () C:\FRST
2014-05-17 11:36 - 2014-05-17 11:36 - 00380416 _____ () C:\Users\Michi\Desktop\Gmer-19357.exe
2014-05-17 11:36 - 2014-05-17 11:36 - 00000542 _____ () C:\Users\Michi\Desktop\defogger_disable.log
2014-05-17 11:36 - 2014-05-17 11:36 - 00000168 _____ () C:\Users\Michi\defogger_reenable
2014-05-17 11:36 - 2014-04-05 18:28 - 00000000 ____D () C:\Users\Michi
2014-05-17 11:35 - 2014-05-17 11:35 - 02067456 _____ (Farbar) C:\Users\Michi\Desktop\FRST64.exe
2014-05-17 11:35 - 2014-05-17 11:35 - 00050477 _____ () C:\Users\Michi\Desktop\Defogger.exe
2014-05-17 11:23 - 2014-04-05 19:15 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Spotify
2014-05-17 11:08 - 2014-04-05 18:21 - 01728748 _____ () C:\Windows\WindowsUpdate.log
2014-05-17 10:58 - 2014-04-05 18:46 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-17 00:33 - 2014-04-05 19:20 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\XBMC
2014-05-16 23:16 - 2014-04-05 23:44 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\vlc
2014-05-16 11:51 - 2009-07-14 06:45 - 00014944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-16 11:51 - 2009-07-14 06:45 - 00014944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-16 11:42 - 2014-04-05 18:46 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-16 10:55 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-05-16 10:55 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-05-16 10:55 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-16 10:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-16 10:50 - 2009-07-14 06:51 - 00020120 _____ () C:\Windows\setupact.log
2014-05-15 23:44 - 2014-04-05 19:15 - 00000000 ____D () C:\Users\Michi\AppData\Local\Spotify
2014-05-15 19:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 18:32 - 2014-04-05 18:29 - 00000000 ___RD () C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 18:32 - 2014-04-05 18:29 - 00000000 ___RD () C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 18:29 - 2014-05-07 19:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 23:33 - 2014-04-05 21:14 - 00000000 ____D () C:\Users\Michi\Documents\My Games
2014-05-14 22:41 - 2014-05-14 22:41 - 00001287 _____ () C:\Users\Public\Desktop\F1 2013.lnk
2014-05-14 22:41 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-14 22:40 - 2014-05-14 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters
2014-05-14 22:33 - 2014-04-05 21:01 - 00000000 ____D () C:\Program Files (x86)\Codemasters
2014-05-13 17:36 - 2014-04-05 19:00 - 00252868 _____ () C:\Windows\PFRO.log
2014-05-12 18:44 - 2014-05-12 18:44 - 00006849 _____ () C:\Users\Michi\Desktop\Bestaetigung.htm
2014-05-12 18:44 - 2014-05-12 18:44 - 00000000 ____D () C:\Users\Michi\Desktop\Bestaetigung_files
2014-05-10 12:35 - 2014-05-10 12:35 - 00019254 _____ () C:\Users\Michi\Desktop\Auswahlverfahren.odt
2014-05-10 12:33 - 2014-05-10 12:33 - 00005618 _____ () C:\Users\Michi\Desktop\polizei.odt
2014-05-10 11:37 - 2014-04-05 18:46 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 11:37 - 2014-04-05 18:46 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 08:14 - 2014-05-14 16:44 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 16:44 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 20:40 - 2014-05-07 20:40 - 03606844 _____ () C:\Users\Michi\Desktop\rld-tfuf.7z
2014-05-07 20:38 - 2014-05-07 20:36 - 434198680 _____ () C:\Users\Michi\Desktop\SWTFU_PC_EFIGS_1.2_Update.exe
2014-05-06 21:18 - 2014-05-06 21:18 - 00000000 ____D () C:\Users\Michi\Documents\Aspyr
2014-05-06 21:13 - 2014-04-14 18:41 - 00027522 _____ () C:\Windows\DirectX.log
2014-05-06 21:11 - 2014-05-06 21:11 - 00001290 _____ () C:\Users\Michi\Desktop\Star Wars The Force Unleashed.lnk
2014-05-06 20:44 - 2014-05-06 20:44 - 00000000 ____D () C:\Program Files (x86)\Aspyr
2014-05-06 20:43 - 2014-05-06 20:43 - 00000000 ____D () C:\Users\Michi\AppData\Local\Aspyr
2014-05-06 06:40 - 2014-05-15 10:10 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 10:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 10:10 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 10:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 10:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 10:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 23:08 - 2014-05-05 23:07 - 162247680 _____ (ThielHater) C:\Users\Michi\Desktop\Gothic_Reloaded_Mod_-_Demo_v1.5.exe
2014-05-03 22:22 - 2014-04-15 20:08 - 00000000 ____D () C:\Users\Michi\Documents\FIFA 14
2014-04-26 15:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-23 10:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-21 17:52 - 2014-04-11 01:05 - 00001456 _____ () C:\Users\Michi\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-04-20 23:29 - 2014-04-20 23:29 - 00000000 ____D () C:\ProgramData\Origin
Some content of TEMP:
====================
C:\Users\Michi\AppData\Local\Temp\avgnt.exe
C:\Users\Michi\AppData\Local\Temp\L6GPInst.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2014-05-14 16:44] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-11 16:38
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Michi at 2014-05-17 11:38:03
Running from C:\Users\Michi\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
F1 2013 (HKLM-x32\...\{F8EEEE50-F29D-40AC-BB82-8AAB46B22BBC}_is1) (Version: 1.0 - Codemasters)
FIFA 14 (HKLM-x32\...\{7A6577E7-F341-430F-9173-91E14E2DE270}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 14 (HKLM-x32\...\{7A6577E7-F341-430F-9173-91E14E2DE270}_is1) (Version: 1.0 - Electronic Arts)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Star Wars: The Force Unleashed (HKLM-x32\...\Star Wars: The Force Unleashed_is1) (Version: 1.0 - Aspyr)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.0.2 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
Topaz ReMask 3 (HKLM-x32\...\Topaz ReMask 3) (Version: 3.2.1 - Topaz Labs, LLC)
Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.0.0 - Topaz Labs, LLC)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XBMC (HKCU\...\XBMC) (Version: - Team XBMC)
==================== Restore Points =========================
16-05-2014 14:35:40 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {74E6FF45-2365-4100-A586-75DD7D400B6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: {A713A2CA-EA8E-4791-90EF-D0F6DFE7927A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-04-05 18:46 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-05 19:15 - 2014-05-15 23:44 - 00598072 _____ () C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-04-05 19:16 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-04-05 19:15 - 2014-05-15 23:44 - 36966968 _____ () C:\Users\Michi\AppData\Roaming\Spotify\Data\libcef.dll
2014-04-05 19:15 - 2014-05-15 23:44 - 00886840 _____ () C:\Users\Michi\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-04-05 19:15 - 2014-05-15 23:44 - 00108600 _____ () C:\Users\Michi\AppData\Roaming\Spotify\Data\libegl.dll
2014-05-16 11:44 - 2014-05-08 01:29 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2014-05-16 11:44 - 2014-05-08 01:29 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
2014-05-16 11:44 - 2014-05-08 01:29 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll
2014-05-16 11:44 - 2014-05-08 01:29 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-16 11:44 - 2014-05-08 01:29 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-16 11:44 - 2014-05-08 01:29 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/14/2014 08:47:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win64",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win64",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/12/2014 04:44:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 11.10.13.1, Zeitstempel: 0x52f202d0
Name des fehlerhaften Moduls: nvapi.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5315b419
Ausnahmecode: 0xc0000005
Fehleroffset: 0x70f572c0
ID des fehlerhaften Prozesses: 0xaf8
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3
Error: (05/10/2014 11:35:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 11.10.13.1, Zeitstempel: 0x52f202d0
Name des fehlerhaften Moduls: nvapi.dll, Version: 9.18.13.3523, Zeitstempel: 0x5315b419
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00157217
ID des fehlerhaften Prozesses: 0x8d0
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3
Error: (05/09/2014 04:50:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SWTFU.exe, Version: 0.0.0.0, Zeitstempel: 0x4ac80e11
Name des fehlerhaften Moduls: SWTFU.exe, Version: 0.0.0.0, Zeitstempel: 0x4ac80e11
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00117d08
ID des fehlerhaften Prozesses: 0x1614
Startzeit der fehlerhaften Anwendung: 0xSWTFU.exe0
Pfad der fehlerhaften Anwendung: SWTFU.exe1
Pfad des fehlerhaften Moduls: SWTFU.exe2
Berichtskennung: SWTFU.exe3
Error: (05/07/2014 08:35:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SWTFU.exe, Version: 0.0.0.0, Zeitstempel: 0x4ac80e11
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x46893c74
ID des fehlerhaften Prozesses: 0x1770
Startzeit der fehlerhaften Anwendung: 0xSWTFU.exe0
Pfad der fehlerhaften Anwendung: SWTFU.exe1
Pfad des fehlerhaften Moduls: SWTFU.exe2
Berichtskennung: SWTFU.exe3
Error: (05/07/2014 08:28:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SWTFU.exe, Version: 0.0.0.0, Zeitstempel: 0x4ac80e11
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x46893c6a
ID des fehlerhaften Prozesses: 0x17a0
Startzeit der fehlerhaften Anwendung: 0xSWTFU.exe0
Pfad der fehlerhaften Anwendung: SWTFU.exe1
Pfad des fehlerhaften Moduls: SWTFU.exe2
Berichtskennung: SWTFU.exe3
Error: (05/06/2014 09:55:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SWTFU.exe, Version: 0.0.0.0, Zeitstempel: 0x4ac80e11
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x46893c72
ID des fehlerhaften Prozesses: 0xe9c
Startzeit der fehlerhaften Anwendung: 0xSWTFU.exe0
Pfad der fehlerhaften Anwendung: SWTFU.exe1
Pfad des fehlerhaften Moduls: SWTFU.exe2
Berichtskennung: SWTFU.exe3
Error: (04/24/2014 03:57:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm XBMC.exe, Version 12.3.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: bb0
Startzeit: 01cf5f8d53dbd086
Endzeit: 85
Anwendungspfad: C:\Program Files (x86)\XBMC\XBMC.exe
Berichts-ID: 610d8e6b-cbb8-11e3-af31-6c626d99f7d3
Error: (04/21/2014 06:22:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Photoshop.exe, Version 13.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: cdc
Startzeit: 01cf5d78e105a4a5
Endzeit: 46
Anwendungspfad: C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
Berichts-ID:
Error: (04/21/2014 06:17:46 PM) (Source: NVIDIA OpenGL Driver) (EventID: 1) (User: )
Description: The NVIDIA OpenGL driver detected a problem with the display
driver and is unable to continue. The application must close.
Error code: 3
Visit hxxp://www.nvidia.com/page/support.html for more information.
System errors:
=============
Error: (05/15/2014 07:25:55 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (05/15/2014 10:07:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.
Error: (05/06/2014 08:43:35 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (05/06/2014 08:43:35 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (05/04/2014 07:36:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (04/16/2014 10:12:14 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
Error: (04/12/2014 08:11:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer 9 für Windows 7 für x64-Systeme (KB2936068)
Error: (04/12/2014 07:58:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 12.04.2014 um 17:25:11 unerwartet heruntergefahren.
Error: (04/12/2014 10:31:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (04/11/2014 05:13:21 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Microsoft Office Sessions:
=========================
Error: (05/14/2014 08:47:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win64",version="6.0.0.0"C:\Windows\system32\L6DriverControlPanel.cpl
Error: (05/12/2014 04:44:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe11.10.13.152f202d0nvapi.dll_unloaded0.0.0.05315b419c000000570f572c0af801cf6c48c53a9035C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvapi.dllf8edb459-d9e3-11e3-813b-6c626d99f7d3
Error: (05/10/2014 11:35:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe11.10.13.152f202d0nvapi.dll9.18.13.35235315b419c0000005001572178d001cf62f0e5538d4fC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Windows\system32\nvapi.dll6fc5f699-d826-11e3-813b-6c626d99f7d3
Error: (05/09/2014 04:50:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SWTFU.exe0.0.0.04ac80e11SWTFU.exe0.0.0.04ac80e11c000000500117d08161401cf6b94db329b8eC:\Program Files (x86)\Aspyr\Star Wars The Force Unleashed\SWTFU.exeC:\Program Files (x86)\Aspyr\Star Wars The Force Unleashed\SWTFU.exe4c90ab96-d789-11e3-813b-6c626d99f7d3
Error: (05/07/2014 08:35:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SWTFU.exe0.0.0.04ac80e11unknown0.0.0.000000000c000000546893c74177001cf6a226fe999d0C:\Program Files (x86)\Aspyr\Star Wars The Force Unleashed\SWTFU.exeunknown5bfcec55-d616-11e3-813b-6c626d99f7d3
Error: (05/07/2014 08:28:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SWTFU.exe0.0.0.04ac80e11unknown0.0.0.000000000c000000546893c6a17a001cf6a20de913ab5C:\Program Files (x86)\Aspyr\Star Wars The Force Unleashed\SWTFU.exeunknown74314956-d615-11e3-813b-6c626d99f7d3
Error: (05/06/2014 09:55:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SWTFU.exe0.0.0.04ac80e11unknown0.0.0.000000000c000000546893c72e9c01cf6960377fee92C:\Program Files (x86)\Aspyr\Star Wars The Force Unleashed\SWTFU.exeunknown5c0f35ba-d558-11e3-813b-6c626d99f7d3
Error: (04/24/2014 03:57:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: XBMC.exe12.3.0.0bb001cf5f8d53dbd08685C:\Program Files (x86)\XBMC\XBMC.exe610d8e6b-cbb8-11e3-af31-6c626d99f7d3
Error: (04/21/2014 06:22:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Photoshop.exe13.0.0.0cdc01cf5d78e105a4a546C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
Error: (04/21/2014 06:17:46 PM) (Source: NVIDIA OpenGL Driver) (EventID: 1) (User: )
Description: The NVIDIA OpenGL driver detected a problem with the display
driver and is unable to continue. The application must close.
Error code: 3
Visit hxxp://www.nvidia.com/page/support.html for more information.
==================== Memory info ===========================
Percentage of memory in use: 42%
Total physical RAM: 4095.18 MB
Available physical RAM: 2362.9 MB
Total Pagefile: 8188.54 MB
Available Pagefile: 5806.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:195.21 GB) (Free:110.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Intern 1) (Fixed) (Total:736.2 GB) (Free:21.03 GB) NTFS
Drive e: (Medien) (Fixed) (Total:2794.49 GB) (Free:28.54 GB) NTFS
Drive f: (Externe 2) (Fixed) (Total:931.51 GB) (Free:41.98 GB) NTFS
Drive g: (Backup) (Fixed) (Total:298.09 GB) (Free:8.7 GB) NTFS
Drive h: (raf-f12013) (CDROM) (Total:4.87 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 31A58FED)
Partition 1: (Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=736 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.
========================================================
Disk: 3 (Size: 932 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 25D12FEB)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End Of Log ============================ Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-17 11:49:57
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD105SI rev.1AJ10001 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Michi\AppData\Local\Temp\pgloypow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fa7000 45 bytes [00, 00, 0A, 04, 56, 69, 4D, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002fa702f 17 bytes [00, F0, 5D, B3, 04, 80, FA, ...]
---- Processes - GMER 2.1 ----
Library C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1228] 0000000000310000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\grdcore.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1228] 0000000074330000
Library c:\program files (x86)\avira\antivir desktop\cfglib.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1228] 00000000750c0000
Library c:\program files (x86)\avira\antivir desktop\gpipc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1228] 0000000074110000
Library c:\program files (x86)\avira\antivir desktop\gpgen.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1228] 00000000740d0000
Library c:\program files (x86)\avira\antivir desktop\gpschd.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1228] 0000000072d40000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avevtlog.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1228] 0000000072c90000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\schedr.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1228] 0000000072c80000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1228] 0000000072c10000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000001010000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\grdcore.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000074330000
Library c:\program files (x86)\avira\antivir desktop\cfglib.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 00000000750c0000
Library c:\program files (x86)\avira\antivir desktop\gpgen.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 00000000740d0000
Library c:\program files (x86)\avira\antivir desktop\gpgrd.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000072ad0000
Library c:\program files (x86)\avira\antivir desktop\gpipc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000074110000
Library c:\program files (x86)\avira\antivir desktop\gpgui.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000072ab0000
Library c:\program files (x86)\avira\antivir desktop\gplegacy.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000072a70000
Library c:\program files (x86)\avira\antivir desktop\gpgenrep.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000072a60000
Library c:\program files (x86)\avira\antivir desktop\onlcfg.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000072a50000
Library c:\program files (x86)\avira\antivir desktop\gavidb.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000072a20000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\libdb53.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 00000000728e0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avipc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 00000000728c0000
Library c:\program files (x86)\avira\antivir desktop\avlode.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000072830000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\libcurl.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 00000000727e0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\LIBEAY32.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000072690000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\SSLEAY32.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000072640000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avwinll.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 00000000724e0000
Library c:\program files (x86)\avira\antivir desktop\apcfile.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 00000000742b0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\libaprutil-1.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000074020000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\libapr-1.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000073f60000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\libapriconv-1.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 00000000742a0000
Library c:\program files (x86)\avira\antivir desktop\gpavgio.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000072fa0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avgio.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 00000000742e0000
Library c:\program files (x86)\avira\antivir desktop\avesvc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000072f70000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avevtlog.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000072c90000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\guardmsg.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000074010000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000072c10000
Library c:\program files (x86)\avira\antivir desktop\avreg.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000072ee0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\msgclient.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000072ea0000
Library c:\program files (x86)\avira\antivir desktop\avesvcr.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 00000000735b0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avpref.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000073780000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aecore.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 00000000736d0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aevdf.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000073730000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aescript.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 00000000733e0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aescn.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 00000000736a0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aesbx.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 00000000731b0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aerdl.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 00000000708c0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aepack.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000069780000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aeoffice.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000073660000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aeheur.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000069110000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aehelp.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000073390000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aegen.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000071e80000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aeexp.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000070830000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aeemu.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 0000000010000000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\aebb.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1460] 00000000005a0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 0000000001220000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\ccwkrlib.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 000000006fd60000
Library c:\program files (x86)\avira\antivir desktop\cfglib.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 00000000750c0000
Library c:\program files (x86)\avira\antivir desktop\ccguard.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 0000000074180000
Library c:\program files (x86)\avira\antivir desktop\ccgrdrc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 00000000716e0000
Library c:\program files (x86)\avira\antivir desktop\ccgrdw.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 00000000716a0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avipc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 00000000728c0000
Library c:\program files (x86)\avira\antivir desktop\ccwgrd.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 0000000073ee0000
Library c:\program files (x86)\avira\antivir desktop\ccfwmgt.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 0000000073ea0000
Library c:\program files (x86)\avira\antivir desktop\ccfwmgtrc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 0000000074070000
Library c:\program files (x86)\avira\antivir desktop\ccgen.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 00000000738f0000
Library c:\program files (x86)\avira\antivir desktop\ccgenrc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 00000000738e0000
Library c:\program files (x86)\avira\antivir desktop\ccupdate.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 00000000738a0000
Library c:\program files (x86)\avira\antivir desktop\ccupdrc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 0000000073890000
Library c:\program files (x86)\avira\antivir desktop\cclic.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 0000000073870000
Library c:\program files (x86)\avira\antivir desktop\cclicrc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 0000000073860000
Library c:\program files (x86)\avira\antivir desktop\ccmsg.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 0000000074240000
Library c:\program files (x86)\avira\antivir desktop\ccmsgrc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 0000000074230000
Library c:\program files (x86)\avira\antivir desktop\ccmainrc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 0000000074220000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\ccupdw.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 00000000737d0000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\grdcore.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 0000000074330000
Library c:\program files (x86)\avira\antivir desktop\gpipc.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2552] 0000000074110000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe [2936] 0000000140000000
Library C:\Program Files (x86)\Avira\AntiVir Desktop\avipc64.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe [2936] 000007fef44f0000
---- EOF - GMER 2.1 ---- Hoffe das stimmt jetzt alles so. |