Trojaner der alle meine Antiviruse Blockiert !

Jens.R · 19.06.2014, 01:24

Hallo Zusammen.
Bei mir werden alle Antiviruse blockiert und das einfach so ...
und ich hab schon gelesen hier im forum was man da gegen machen muss aber ich
komme grade nicht kla. Wäre sehr Nett wenn jemand mir helfen könnte

MFG
Jens.R

Hier die FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by Jens (administrator) on JENS-PC on 19-06-2014 02:19:58
Running from C:\Users\Jens\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
() C:\Users\Jens\explorer.exe\vrlHq.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKU\S-1-5-21-42648226-142941367-2009182230-1000\...\RunOnce: [explorer.exe] - C:\Users\Jens\explorer.exe\vrlHq.exe [1245091 2014-06-17] ()
HKU\S-1-5-21-42648226-142941367-2009182230-1000\...\Policies\Explorer: [NoFolderOptions] 1
HKU\S-1-5-21-42648226-142941367-2009182230-1000\...\Winlogon: [Shell] explorer.exe,"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" <==== ATTENTION 
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\Avira.OE.ServiceHost.exe: [Debugger] nqij.exe
IFEO\Avira.OE.Systray.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avshadow.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\blindman.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\SDFiles.exe: [Debugger] nqij.exe
IFEO\SDMain.exe: [Debugger] nqij.exe
IFEO\SDWinSec.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396515767&from=smt&uid=ST500DM002-1BD142_Z3T1YBDRXXXXZ3T1YBDR&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396515767&from=smt&uid=ST500DM002-1BD142_Z3T1YBDRXXXXZ3T1YBDR&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396515767&from=smt&uid=ST500DM002-1BD142_Z3T1YBDRXXXXZ3T1YBDR&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396515767&from=smt&uid=ST500DM002-1BD142_Z3T1YBDRXXXXZ3T1YBDR&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06IaZMQBJajSWkRYyViVlZhTIQfdAGg65OJtjeHleqBZs7HNXnrQgREjWo5Uh6cLtH7budQNdeqOUNAqqtV2T4ODfX0R4NlNy3_isQAEHMVvwxqYP1E5kty74C2-rDMQ,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06IaZMQBJajSWkRYyViVlZhTIQfdAGg65OJtjeHleqBZs7HNXnrQgREjWo5Uh6cLtH7budQNdeqOUNAqqtV2T4ODfX0R4NlNy3_isQAEHMVvwxqYP1E5kty74C2-rDMQ,,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06IaZMQBJajSWkRYyViVlZhTIQfdAGg65OJtjeHleqBZs7HNXnrQgREjWo5Uh6cLtH7budQNdeqOUNAqqtV2T4ODfX0R4NlNy3_isQAEHMVvwxqYP1E5kty74C2-rDNg,,&q={searchTerms}
SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP1C9077D4-9099-4B76-9546-047B85B6DECB&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna06IaZMQBJajSWkRYyViVlZhTIQfdAGg65OJtjeHleqBZs7HNXnrQgREjWo5Uh6cLtH7budQNdeqOUNAqqtV2T4ODfX0R4NlNy3_isQAEHMVvwxqYP1E5kty74C2-rDNg,,&q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://www.google.de/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Jens\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-04]
CHR Extension: (Google Drive) - C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-04]
CHR Extension: (YouTube) - C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-04]
CHR Extension: (Adblock Plus) - C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-03]
CHR Extension: (Google-Suche) - C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-05]
CHR Extension: (Google Mail) - C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-04]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [0 ] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [0 ] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-03-05] () [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-03] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-01] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-19 02:04 - 2014-06-19 02:04 - 472480157 _____ () C:\Windows\MEMORY.DMP
2014-06-19 02:04 - 2014-06-19 02:04 - 00276896 _____ () C:\Windows\Minidump\061914-13478-01.dmp
2014-06-19 02:04 - 2014-06-19 02:04 - 00000714 _____ () C:\Windows\setupact.log
2014-06-19 02:04 - 2014-06-19 02:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-19 02:02 - 2014-06-19 02:03 - 00000000 ____D () C:\AdwCleaner
2014-06-19 02:02 - 2014-06-19 02:02 - 01333465 _____ () C:\Users\Jens\Downloads\adwcleaner_3.212.exe
2014-06-19 02:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-19 01:38 - 2014-06-19 02:19 - 00014202 _____ () C:\Users\Jens\Desktop\FRST.txt
2014-06-19 01:38 - 2014-06-19 02:19 - 00000000 ____D () C:\FRST
2014-06-19 01:38 - 2014-06-19 01:39 - 00024411 _____ () C:\Users\Jens\Desktop\Addition.txt
2014-06-19 01:37 - 2014-06-19 01:38 - 02082304 _____ (Farbar) C:\Users\Jens\Desktop\FRST64.exe
2014-06-19 01:33 - 2014-06-19 01:33 - 01369640 _____ () C:\Users\Jens\Desktop\PandaCloudAntivirus3.1.exe
2014-06-19 01:33 - 2014-06-19 01:33 - 00000000 ____D () C:\ProgramData\Panda Security
2014-06-19 01:18 - 2014-06-19 01:18 - 04536336 _____ () C:\Users\Jens\Desktop\avira_de_av_4036260456__ws.exe
2014-06-18 22:31 - 2014-06-19 02:19 - 00030336 _____ () C:\Users\Jens\AppData\Roaming\msconfig.ini
2014-06-18 22:30 - 2014-06-19 02:04 - 00000000 __SHD () C:\Windows\SysWOW64\Windows Services
2014-06-18 22:30 - 2014-06-18 22:30 - 00000000 __SHD () C:\Users\Jens\explorer.exe
2014-06-18 22:30 - 2014-06-18 22:30 - 00000000 ___SH () C:\Users\Jens\riVdBW.txt
2014-06-18 22:27 - 2014-06-18 23:30 - 00000000 ____D () C:\Program Files\World of Warcraft
2014-06-18 22:27 - 2014-06-18 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-06-18 18:56 - 2014-06-18 18:56 - 00000000 ____D () C:\ProgramData\Blizzard
2014-06-18 18:54 - 2014-06-18 22:57 - 00000000 ____D () C:\Users\Public\Documents\Blizzard Entertainment
2014-06-17 23:01 - 2014-06-17 23:01 - 528272906 _____ () C:\Users\Jens\Downloads\Rust v14.03.zip
2014-06-17 15:54 - 2014-06-17 15:54 - 00000000 ____D () C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-17 15:54 - 2014-06-17 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-17 15:53 - 2014-06-17 15:58 - 00000000 ____D () C:\Users\Jens\AppData\Roaming\Notepad++
2014-06-17 15:53 - 2014-06-17 15:54 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-06-15 15:32 - 2014-06-15 15:32 - 00015677 _____ () C:\Users\Jens\Downloads\Cooldowns_4_3_1.zip
2014-06-09 12:50 - 2014-06-09 12:51 - 24393173 _____ () C:\Users\Jens\Downloads\messiro-community-wallpaper-2014.zip
2014-06-09 00:16 - 2014-06-09 00:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2014-06-03 06:55 - 2014-06-03 06:55 - 00000000 ____D () C:\Users\Jens\Documents\Battlefield 3
2014-06-03 06:55 - 2014-06-03 06:55 - 00000000 ____D () C:\Users\Jens\AppData\Local\ESN
2014-06-03 06:55 - 2014-06-03 06:55 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-06-03 06:53 - 2014-06-03 06:53 - 00000000 ____D () C:\ProgramData\EA Core
2014-06-03 04:02 - 2014-06-03 04:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-06-02 19:05 - 2014-06-03 06:53 - 00000000 ____D () C:\Users\Jens\AppData\Local\Origin
2014-06-02 19:05 - 2014-06-02 22:38 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-02 19:05 - 2014-06-02 19:05 - 00001306 _____ () C:\Users\Jens\Desktop\Origin.lnk
2014-06-02 19:02 - 2014-06-03 06:53 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-30 16:17 - 2014-06-14 23:32 - 00000000 ____D () C:\Users\Jens\AppData\Local\DayZ
2014-05-30 16:17 - 2014-05-30 16:21 - 00000000 ____D () C:\Users\Jens\Documents\DayZ
2014-05-26 17:10 - 2014-06-10 03:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 17:10 - 2014-05-26 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 17:09 - 2014-05-26 17:10 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-26 17:09 - 2014-05-26 17:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 17:09 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-26 17:09 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-26 17:09 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-23 23:51 - 2014-05-23 23:51 - 00367950 _____ () C:\Users\Jens\Downloads\Die 15 besten verstecke für Spickzettel.mp4
2014-05-22 13:41 - 2014-05-23 22:03 - 00010292 _____ () C:\Users\Jens\Documents\TombRaider.log
2014-05-21 17:57 - 2013-11-27 08:31 - 00000000 ____D () C:\Users\Jens\Downloads\Install_Win7_7077_11282013
2014-05-21 17:57 - 2013-11-26 09:49 - 00888536 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-05-21 17:57 - 2013-11-26 09:49 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-05-21 17:57 - 2013-11-26 09:49 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-05-21 17:30 - 2014-05-21 17:57 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-05-21 17:30 - 2009-07-20 20:24 - 01355808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-05-21 17:30 - 2009-07-20 20:24 - 00611360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-05-21 17:30 - 2009-07-20 20:24 - 00332320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-05-21 17:30 - 2009-07-20 20:23 - 01167904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-05-21 17:30 - 2009-07-20 20:23 - 00417824 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-05-21 17:30 - 2009-07-20 20:23 - 00149536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-05-21 17:30 - 2009-07-20 20:23 - 00063008 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2014-05-21 17:30 - 2009-07-20 19:52 - 01831968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-05-21 17:30 - 2009-06-29 13:18 - 00176640 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-05-21 17:30 - 2009-04-16 11:13 - 00166400 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-05-21 17:30 - 2009-03-31 15:02 - 00108032 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-05-21 17:30 - 2009-03-09 06:32 - 00304640 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-05-21 17:30 - 2009-03-09 06:30 - 00304640 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-05-21 17:30 - 2008-11-09 12:57 - 00311296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-05-21 17:30 - 2008-04-30 09:48 - 00193536 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2014-05-21 17:30 - 2007-07-25 10:34 - 00150528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2014-05-21 17:30 - 2007-05-17 12:26 - 00211376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2014-05-21 17:30 - 2006-12-13 11:30 - 00513536 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2014-05-21 16:16 - 2014-05-21 16:18 - 124637134 _____ (Realtek Semiconductor Corp.) C:\Users\Jens\Downloads\64bit_Win7_Win8_Win81_R274.exe

==================== One Month Modified Files and Folders =======

2014-06-19 02:20 - 2014-06-19 01:38 - 00014202 _____ () C:\Users\Jens\Desktop\FRST.txt
2014-06-19 02:19 - 2014-06-19 01:38 - 00000000 ____D () C:\FRST
2014-06-19 02:19 - 2014-06-18 22:31 - 00030336 _____ () C:\Users\Jens\AppData\Roaming\msconfig.ini
2014-06-19 02:11 - 2014-03-04 19:21 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-19 02:11 - 2014-03-04 19:21 - 00015456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-19 02:09 - 2014-04-05 00:01 - 00000000 ____D () C:\ProgramData\Origin
2014-06-19 02:09 - 2014-04-05 00:01 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-19 02:04 - 2014-06-19 02:04 - 472480157 _____ () C:\Windows\MEMORY.DMP
2014-06-19 02:04 - 2014-06-19 02:04 - 00276896 _____ () C:\Windows\Minidump\061914-13478-01.dmp
2014-06-19 02:04 - 2014-06-19 02:04 - 00000714 _____ () C:\Windows\setupact.log
2014-06-19 02:04 - 2014-06-19 02:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-19 02:04 - 2014-06-18 22:30 - 00000000 __SHD () C:\Windows\SysWOW64\Windows Services
2014-06-19 02:04 - 2014-03-05 07:32 - 00000000 ____D () C:\Windows\Minidump
2014-06-19 02:03 - 2014-06-19 02:02 - 00000000 ____D () C:\AdwCleaner
2014-06-19 02:02 - 2014-06-19 02:02 - 01333465 _____ () C:\Users\Jens\Downloads\adwcleaner_3.212.exe
2014-06-19 01:52 - 2014-03-04 21:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-19 01:52 - 2014-03-04 21:45 - 00000000 ____D () C:\Users\Jens\AppData\Roaming\TS3Client
2014-06-19 01:48 - 2014-03-09 03:37 - 00000000 ____D () C:\Users\Jens\AppData\Local\CrashDumps
2014-06-19 01:39 - 2014-06-19 01:38 - 00024411 _____ () C:\Users\Jens\Desktop\Addition.txt
2014-06-19 01:38 - 2014-06-19 01:37 - 02082304 _____ (Farbar) C:\Users\Jens\Desktop\FRST64.exe
2014-06-19 01:33 - 2014-06-19 01:33 - 01369640 _____ () C:\Users\Jens\Desktop\PandaCloudAntivirus3.1.exe
2014-06-19 01:33 - 2014-06-19 01:33 - 00000000 ____D () C:\ProgramData\Panda Security
2014-06-19 01:26 - 2014-03-07 18:51 - 01566956 _____ () C:\Windows\WindowsUpdate.log
2014-06-19 01:18 - 2014-06-19 01:18 - 04536336 _____ () C:\Users\Jens\Desktop\avira_de_av_4036260456__ws.exe
2014-06-19 01:17 - 2014-05-18 15:03 - 00000000 ____D () C:\Users\Jens\AppData\Roaming\Raptr
2014-06-19 01:13 - 2014-03-09 13:40 - 00000000 ____D () C:\Users\Jens\Desktop\Programme
2014-06-19 01:13 - 2014-03-04 23:07 - 00000000 ____D () C:\Users\Jens\Desktop\Games
2014-06-19 01:03 - 2014-04-03 11:03 - 00000280 _____ () C:\Windows\Tasks\FF Watcher {9B3E6EC9-6B52-4E7B-AE77-C885763150AF}.job
2014-06-19 00:38 - 2014-04-17 21:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-19 00:24 - 2014-03-04 19:01 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-18 23:30 - 2014-06-18 22:27 - 00000000 ____D () C:\Program Files\World of Warcraft
2014-06-18 22:57 - 2014-06-18 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-06-18 22:57 - 2014-06-18 18:54 - 00000000 ____D () C:\Users\Public\Documents\Blizzard Entertainment
2014-06-18 22:57 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-18 22:30 - 2014-06-18 22:30 - 00000000 __SHD () C:\Users\Jens\explorer.exe
2014-06-18 22:30 - 2014-06-18 22:30 - 00000000 ___SH () C:\Users\Jens\riVdBW.txt
2014-06-18 22:30 - 2014-03-04 18:54 - 00000000 ____D () C:\Users\Jens
2014-06-18 19:21 - 2014-04-05 22:01 - 00000000 ____D () C:\Users\Jens\AppData\Roaming\.minecraft
2014-06-18 18:56 - 2014-06-18 18:56 - 00000000 ____D () C:\ProgramData\Blizzard
2014-06-18 17:24 - 2014-03-04 19:01 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-18 14:06 - 2009-07-14 19:58 - 00708340 _____ () C:\Windows\system32\perfh007.dat
2014-06-18 14:06 - 2009-07-14 19:58 - 00153226 _____ () C:\Windows\system32\perfc007.dat
2014-06-18 14:06 - 2009-07-14 07:13 - 01534208 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-18 11:40 - 2014-03-29 15:09 - 00000000 ____D () C:\Users\Jens\AppData\Roaming\Skype
2014-06-18 11:38 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-17 23:01 - 2014-06-17 23:01 - 528272906 _____ () C:\Users\Jens\Downloads\Rust v14.03.zip
2014-06-17 21:06 - 2014-04-25 23:38 - 00000000 ____D () C:\Users\Jens\AppData\Roaming\Spotify
2014-06-17 19:07 - 2014-04-15 19:18 - 00000000 ____D () C:\Users\Jens\AppData\Local\PMB Files
2014-06-17 15:58 - 2014-06-17 15:53 - 00000000 ____D () C:\Users\Jens\AppData\Roaming\Notepad++
2014-06-17 15:54 - 2014-06-17 15:54 - 00000000 ____D () C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-17 15:54 - 2014-06-17 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-17 15:54 - 2014-06-17 15:53 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-06-17 15:35 - 2014-04-15 19:18 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-17 00:36 - 2014-03-05 08:13 - 00000000 ____D () C:\Users\Jens\AppData\Local\Battle.net
2014-06-17 00:07 - 2014-04-25 23:39 - 00000000 ____D () C:\Users\Jens\AppData\Local\Spotify
2014-06-15 15:32 - 2014-06-15 15:32 - 00015677 _____ () C:\Users\Jens\Downloads\Cooldowns_4_3_1.zip
2014-06-14 23:32 - 2014-05-30 16:17 - 00000000 ____D () C:\Users\Jens\AppData\Local\DayZ
2014-06-14 20:37 - 2014-03-05 07:02 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-06-14 20:37 - 2014-03-05 07:01 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-06-14 20:37 - 2014-03-05 07:01 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-06-12 23:26 - 2014-03-04 19:02 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 19:41 - 2014-03-05 08:13 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-10 16:59 - 2014-03-05 16:22 - 00000000 ____D () C:\Users\Jens\AppData\Local\ArmA 2
2014-06-10 03:41 - 2014-05-26 17:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-09 12:51 - 2014-06-09 12:50 - 24393173 _____ () C:\Users\Jens\Downloads\messiro-community-wallpaper-2014.zip
2014-06-09 00:16 - 2014-06-09 00:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2014-06-09 00:16 - 2014-04-06 23:13 - 00000000 ____D () C:\Users\Jens\Documents\My Games
2014-06-07 23:50 - 2014-04-26 00:47 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-06-04 19:46 - 2014-03-05 18:16 - 00000000 ____D () C:\Users\Jens\AppData\Local\ArmA 2 OA
2014-06-03 10:53 - 2014-03-05 07:01 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-03 09:29 - 2009-07-14 06:45 - 00271120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-03 06:55 - 2014-06-03 06:55 - 00000000 ____D () C:\Users\Jens\Documents\Battlefield 3
2014-06-03 06:55 - 2014-06-03 06:55 - 00000000 ____D () C:\Users\Jens\AppData\Local\ESN
2014-06-03 06:55 - 2014-06-03 06:55 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-06-03 06:55 - 2014-03-05 07:02 - 00000000 ____D () C:\Users\Jens\AppData\Local\PunkBuster
2014-06-03 06:53 - 2014-06-03 06:53 - 00000000 ____D () C:\ProgramData\EA Core
2014-06-03 06:53 - 2014-06-02 19:05 - 00000000 ____D () C:\Users\Jens\AppData\Local\Origin
2014-06-03 06:53 - 2014-06-02 19:02 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-06-03 04:02 - 2014-06-03 04:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-06-02 22:38 - 2014-06-02 19:05 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-02 22:25 - 2014-03-04 19:11 - 00059504 _____ () C:\Users\Jens\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-02 19:05 - 2014-06-02 19:05 - 00001306 _____ () C:\Users\Jens\Desktop\Origin.lnk
2014-06-02 19:05 - 2014-04-05 00:02 - 00000000 ____D () C:\Users\Jens\AppData\Roaming\Origin
2014-06-02 18:56 - 2014-04-04 20:49 - 00000000 ____D () C:\Users\Jens\AppData\Roaming\TeamViewer
2014-05-31 10:40 - 2014-04-12 01:21 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-05-30 16:21 - 2014-05-30 16:17 - 00000000 ____D () C:\Users\Jens\Documents\DayZ
2014-05-30 09:40 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-29 13:40 - 2014-03-05 08:14 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-26 17:26 - 2014-04-03 11:03 - 00000000 ____D () C:\ProgramData\WPM
2014-05-26 17:25 - 2014-04-03 11:03 - 00000000 ____D () C:\Users\Jens\AppData\Roaming\SupTab
2014-05-26 17:10 - 2014-05-26 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 17:10 - 2014-05-26 17:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-26 17:09 - 2014-05-26 17:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 16:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-23 23:51 - 2014-05-23 23:51 - 00367950 _____ () C:\Users\Jens\Downloads\Die 15 besten verstecke für Spickzettel.mp4
2014-05-23 23:50 - 2014-05-10 16:11 - 00000000 ____D () C:\Users\Jens\Desktop\JDownloader
2014-05-23 22:03 - 2014-05-22 13:41 - 00010292 _____ () C:\Users\Jens\Documents\TombRaider.log
2014-05-22 13:31 - 2014-03-04 23:45 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-22 13:31 - 2014-03-04 23:45 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-22 07:21 - 2014-05-18 15:03 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-05-21 17:57 - 2014-05-21 17:30 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-05-21 17:57 - 2014-03-04 19:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-21 17:31 - 2014-03-04 19:00 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-05-21 17:30 - 2014-03-04 19:01 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-05-21 16:18 - 2014-05-21 16:16 - 124637134 _____ (Realtek Semiconductor Corp.) C:\Users\Jens\Downloads\64bit_Win7_Win8_Win81_R274.exe
2014-05-20 16:00 - 2014-03-16 18:34 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner

Files to move or delete:
====================
C:\Users\Jens\explorer.exe
C:\Users\Jens\AppData\Roaming\msconfig.ini


Some content of TEMP:
====================
C:\Users\Jens\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 11:47

==================== End Of Log ============================

--- --- ---

--- --- ---

Hier die Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2014
Ran by Jens at 2014-06-19 01:38:58
Running from C:\Users\Jens\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Avira (HKLM-x32\...\{70a79d1f-686d-4d5c-962b-07aa1294eae0}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - )
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
DC Universe Online Live (HKCU\...\SOE-DC Universe Online Live PSG) (Version: - Sony Online Entertainment)
DC Universe Online PSG (HKCU\...\SOE-DC Universe Online PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version: - Hammerpoint Interactive)
Intel(R) Smart Connect Technology (HKLM\...\{B1AC3709-3E98-4F2C-A84E-4BCA2A452E64}) (Version: 4.2.40.2418 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MTA:SA v1.3.5 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.5 - Multi Theft Auto)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.6 - Notepad++ Team)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Outlast: Whistleblower (HKLM-x32\...\T3V0bGFzdFdoaXN0bGVibG93ZXI=_is1) (Version: 1 - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: - )
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Vegas Pro 11.0 (64-bit) (HKLM\...\{7E3B2D0F-029B-11E2-BD68-F04DA23A5C58}) (Version: 11.0.701 - Sony)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 3.3.5.12340 - Blizzard Entertainment)

==================== Restore Points =========================

08-06-2014 09:54:04 Geplanter Prüfpunkt
08-06-2014 22:16:17 Installed Microsoft XNA Framework Redistributable 4.0

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1D05C8D5-125C-48FF-B84B-24CB07F18A86} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {43818973-48D4-42B4-A9C4-DA014EF2DA24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-04] (Google Inc.)
Task: {5C1C9961-DFBC-4763-9E91-AA43F089E715} - System32\Tasks\FF Watcher {9B3E6EC9-6B52-4E7B-AE77-C885763150AF} => C:\Program Files\V-bates\PrefHelper.exe
Task: {A5A48C5E-F0B3-4D08-A2D5-D9E0C3FEB626} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-04] (Google Inc.)
Task: {BB1F05B5-F91A-4CF0-AD3F-462FF3DCDF59} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FF Watcher {9B3E6EC9-6B52-4E7B-AE77-C885763150AF}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-08-01 18:31 - 2013-08-01 18:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-01 18:31 - 2013-08-01 18:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-01 18:31 - 2013-08-01 18:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-03-05 07:01 - 2014-06-03 10:53 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-18 22:30 - 2014-06-17 23:17 - 01245091 _____ () C:\Users\Jens\explorer.exe\vrlHq.exe
2014-03-04 19:02 - 2013-09-16 21:19 - 01242584 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-06-12 23:26 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-12 23:26 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-12 23:26 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 23:26 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 23:26 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\Users\Jens\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Jens\AppData\Roaming:NT

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2014 01:36:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: setup.exe_Setup Application, Version: 7.0.11.0, Zeitstempel: 0x537e1e23
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdbdf
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000b727
ID des fehlerhaften Prozesses: 0xe18
Startzeit der fehlerhaften Anwendung: 0xsetup.exe_Setup Application0
Pfad der fehlerhaften Anwendung: setup.exe_Setup Application1
Pfad des fehlerhaften Moduls: setup.exe_Setup Application2
Berichtskennung: setup.exe_Setup Application3

Error: (06/19/2014 01:34:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: setup.exe_Setup Application, Version: 7.0.11.0, Zeitstempel: 0x537e1e23
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdbdf
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000b727
ID des fehlerhaften Prozesses: 0xb7c
Startzeit der fehlerhaften Anwendung: 0xsetup.exe_Setup Application0
Pfad der fehlerhaften Anwendung: setup.exe_Setup Application1
Pfad des fehlerhaften Moduls: setup.exe_Setup Application2
Berichtskennung: setup.exe_Setup Application3

Error: (06/19/2014 01:31:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.En-us.exe, Version: 1.1.12.20002, Zeitstempel: 0x52974fc4
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdbdf
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000b727
ID des fehlerhaften Prozesses: 0x388
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Setup.Bundle.En-us.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.En-us.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Setup.Bundle.En-us.exe2
Berichtskennung: Avira.OE.Setup.Bundle.En-us.exe3

Error: (06/19/2014 01:31:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.En-us.exe, Version: 1.1.12.20002, Zeitstempel: 0x52974fc4
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdbdf
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000b727
ID des fehlerhaften Prozesses: 0x788
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Setup.Bundle.En-us.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.En-us.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Setup.Bundle.En-us.exe2
Berichtskennung: Avira.OE.Setup.Bundle.En-us.exe3

Error: (06/19/2014 01:31:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.En-us.exe, Version: 1.1.12.20002, Zeitstempel: 0x52974fc4
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdbdf
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000b727
ID des fehlerhaften Prozesses: 0xfe0
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Setup.Bundle.En-us.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.En-us.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Setup.Bundle.En-us.exe2
Berichtskennung: Avira.OE.Setup.Bundle.En-us.exe3

Error: (06/19/2014 01:29:24 AM) (Source: Avira Antivirus) (EventID: 4122) (User: NT-AUTORITÄT)
Description: Die Datei LogOpen konnte nicht geladen werden.
Fehlercode: 0x5

Error: (06/19/2014 01:23:52 AM) (Source: Avira Antivirus) (EventID: 4122) (User: NT-AUTORITÄT)
Description: Die Datei AvShadow konnte nicht geladen werden.
Fehlercode: 0x2

Error: (06/19/2014 01:21:28 AM) (Source: Avira Antivirus) (EventID: 4122) (User: NT-AUTORITÄT)
Description: Die Datei AvShadow konnte nicht geladen werden.
Fehlercode: 0x2

Error: (06/19/2014 01:18:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.En-us.exe, Version: 1.1.12.20002, Zeitstempel: 0x52974fc4
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdbdf
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000b727
ID des fehlerhaften Prozesses: 0xff8
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Setup.Bundle.En-us.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.En-us.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Setup.Bundle.En-us.exe2
Berichtskennung: Avira.OE.Setup.Bundle.En-us.exe3

Error: (06/19/2014 01:18:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.En-us.exe, Version: 1.1.12.20002, Zeitstempel: 0x52974fc4
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdbdf
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000b727
ID des fehlerhaften Prozesses: 0x704
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Setup.Bundle.En-us.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Setup.Bundle.En-us.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Setup.Bundle.En-us.exe2
Berichtskennung: Avira.OE.Setup.Bundle.En-us.exe3

System errors:
=============
Error: (06/19/2014 01:29:25 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%303.

Error: (06/19/2014 01:23:54 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%310.

Error: (06/19/2014 01:23:21 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa800a00eb30, 0xfffffa800a00ee10, 0xfffff800033cb240)C:\Windows\MEMORY.DMP061914-12714-01

Error: (06/19/2014 01:23:15 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎19.‎06.‎2014 um 01:21:45 unerwartet heruntergefahren.

Error: (06/19/2014 01:21:30 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%310.

Error: (06/19/2014 01:20:58 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa8009ef2b30, 0xfffffa8009ef2e10, 0xfffff80003381240)C:\Windows\MEMORY.DMP061914-15022-01

Error: (06/19/2014 01:20:50 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎19.‎06.‎2014 um 01:19:32 unerwartet heruntergefahren.

Error: (06/19/2014 01:15:15 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%310.

Error: (06/19/2014 01:14:45 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa8007be95d0, 0xfffffa8007be98b0, 0xfffff800033c3240)C:\Windows\MEMORY.DMP061914-14367-01

Error: (06/19/2014 01:14:39 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎19.‎06.‎2014 um 01:13:41 unerwartet heruntergefahren.

Microsoft Office Sessions:
=========================
Error: (06/19/2014 01:36:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: setup.exe_Setup Application7.0.11.0537e1e23KERNELBASE.dll6.1.7600.163854a5bdbdf0eedfade0000b727e1801cf8b4e1fe75202C:\Users\Jens\AppData\Local\Temp\RarSFX0\setup.exeC: \Windows\syswow64\KERNELBASE.dll5dd38e89-f741-11e3-aeb9-448a5b59012b

Error: (06/19/2014 01:34:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: setup.exe_Setup Application7.0.11.0537e1e23KERNELBASE.dll6.1.7600.163854a5bdbdf0eedfade0000b727b7c01cf8b4de9ef8716C:\Users\Jens\AppData\Local\Temp\RarSFX1\setup.exeC: \Windows\syswow64\KERNELBASE.dll29253861-f741-11e3-aeb9-448a5b59012b

Error: (06/19/2014 01:31:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.Setup.Bundle.En-us.exe1.1.12.2000252974fc4KERNELBASE.dll6.1.7600.163854a5bdbdfc06d007e0000b72738801cf8b4d5fd04c08C:\ProgramData\Package Cache\{70a79d1f-686d-4d5c-962b-07aa1294eae0}\Avira.OE.Setup.Bundle.En-us.exeC:\Windows\syswow64\KERNELBASE.dll9d95c61e-f740-11e3-aeb9-448a5b59012b

Error: (06/19/2014 01:31:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.Setup.Bundle.En-us.exe1.1.12.2000252974fc4KERNELBASE.dll6.1.7600.163854a5bdbdfc06d007e0000b72778801cf8b4d5e516e9dC:\ProgramData\Package Cache\{70a79d1f-686d-4d5c-962b-07aa1294eae0}\Avira.OE.Setup.Bundle.En-us.exeC:\Windows\syswow64\KERNELBASE.dll9c16e8b3-f740-11e3-aeb9-448a5b59012b

Error: (06/19/2014 01:31:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.Setup.Bundle.En-us.exe1.1.12.2000252974fc4KERNELBASE.dll6.1.7600.163854a5bdbdfc06d007e0000b727fe001cf8b4d5bf28e2aC:\ProgramData\Package Cache\{70a79d1f-686d-4d5c-962b-07aa1294eae0}\Avira.OE.Setup.Bundle.En-us.exeC:\Windows\syswow64\KERNELBASE.dll9a53ae48-f740-11e3-aeb9-448a5b59012b

Error: (06/19/2014 01:29:24 AM) (Source: Avira Antivirus) (EventID: 4122) (User: NT-AUTORITÄT)
Description: LogOpen0x5

Error: (06/19/2014 01:23:52 AM) (Source: Avira Antivirus) (EventID: 4122) (User: NT-AUTORITÄT)
Description: AvShadow0x2

Error: (06/19/2014 01:21:28 AM) (Source: Avira Antivirus) (EventID: 4122) (User: NT-AUTORITÄT)
Description: AvShadow0x2

Error: (06/19/2014 01:18:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.Setup.Bundle.En-us.exe1.1.12.2000252974fc4KERNELBASE.dll6.1.7600.163854a5bdbdfc06d007e0000b727ff801cf8b4bac02f1bfC:\ProgramData\Package Cache\{70a79d1f-686d-4d5c-962b-07aa1294eae0}\Avira.OE.Setup.Bundle.En-us.exeC:\Windows\syswow64\KERNELBASE.dlle9c18dec-f73e-11e3-97de-448a5b59012b

Error: (06/19/2014 01:18:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.Setup.Bundle.En-us.exe1.1.12.2000252974fc4KERNELBASE.dll6.1.7600.163854a5bdbdfc06d007e0000b72770401cf8b4baa848986C:\ProgramData\Package Cache\{70a79d1f-686d-4d5c-962b-07aa1294eae0}\Avira.OE.Setup.Bundle.En-us.exeC:\Windows\syswow64\KERNELBASE.dlle84bd863-f73e-11e3-97de-448a5b59012b

==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 8120.07 MB
Available physical RAM: 6406.49 MB
Total Pagefile: 16238.28 MB
Available Pagefile: 14321.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:203.33 GB) NTFS
Drive e: (MD 84227) (Removable) (Total:7.74 GB) (Free:7.46 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 68AC9198)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

==================== End Of Log ============================

Danke schonmal im Vorraus

M-K-D-B · 19.06.2014, 10:30

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\Avira.OE.ServiceHost.exe: [Debugger] nqij.exe
IFEO\Avira.OE.Systray.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avshadow.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\blindman.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\SDFiles.exe: [Debugger] nqij.exe
IFEO\SDMain.exe: [Debugger] nqij.exe
IFEO\SDWinSec.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bitte poste mit deiner nächsten Antwort

die Logdatei von FRST,
die Logdatei von ComboFix,

M-K-D-B · 23.06.2014, 16:15

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

Trojaner der alle meine Antiviruse Blockiert !

Plagegeister aller Art und deren Bekämpfung: Trojaner der alle meine Antiviruse Blockiert !