Netbook sehr langsam

mais · 25.09.2013, 08:45

Hey Leute,
ich habe folgendes Problem:

Mein Netbook ist bei den kleinsten Anwendungen voll ausgelastet und reagiert sehr langsam. Ich habe mich schon an diese Anleitung gehalten und habe alle Schritte bis auf den letzten befolgt, da ich den nicht ganz verstanden habe:

http://www.trojaner-board.de/71631-p...samer-tun.html

Was könnt ihr mir noch raten?

Ich habe folgendes Netbook:

Netbook HP compact mini
Windows 7 Professional
SP1
Prozessor: Intel(R) Atom(TM) CPU N455 1,66GHz
Ram: 1 GB
32 bit version

Freue mich über eine baldige Antwort

LG

schrauber · 25.09.2013, 08:51

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

mais · 25.09.2013, 10:30

Hallo Schrauber!
Danke für die Hilfe. Der Erste code ist vom FRST.txt und der zweite vom Addition.txt.
Hier also der Inhalt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2013
Ran by Karla (administrator) on KARLA-PC on 25-09-2013 11:05:58
Running from C:\Users\Karla\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-07-19] (Cisco Systems, Inc.)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKCU\...\Run: [EPSON SX125 Series] - C:\Windows\TEMP\E_S1734.tmp [126 2013-07-18] ()
MountPoints2: {05d4dd7f-ea5b-11e2-8be9-00059a3c7a00} - G:\SETUP.EXE
MountPoints2: {737445a6-03e6-11e3-9a46-00059a3c7a00} - G:\AutoRun.exe
MountPoints2: {737445ad-03e6-11e3-9a46-00059a3c7a00} - G:\AutoRun.exe
Startup: C:\ProgramData\Adobe ()
Startup: C:\ProgramData\Application Data ()
Startup: C:\ProgramData\Atheros ()
Startup: C:\ProgramData\AVAST Software ()
Startup: C:\ProgramData\CanonBJ ()
Startup: C:\ProgramData\Cisco ()
Startup: C:\ProgramData\Desktop ()
Startup: C:\ProgramData\Documents ()
Startup: C:\ProgramData\EPSON ()
Startup: C:\ProgramData\Favorites ()
Startup: C:\ProgramData\Gibraltar ()
Startup: C:\ProgramData\Microsoft ()
Startup: C:\ProgramData\Microsoft Help ()
Startup: C:\ProgramData\Skype ()
Startup: C:\ProgramData\Start Menu ()
Startup: C:\ProgramData\Swiss Academic Software ()
Startup: C:\ProgramData\Templates ()
Startup: C:\Users\Default\AppData ()
Startup: C:\Users\Default\Application Data ()
Startup: C:\Users\Default\Cookies ()
Startup: C:\Users\Default\Desktop ()
Startup: C:\Users\Default\Documents ()
Startup: C:\Users\Default\Downloads ()
Startup: C:\Users\Default\Favorites ()
Startup: C:\Users\Default\Links ()
Startup: C:\Users\Default\Local Settings ()
Startup: C:\Users\Default\Music ()
Startup: C:\Users\Default\My Documents ()
Startup: C:\Users\Default\NetHood ()
Startup: C:\Users\Default\NTUSER.DAT ()
Startup: C:\Users\Default\NTUSER.DAT.LOG ()
Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
Startup: C:\Users\Default\Pictures ()
Startup: C:\Users\Default\PrintHood ()
Startup: C:\Users\Default\Recent ()
Startup: C:\Users\Default\Saved Games ()
Startup: C:\Users\Default\SendTo ()
Startup: C:\Users\Default\Start Menu ()
Startup: C:\Users\Default\Templates ()
Startup: C:\Users\Default\Videos ()
Startup: C:\Users\Karla\AppData ()
Startup: C:\Users\Karla\Application Data ()
Startup: C:\Users\Karla\Contacts ()
Startup: C:\Users\Karla\Cookies ()
Startup: C:\Users\Karla\Desktop ()
Startup: C:\Users\Karla\Documents ()
Startup: C:\Users\Karla\Downloads ()
Startup: C:\Users\Karla\Favorites ()
Startup: C:\Users\Karla\Links ()
Startup: C:\Users\Karla\Local Settings ()
Startup: C:\Users\Karla\Music ()
Startup: C:\Users\Karla\My Documents ()
Startup: C:\Users\Karla\NetHood ()
Startup: C:\Users\Karla\NTUSER.DAT ()
Startup: C:\Users\Karla\ntuser.dat.LOG1 ()
Startup: C:\Users\Karla\ntuser.dat.LOG2 ()
Startup: C:\Users\Karla\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
Startup: C:\Users\Karla\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
Startup: C:\Users\Karla\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
Startup: C:\Users\Karla\ntuser.ini ()
Startup: C:\Users\Karla\Pictures ()
Startup: C:\Users\Karla\PrintHood ()
Startup: C:\Users\Karla\Recent ()
Startup: C:\Users\Karla\Saved Games ()
Startup: C:\Users\Karla\Searches ()
Startup: C:\Users\Karla\SendTo ()
Startup: C:\Users\Karla\Start Menu ()
Startup: C:\Users\Karla\Templates ()
Startup: C:\Users\Karla\Videos ()
Startup: C:\Users\Public\Desktop ()
Startup: C:\Users\Public\Documents ()
Startup: C:\Users\Public\Downloads ()
Startup: C:\Users\Public\Favorites ()
Startup: C:\Users\Public\Libraries ()
Startup: C:\Users\Public\Music ()
Startup: C:\Users\Public\Pictures ()
Startup: C:\Users\Public\Recorded TV ()
Startup: C:\Users\Public\Videos ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB416EED4EF73CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR DefaultSearchURL: (Ecosia) - hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch
CHR DefaultSuggestURL: (Ecosia) - hxxp://ecosia.org/ajax/searchsuggestions.php?q={searchTerms}&addon=opensearch
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki\3.1.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Citavi Picker) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio\2013.5.30_0
CHR Extension: (Gmail) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S4 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [557968 2013-07-19] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2013-07-19] (Cisco Systems, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-09-02] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-09-02] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-09-02] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [230944 2010-05-07] (Realtek Semiconductor Corp.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43120 2013-07-19] (Cisco Systems, Inc.)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-25 11:05 - 2013-09-25 11:05 - 00000000 ____D C:\FRST
2013-09-25 11:04 - 2013-09-25 11:04 - 01088653 _____ (Farbar) C:\Users\Karla\Desktop\FRST.exe
2013-09-25 09:53 - 2013-09-25 09:54 - 03570845 _____ C:\Users\Karla\Desktop\proxmate.crx
2013-09-19 10:03 - 2013-09-19 11:04 - 01957966 _____ C:\Users\Karla\Desktop\HH nutrient consumption 2.xlsx
2013-09-18 23:11 - 2013-09-18 23:11 - 00000000 ____H C:\Users\Karla\Documents\~WRL0134.tmp
2013-09-15 00:37 - 2013-09-15 00:37 - 00000000 ____H C:\Users\Karla\Documents\~WRL0004.tmp
2013-09-12 00:26 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 00:26 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 00:26 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 00:26 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 00:26 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 00:26 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 23:27 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 23:27 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 23:26 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 23:26 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 23:26 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 23:26 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 23:26 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-08 12:11 - 2013-09-08 12:11 - 00000000 ____D C:\Windows\system32\sda
2013-09-08 12:08 - 2010-05-07 09:18 - 00230944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
2013-09-08 12:08 - 2010-03-04 15:23 - 09105408 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtsPStorIcon.dll
2013-09-03 10:41 - 2013-09-03 10:42 - 02907968 _____ (Cisco Systems, Inc.) C:\Users\Karla\Desktop\anyconnect-win-3.1.00495-web-deploy-k9.exe
2013-09-03 10:17 - 2013-09-03 10:18 - 00000000 ____D C:\Users\Karla\Documents\Uni
2013-09-03 10:17 - 2013-09-03 10:17 - 00000000 ____D C:\Users\Karla\Documents\GLS Bank
2013-09-02 15:55 - 2013-09-02 15:55 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-02 15:55 - 2013-09-02 15:55 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-02 15:55 - 2013-09-02 15:55 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-02 15:55 - 2013-09-02 15:55 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-09-02 15:55 - 2013-09-02 15:55 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-09-02 15:55 - 2013-09-02 15:55 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-09-02 15:55 - 2013-05-09 10:59 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-02 15:55 - 2013-05-09 10:59 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-02 15:55 - 2013-05-09 10:59 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-02 15:55 - 2013-05-09 10:59 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-02 15:55 - 2013-05-09 10:59 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-02 15:55 - 2013-05-09 10:58 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-02 15:53 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-02 15:52 - 2013-09-02 15:52 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-02 15:46 - 2013-09-02 15:52 - 00000000 ____D C:\ProgramData\AVAST Software

==================== One Month Modified Files and Folders =======

2013-09-25 11:06 - 2013-06-29 14:44 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-25 11:05 - 2013-09-25 11:05 - 00000000 ____D C:\FRST
2013-09-25 11:04 - 2013-09-25 11:04 - 01088653 _____ (Farbar) C:\Users\Karla\Desktop\FRST.exe
2013-09-25 10:38 - 2013-06-28 21:11 - 01730837 _____ C:\Windows\WindowsUpdate.log
2013-09-25 10:14 - 2009-07-14 06:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-25 10:14 - 2009-07-14 06:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-25 10:07 - 2013-06-29 14:44 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-25 10:06 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-25 10:06 - 2009-07-14 06:39 - 00071556 _____ C:\Windows\setupact.log
2013-09-25 09:54 - 2013-09-25 09:53 - 03570845 _____ C:\Users\Karla\Desktop\proxmate.crx
2013-09-24 23:53 - 2013-06-28 13:16 - 00000000 ____D C:\Program Files\Probit Software
2013-09-23 22:52 - 2010-11-20 23:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-23 12:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-21 14:12 - 2013-06-29 14:45 - 00002089 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-19 11:06 - 2013-08-14 12:48 - 00000000 ____D C:\Users\Karla\Documents\Arbeit
2013-09-19 11:04 - 2013-09-19 10:03 - 01957966 _____ C:\Users\Karla\Desktop\HH nutrient consumption 2.xlsx
2013-09-18 23:11 - 2013-09-18 23:11 - 00000000 ____H C:\Users\Karla\Documents\~WRL0134.tmp
2013-09-15 08:15 - 2010-11-20 23:48 - 00006642 _____ C:\Windows\PFRO.log
2013-09-15 00:37 - 2013-09-15 00:37 - 00000000 ____H C:\Users\Karla\Documents\~WRL0004.tmp
2013-09-12 22:28 - 2013-06-30 20:17 - 00000000 ___RD C:\Program Files\Skype
2013-09-12 22:28 - 2013-06-30 20:17 - 00000000 ____D C:\ProgramData\Skype
2013-09-12 22:14 - 2009-07-14 06:33 - 00412432 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 00:25 - 2013-08-22 11:18 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 00:22 - 2013-08-22 11:17 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-08 12:11 - 2013-09-08 12:11 - 00000000 ____D C:\Windows\system32\sda
2013-09-08 12:09 - 2013-06-28 13:03 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-08 12:08 - 2013-06-28 13:03 - 00000000 ____D C:\Program Files\Realtek
2013-09-03 15:32 - 2013-08-16 11:12 - 00000000 ____D C:\Users\Karla\Documents\Citavi 4
2013-09-03 10:42 - 2013-09-03 10:41 - 02907968 _____ (Cisco Systems, Inc.) C:\Users\Karla\Desktop\anyconnect-win-3.1.00495-web-deploy-k9.exe
2013-09-03 10:18 - 2013-09-03 10:17 - 00000000 ____D C:\Users\Karla\Documents\Uni
2013-09-03 10:17 - 2013-09-03 10:17 - 00000000 ____D C:\Users\Karla\Documents\GLS Bank
2013-09-02 15:55 - 2013-09-02 15:55 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-02 15:55 - 2013-09-02 15:55 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-02 15:55 - 2013-09-02 15:55 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-02 15:55 - 2013-09-02 15:55 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-09-02 15:55 - 2013-09-02 15:55 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-09-02 15:55 - 2013-09-02 15:55 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-09-02 15:55 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-02 15:54 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-09-02 15:52 - 2013-09-02 15:52 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-02 15:52 - 2013-09-02 15:46 - 00000000 ____D C:\ProgramData\AVAST Software

Some content of TEMP:
====================
C:\Users\Karla\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Karla\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exe
C:\Users\Karla\AppData\Local\Temp\ose00000.exe
C:\Users\Karla\AppData\Local\Temp\pyl74F0.tmp.exe
C:\Users\Karla\AppData\Local\Temp\pylD78A.tmp.exe
C:\Users\Karla\AppData\Local\Temp\ResetDevice.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-23 12:33

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-09-2013
Ran by Karla at 2013-09-25 11:09:19
Running from C:\Users\Karla\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Reader XI (11.0.04) (Version: 11.0.04)
avast! Free Antivirus (Version: 8.0.1489.0)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
Canon MG5300 series MP Drivers
Cisco AnyConnect Secure Mobility Client  (Version: 3.1.04063)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04063)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Citavi 4 (Version: 4.1.0.3)
EPSON Scan
EPSON SX125 Series Printer Uninstall
Google Chrome (Version: 29.0.1547.76)
Google Update Helper (Version: 1.3.21.153)
HP Product Detection (Version: 11.15.0008)
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2117)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.21.531.2010)
Realtek PCIE Card Reader (Version: 6.1.7600.00048)
Secure Download Manager (Version: 3.1.0)
Skype™ 6.5 (Version: 6.5.158)

==================== Restore Points  =========================

11-09-2013 22:21:11 Windows Update
12-09-2013 20:27:23 Removed Skype Click to Call
18-09-2013 19:03:33 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2C33ACD9-EBA0-4AC6-8FB7-07F99CCB1D72} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {93E56397-E77B-48F6-8CEC-6D7EA5106712} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-29] (Google Inc.)
Task: {E7A5D346-47E3-445D-BC77-0F04ECBB3CFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-29] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-04-19 08:52 - 2010-04-19 08:52 - 00275968 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2013-09-21 14:11 - 2013-09-17 05:20 - 00709584 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
2013-09-21 14:11 - 2013-09-17 05:20 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.76\libegl.dll
2013-09-21 14:11 - 2013-09-17 05:21 - 04053456 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.76\pdf.dll
2013-09-21 14:11 - 2013-09-17 05:21 - 00410576 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
2013-09-21 14:11 - 2013-09-17 05:20 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/25/2013 10:07:46 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2013 09:13:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2013 09:46:42 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{02ecda1b-e026-11e2-931c-806e6f6e6963} - 00000120,0x0053c008,005B9FB8,0,005BAFC0,4096,[0]).  hr = 0x80070079, The semaphore timeout period has expired.
.


Operation:
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (09/24/2013 09:46:39 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (09/24/2013 08:09:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2013 10:47:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2013 08:33:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2013 07:41:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2013 10:35:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/21/2013 01:34:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/25/2013 10:06:50 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (09/25/2013 09:11:42 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (09/25/2013 09:11:32 AM) (Source: Service Control Manager) (User: )
Description: The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: 
%%1058

Error: (09/24/2013 08:39:32 PM) (Source: Tcpip) (User: )
Description: The system detected an address conflict for IP address 192.168.0.102 with the system
having network hardware address 24-FD-52-57-0E-0D. Network operations on this system may
be disrupted as a result.

Error: (09/24/2013 09:46:40 AM) (Source: volsnap) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (09/24/2013 08:08:55 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/24/2013 08:07:59 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (09/23/2013 10:47:50 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/23/2013 08:37:45 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (09/23/2013 08:33:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 82%
Total physical RAM: 1011.9 MB
Available physical RAM: 178.25 MB
Total Pagefile: 2035.9 MB
Available Pagefile: 878.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:134.93 GB) (Free:23.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.82 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: C07E75CF)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=135 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

schrauber · 25.09.2013, 18:17

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

mais · 26.09.2013, 23:54

Ok, habs jetzt endlich geschafft.

Ich glaube Combofix hat eine paar dateien gelöscht ( z.T. auch von mir umbekannt).
- ist das normal?
- was kannst du aus dem folgendem Logfile entnehmen?

Code:

ATTFilter

ComboFix 13-09-24.02 - Karla 09/27/2013   0:18.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.1012.212 [GMT 2:00]
Running from: c:\users\Karla\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Karla\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Karla\Documents\~WRL0004.tmp
c:\users\Karla\Documents\~WRL0134.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-26 to 2013-09-26  )))))))))))))))))))))))))))))))
.
.
2013-09-26 22:36 . 2013-09-26 22:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-25 09:05 . 2013-09-25 09:05	--------	d-----w-	C:\FRST
2013-09-25 07:59 . 2013-09-25 07:59	--------	d-----w-	c:\users\Karla\AppData\Local\ElevatedDiagnostics
2013-09-24 07:48 . 2013-09-05 05:02	7328304	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5714E1B5-3AA7-48F6-8117-B41CE5F83579}\mpengine.dll
2013-09-08 10:11 . 2013-09-08 10:11	--------	d-----w-	c:\windows\system32\sda
2013-09-08 10:08 . 2010-05-07 07:18	230944	----a-w-	c:\windows\system32\drivers\RtsPStor.sys
2013-09-08 10:08 . 2010-03-04 13:23	9105408	----a-w-	c:\windows\system32\RtsPStorIcon.dll
2013-09-02 13:55 . 2013-05-09 08:59	29816	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-09-02 13:55 . 2013-09-02 13:55	369584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-09-02 13:55 . 2013-05-09 08:59	61680	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-09-02 13:55 . 2013-05-09 08:59	56080	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-09-02 13:55 . 2013-09-02 13:55	770344	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-09-02 13:55 . 2013-09-02 13:55	175176	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-09-02 13:55 . 2013-05-09 08:59	49376	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-09-02 13:55 . 2013-05-09 08:59	66336	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-09-02 13:55 . 2013-05-09 08:58	229648	----a-w-	c:\windows\system32\aswBoot.exe
2013-09-02 13:53 . 2013-05-09 08:58	41664	----a-w-	c:\windows\avastSS.scr
2013-09-02 13:52 . 2013-09-02 13:52	--------	d-----w-	c:\program files\AVAST Software
2013-09-02 13:46 . 2013-09-02 13:52	--------	d-----w-	c:\programdata\AVAST Software
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-07 02:22 . 2013-07-02 20:35	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-07-25 08:57 . 2013-08-16 13:56	1620992	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-19 21:29 . 2013-07-19 21:29	11152	----a-w-	c:\windows\system32\vpncategories.dll
2013-07-19 21:29 . 2013-07-19 21:29	34192	----a-w-	c:\windows\system32\vpnevents.dll
2013-07-19 21:12 . 2013-07-19 21:12	43120	----a-w-	c:\windows\system32\drivers\vpnva-6.sys
2013-07-19 21:10 . 2012-10-17 17:11	92112	----a-r-	c:\windows\system32\drivers\acsock.sys
2013-07-19 01:41 . 2013-08-16 13:50	2048	----a-w-	c:\windows\system32\tzres.dll
2013-07-09 05:03 . 2013-08-16 13:57	3913664	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-07-09 05:03 . 2013-08-16 13:57	3968960	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-07-09 04:53 . 2013-08-16 13:57	1289096	----a-w-	c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-16 13:57	175104	----a-w-	c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-16 13:57	652800	----a-w-	c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-16 13:57	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-16 13:57	1166848	----a-w-	c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-16 13:57	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-07-06 05:05 . 2013-08-16 13:56	1293760	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-30 10:45 . 2013-06-30 10:45	745472	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-30 10:45 . 2013-06-30 10:45	185344	----a-w-	c:\windows\system32\elshyph.dll
2013-06-30 10:45 . 2013-06-30 10:45	158720	----a-w-	c:\windows\system32\msls31.dll
2013-06-30 10:45 . 2013-06-30 10:45	523264	----a-w-	c:\windows\system32\vbscript.dll
2013-06-30 10:45 . 2013-06-30 10:45	150528	----a-w-	c:\windows\system32\iexpress.exe
2013-06-30 10:45 . 2013-06-30 10:45	138752	----a-w-	c:\windows\system32\wextract.exe
2013-06-30 10:45 . 2013-06-30 10:45	137216	----a-w-	c:\windows\system32\ieUnatt.exe
2013-06-30 10:45 . 2013-06-30 10:45	12800	----a-w-	c:\windows\system32\mshta.exe
2013-06-30 10:45 . 2013-06-30 10:45	73728	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-06-30 10:45 . 2013-06-30 10:45	61952	----a-w-	c:\windows\system32\tdc.ocx
2013-06-30 10:45 . 2013-06-30 10:45	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-06-30 10:45 . 2013-06-30 10:45	38400	----a-w-	c:\windows\system32\imgutil.dll
2013-06-30 10:45 . 2013-06-30 10:45	361984	----a-w-	c:\windows\system32\html.iec
2013-06-30 10:45 . 2013-06-30 10:45	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-06-30 10:45 . 2013-06-30 10:45	719360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-06-30 10:45 . 2013-06-30 10:45	23040	----a-w-	c:\windows\system32\licmgr10.dll
2013-06-30 10:45 . 2013-06-30 10:45	1441280	----a-w-	c:\windows\system32\inetcpl.cpl
2013-06-30 10:43 . 2013-06-30 10:43	49152	----a-w-	c:\windows\system32\taskhost.exe
2013-06-30 10:36 . 2013-06-30 10:36	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-30 10:36 . 2013-06-30 10:36	906240	----a-w-	c:\windows\system32\FntCache.dll
2013-06-30 10:36 . 2013-06-30 10:36	604160	----a-w-	c:\windows\system32\d3d10level9.dll
2013-06-30 10:36 . 2013-06-30 10:36	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-30 10:36 . 2013-06-30 10:36	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-30 10:36 . 2013-06-30 10:36	417792	----a-w-	c:\windows\system32\WMPhoto.dll
2013-06-30 10:36 . 2013-06-30 10:36	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-30 10:36 . 2013-06-30 10:36	364544	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-06-30 10:36 . 2013-06-30 10:36	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-30 10:36 . 2013-06-30 10:36	3419136	----a-w-	c:\windows\system32\d2d1.dll
2013-06-30 10:36 . 2013-06-30 10:36	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-30 10:36 . 2013-06-30 10:36	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-30 10:36 . 2013-06-30 10:36	293376	----a-w-	c:\windows\system32\dxgi.dll
2013-06-30 10:36 . 2013-06-30 10:36	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-30 10:36 . 2013-06-30 10:36	249856	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-06-30 10:36 . 2013-06-30 10:36	2284544	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-06-30 10:36 . 2013-06-30 10:36	220160	----a-w-	c:\windows\system32\d3d10core.dll
2013-06-30 10:36 . 2013-06-30 10:36	207872	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-06-30 10:36 . 2013-06-30 10:36	1988096	----a-w-	c:\windows\system32\d3d10warp.dll
2013-06-30 10:36 . 2013-06-30 10:36	187392	----a-w-	c:\windows\system32\UIAnimation.dll
2013-06-30 10:36 . 2013-06-30 10:36	161792	----a-w-	c:\windows\system32\d3d10_1.dll
2013-06-30 10:36 . 2013-06-30 10:36	1504768	----a-w-	c:\windows\system32\d3d11.dll
2013-06-30 10:36 . 2013-06-30 10:36	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-06-30 10:36 . 2013-06-30 10:36	1158144	----a-w-	c:\windows\system32\XpsPrint.dll
2013-06-30 10:36 . 2013-06-30 10:36	1080832	----a-w-	c:\windows\system32\d3d10.dll
2013-06-30 10:36 . 2013-06-30 10:36	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	121968	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 150552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-07-19 703888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-03 14:27	19603048	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-03 162408]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2013-07-19 92112]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
R4 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-07-19 557968]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-05-07 230944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-05-31 267880]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-21 11:35	1177552	----a-w-	c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-29 12:44]
.
2013-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-29 12:44]
.
.
------- Supplementary Scan -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-09-27  00:46:04 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-26 22:46
.
Pre-Run: 24,712,339,456 bytes free
Post-Run: 25,301,692,416 bytes free
.
- - End Of File - - CD606BA9EBEC605CC4E7A0FBC41D7046
A36C5E4F47E84449FF07ED3517B43A31

Danke für deine Hilfestellung!

schrauber · 27.09.2013, 09:39

Sieht gut aus, jetzt noch Adware weg putzen.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

mais · 01.10.2013, 19:01

hier der logfile von Malwarebyte:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.01.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
Karla :: KARLA-PC [administrator]

Protection: Enabled

10/1/2013 4:54:47 PM
mbam-log-2013-10-01 (16-54-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189617
Time elapsed: 13 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

hier der von adwcleaner:

Code:

ATTFilter

# AdwCleaner v3.006 - Report created 01/10/2013 at 18:43:14
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Karla - KARLA-PC
# Running from : C:\Users\Karla\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\openit
Folder Deleted : C:\Users\Karla\AppData\Roaming\digitalsite
File Deleted : C:\Users\Public\Desktop\Open It!.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1525 octets] - [01/10/2013 18:25:04]
AdwCleaner[S0].txt - [1478 octets] - [01/10/2013 18:43:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1538 octets] ##########

Hier das/der Log des Junkware-removal-tool:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Professional x86
Ran by Karla on Tue 10/01/2013 at 19:12:38.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\digitalsite
Successfully deleted: [File] C:\Windows\Tasks\digitalsite.job



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/01/2013 at 19:26:07.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

hier noch ein frischer FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by Karla (administrator) on KARLA-PC on 01-10-2013 19:55:56
Running from C:\Users\Karla\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WPWW9MJ6
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\avast.setup

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-07-19] (Cisco Systems, Inc.)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB416EED4EF73CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR DefaultSearchURL: (Ecosia) - hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch
CHR DefaultSuggestURL: (Ecosia) - hxxp://ecosia.org/ajax/searchsuggestions.php?q={searchTerms}&addon=opensearch
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Extension: (Google Docs) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1
CHR Extension: (Google Drive) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (Citavi Picker) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio\2013.5.30_1
CHR Extension: (Gmail) - C:\Users\Karla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-08-30] (AVAST Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [557968 2013-07-19] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2013-07-19] (Cisco Systems, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R1 aswFW; C:\Windows\system32\drivers\aswFW.sys [104752 2013-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21576 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2013-07-17] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\drivers\aswNdis2.sys [204784 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [230944 2010-05-07] (Realtek Semiconductor Corp.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43120 2013-07-19] (Cisco Systems, Inc.)
S3 catchme; \??\C:\Users\Karla\AppData\Local\Temp\catchme.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-01 19:26 - 2013-10-01 19:26 - 00000864 _____ C:\Users\Karla\Desktop\JRT.txt
2013-10-01 19:12 - 2013-10-01 19:12 - 00000000 ____D C:\Windows\ERUNT
2013-10-01 19:00 - 2013-10-01 19:01 - 01030305 _____ (Thisisu) C:\Users\Karla\Desktop\JRT.exe
2013-10-01 18:24 - 2013-10-01 18:43 - 00000000 ____D C:\AdwCleaner
2013-10-01 18:20 - 2013-10-01 18:22 - 01045226 _____ C:\Users\Karla\Desktop\adwcleaner.exe
2013-10-01 18:04 - 2013-10-01 18:06 - 00749248 _____ C:\Users\Karla\Desktop\ZipExtractorSetup.exe
2013-10-01 16:48 - 2013-10-01 16:48 - 00000000 ____D C:\Users\Karla\AppData\Roaming\Malwarebytes
2013-10-01 16:38 - 2013-10-01 16:38 - 00001031 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-01 16:37 - 2013-10-01 16:38 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-01 16:37 - 2013-10-01 16:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-01 16:37 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-01 16:24 - 2013-10-01 16:25 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Karla\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-01 11:12 - 2013-10-01 11:19 - 00057791 _____ C:\Users\Karla\Downloads\Wihi-Plan 2013.xlsx
2013-09-29 15:53 - 2013-09-29 15:54 - 00000222 _____ C:\Users\Karla\Downloads\ka_vela.vcf
2013-09-27 23:23 - 2013-09-27 23:24 - 00009799 _____ C:\Users\Karla\Downloads\Briefvorlagen.zip
2013-09-27 00:53 - 2013-08-30 09:48 - 00204784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2013-09-27 00:53 - 2013-08-30 09:48 - 00104752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFW.sys
2013-09-27 00:53 - 2013-08-30 09:48 - 00021576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2013-09-27 00:53 - 2013-07-17 11:17 - 00012112 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys
2013-09-27 00:48 - 2013-09-27 00:48 - 00001963 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-09-27 00:46 - 2013-09-27 00:46 - 00012541 _____ C:\ComboFix.txt
2013-09-27 00:14 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-27 00:14 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-27 00:14 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-27 00:14 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-27 00:14 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-27 00:14 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-27 00:14 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-27 00:14 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-27 00:13 - 2013-09-27 00:46 - 00000000 ____D C:\Qoobox
2013-09-27 00:12 - 2013-09-27 00:42 - 00000000 ____D C:\Windows\erdnt
2013-09-25 22:05 - 2013-09-25 22:06 - 05130004 ____R (Swearware) C:\Users\Karla\Desktop\ComboFix.exe
2013-09-25 11:10 - 2013-09-25 11:10 - 00024925 _____ C:\Users\Karla\Desktop\FRST.txt
2013-09-25 11:09 - 2013-09-25 11:10 - 00011271 _____ C:\Users\Karla\Desktop\Addition.txt
2013-09-25 11:05 - 2013-09-25 11:05 - 00000000 ____D C:\FRST
2013-09-25 09:53 - 2013-09-25 09:54 - 03570845 _____ C:\Users\Karla\Desktop\proxmate.crx
2013-09-19 10:03 - 2013-09-19 11:04 - 01957966 _____ C:\Users\Karla\Desktop\HH nutrient consumption 2.xlsx
2013-09-12 00:26 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 00:26 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 00:26 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 00:26 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 00:26 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 00:26 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 00:26 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 23:27 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 23:27 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 23:26 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 23:26 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 23:26 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 23:26 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 23:26 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 23:26 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-08 12:11 - 2013-09-08 12:11 - 00000000 ____D C:\Windows\system32\sda
2013-09-08 12:08 - 2010-05-07 09:18 - 00230944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
2013-09-08 12:08 - 2010-03-04 15:23 - 09105408 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtsPStorIcon.dll
2013-09-03 10:41 - 2013-09-03 10:42 - 02907968 _____ (Cisco Systems, Inc.) C:\Users\Karla\Desktop\anyconnect-win-3.1.00495-web-deploy-k9.exe
2013-09-03 10:17 - 2013-09-28 09:55 - 00000000 ____D C:\Users\Karla\Documents\GLS Bank
2013-09-03 10:17 - 2013-09-03 10:18 - 00000000 ____D C:\Users\Karla\Documents\Uni
2013-09-02 15:55 - 2013-09-02 15:55 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-09-02 15:55 - 2013-09-02 15:55 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-09-02 15:55 - 2013-09-02 15:55 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-09-02 15:55 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-02 15:55 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-02 15:55 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-02 15:55 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-02 15:55 - 2013-08-30 09:48 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-02 15:55 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-02 15:55 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-02 15:55 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-02 15:55 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-02 15:53 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-02 15:52 - 2013-09-02 15:52 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-02 15:46 - 2013-09-02 15:52 - 00000000 ____D C:\ProgramData\AVAST Software

==================== One Month Modified Files and Folders =======

2013-10-01 19:26 - 2013-10-01 19:26 - 00000864 _____ C:\Users\Karla\Desktop\JRT.txt
2013-10-01 19:12 - 2013-10-01 19:12 - 00000000 ____D C:\Windows\ERUNT
2013-10-01 19:06 - 2013-06-29 14:44 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-01 19:01 - 2013-10-01 19:00 - 01030305 _____ (Thisisu) C:\Users\Karla\Desktop\JRT.exe
2013-10-01 19:01 - 2009-07-14 06:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-01 19:01 - 2009-07-14 06:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-01 18:57 - 2013-06-29 14:44 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-01 18:57 - 2013-06-28 21:11 - 01924137 _____ C:\Windows\WindowsUpdate.log
2013-10-01 18:56 - 2009-07-14 06:39 - 00077726 _____ C:\Windows\setupact.log
2013-10-01 18:53 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-01 18:43 - 2013-10-01 18:24 - 00000000 ____D C:\AdwCleaner
2013-10-01 18:22 - 2013-10-01 18:20 - 01045226 _____ C:\Users\Karla\Desktop\adwcleaner.exe
2013-10-01 18:06 - 2013-10-01 18:04 - 00749248 _____ C:\Users\Karla\Desktop\ZipExtractorSetup.exe
2013-10-01 16:48 - 2013-10-01 16:48 - 00000000 ____D C:\Users\Karla\AppData\Roaming\Malwarebytes
2013-10-01 16:38 - 2013-10-01 16:38 - 00001031 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-01 16:38 - 2013-10-01 16:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-01 16:37 - 2013-10-01 16:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-01 16:25 - 2013-10-01 16:24 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Karla\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-01 11:19 - 2013-10-01 11:12 - 00057791 _____ C:\Users\Karla\Downloads\Wihi-Plan 2013.xlsx
2013-09-30 20:21 - 2010-11-20 23:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-29 15:54 - 2013-09-29 15:53 - 00000222 _____ C:\Users\Karla\Downloads\ka_vela.vcf
2013-09-28 09:55 - 2013-09-03 10:17 - 00000000 ____D C:\Users\Karla\Documents\GLS Bank
2013-09-27 23:24 - 2013-09-27 23:23 - 00009799 _____ C:\Users\Karla\Downloads\Briefvorlagen.zip
2013-09-27 22:28 - 2013-08-19 15:19 - 00000000 ____D C:\Users\Karla\Documents\HBS
2013-09-27 12:38 - 2010-11-20 23:48 - 00007606 _____ C:\Windows\PFRO.log
2013-09-27 00:53 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-27 00:48 - 2013-09-27 00:48 - 00001963 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-09-27 00:46 - 2013-09-27 00:46 - 00012541 _____ C:\ComboFix.txt
2013-09-27 00:46 - 2013-09-27 00:13 - 00000000 ____D C:\Qoobox
2013-09-27 00:46 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-27 00:46 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-27 00:42 - 2013-09-27 00:12 - 00000000 ____D C:\Windows\erdnt
2013-09-27 00:39 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-25 22:06 - 2013-09-25 22:05 - 05130004 ____R (Swearware) C:\Users\Karla\Desktop\ComboFix.exe
2013-09-25 11:10 - 2013-09-25 11:10 - 00024925 _____ C:\Users\Karla\Desktop\FRST.txt
2013-09-25 11:10 - 2013-09-25 11:09 - 00011271 _____ C:\Users\Karla\Desktop\Addition.txt
2013-09-25 11:05 - 2013-09-25 11:05 - 00000000 ____D C:\FRST
2013-09-25 09:54 - 2013-09-25 09:53 - 03570845 _____ C:\Users\Karla\Desktop\proxmate.crx
2013-09-24 23:53 - 2013-06-28 13:16 - 00000000 ____D C:\Program Files\Probit Software
2013-09-23 12:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-21 14:12 - 2013-06-29 14:45 - 00002089 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-19 11:06 - 2013-08-14 12:48 - 00000000 ____D C:\Users\Karla\Documents\Arbeit
2013-09-19 11:04 - 2013-09-19 10:03 - 01957966 _____ C:\Users\Karla\Desktop\HH nutrient consumption 2.xlsx
2013-09-12 22:28 - 2013-06-30 20:17 - 00000000 ___RD C:\Program Files\Skype
2013-09-12 22:28 - 2013-06-30 20:17 - 00000000 ____D C:\ProgramData\Skype
2013-09-12 22:14 - 2009-07-14 06:33 - 00412432 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 00:25 - 2013-08-22 11:18 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 00:22 - 2013-08-22 11:17 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-08 12:11 - 2013-09-08 12:11 - 00000000 ____D C:\Windows\system32\sda
2013-09-08 12:09 - 2013-06-28 13:03 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-08 12:08 - 2013-06-28 13:03 - 00000000 ____D C:\Program Files\Realtek
2013-09-03 15:32 - 2013-08-16 11:12 - 00000000 ____D C:\Users\Karla\Documents\Citavi 4
2013-09-03 10:42 - 2013-09-03 10:41 - 02907968 _____ (Cisco Systems, Inc.) C:\Users\Karla\Desktop\anyconnect-win-3.1.00495-web-deploy-k9.exe
2013-09-03 10:18 - 2013-09-03 10:17 - 00000000 ____D C:\Users\Karla\Documents\Uni
2013-09-02 15:55 - 2013-09-02 15:55 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-09-02 15:55 - 2013-09-02 15:55 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-09-02 15:55 - 2013-09-02 15:55 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-09-02 15:54 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-09-02 15:52 - 2013-09-02 15:52 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-02 15:52 - 2013-09-02 15:46 - 00000000 ____D C:\ProgramData\AVAST Software

Some content of TEMP:
====================
C:\Users\Karla\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-23 12:33

==================== End Of Log ============================

--- --- ---

--- --- ---

wie sieht es aus "in" meinem Pc?

danke für deine Hilfe!

schrauber · 02.10.2013, 06:53

Schon besser

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Netbook sehr langsam

Plagegeister aller Art und deren Bekämpfung: Netbook sehr langsam