Hallo liebes Forenteam,

habe vor kurzem (ca 1,5 Monaten?) meinen PC neu aufgesetzt, wegen Verdacht auf Virusbefall, seit kurzem aber habe ich Probleme mit dem Internet, muss Seiten immer wieder neu laden und es ist sehr langsam. Mittlerweile hat auch mein PC diese "Rattergeräusche" wenn er arbeitet. Ich hoffe ihr könnt mir helfen.

FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by DunjaCarlos (administrator) on DUNJACARLOS-PC on 20-03-2014 22:42:12
Running from C:\Users\DunjaCarlos\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Windows\DAODx.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Salaat Time - www.salaattime.com) C:\Program Files (x86)\Salaat Time\SalaatTime.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
(
ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU\EPU.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2369536 2010-03-15] (VIA)
HKLM-x32\...\Run: [TurboV EVO] - C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [9936512 2010-07-15] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Six Engine] - C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-03-16] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [BCU] - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-26] (DeviceVM, Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1624422066-2509176335-3414399805-1000\...\Run: [SalaatTime] - C:\Program Files (x86)\Salaat Time\SalaatTime.exe [17199104 2013-03-10] (Salaat Time - www.salaattime.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x867CDB81881FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.)
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
SearchScopes: HKCU - DefaultScope {50E2F7FC-9885-4844-A6C6-B2BBBF5A1421} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
SearchScopes: HKCU - {50E2F7FC-9885-4844-A6C6-B2BBBF5A1421} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
SearchScopes: HKCU - {DBA5419D-022F-4fb4-A206-DA98A6C4B581} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF %3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\DunjaCarlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-01]
CHR Extension: (Google Drive) - C:\Users\DunjaCarlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-01]
CHR Extension: (YouTube) - C:\Users\DunjaCarlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-01]
CHR Extension: (Google-Suche) - C:\Users\DunjaCarlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-01]
CHR Extension: (AdBlock Premium) - C:\Users\DunjaCarlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-02-01]
CHR Extension: (Google Wallet) - C:\Users\DunjaCarlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-01]
CHR Extension: (Google Mail) - C:\Users\DunjaCarlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-01]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-24] ()
S3 jswpsapi; C:\Program Files (x86)\D-Link\DWA-547 revA\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-20 22:39 - 2014-03-20 22:42 - 00018508 _____ () C:\Users\DunjaCarlos\Downloads\Addition.txt
2014-03-20 22:39 - 2014-03-20 22:42 - 00010278 _____ () C:\Users\DunjaCarlos\Downloads\FRST.txt
2014-03-20 22:39 - 2014-03-20 22:42 - 00000000 ____D () C:\FRST
2014-03-20 22:37 - 2014-03-20 22:38 - 02157056 _____ (Farbar) C:\Users\DunjaCarlos\Downloads\FRST64.exe
2014-03-20 22:37 - 2014-03-20 22:37 - 00000256 _____ () C:\Users\DunjaCarlos\Downloads\defogger_enable.log
2014-03-20 22:33 - 2014-03-20 22:33 - 00000484 _____ () C:\Users\DunjaCarlos\Downloads\defogger_disable.log
2014-03-20 22:32 - 2014-03-20 22:32 - 00050477 _____ () C:\Users\DunjaCarlos\Downloads\Defogger.exe
2014-03-20 21:45 - 2014-03-20 21:45 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Roaming\Malwarebytes
2014-03-20 21:44 - 2014-03-20 21:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-20 21:44 - 2014-03-20 21:44 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-20 21:44 - 2014-03-20 21:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-20 21:44 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-20 21:43 - 2014-03-20 21:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\DunjaCarlos\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-20 21:42 - 2014-03-20 21:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\DunjaCarlos\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-20 21:05 - 2014-03-20 21:05 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Roaming\Avira
2014-03-20 21:03 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-20 21:03 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-20 21:03 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-20 21:02 - 2014-03-20 21:02 - 00000000 ____D () C:\ProgramData\Avira
2014-03-20 21:02 - 2014-03-20 21:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-20 21:02 - 2014-03-09 10:24 - 00000426 _____ () C:\AVScanner.ini
2014-03-20 20:57 - 2014-03-20 21:00 - 138607664 _____ () C:\Users\DunjaCarlos\Downloads\avira_free_antivirus_de_14.0.3.350.exe
2014-03-16 09:09 - 2014-03-16 09:09 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Local\Microsoft Games
2014-03-13 10:31 - 2014-03-13 10:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-03-13 10:30 - 2014-03-13 10:30 - 00000000 ____D () C:\Windows\PCHEALTH
2014-03-13 10:30 - 2014-03-13 10:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-03-13 10:28 - 2014-03-13 10:28 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-13 10:28 - 2014-03-13 10:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-03-13 10:27 - 2014-03-13 10:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 10:27 - 2014-03-13 10:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-13 10:27 - 2014-03-13 10:27 - 00000000 __RHD () C:\MSOCache
2014-03-13 10:27 - 2014-03-13 10:27 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Local\Microsoft Help
2014-03-02 10:23 - 2014-03-02 10:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-02 10:23 - 2014-03-02 10:23 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-02 10:22 - 2014-03-02 10:28 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-02 10:21 - 2014-03-02 10:27 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

2014-03-20 22:42 - 2014-03-20 22:39 - 00018508 _____ () C:\Users\DunjaCarlos\Downloads\Addition.txt
2014-03-20 22:42 - 2014-03-20 22:39 - 00010278 _____ () C:\Users\DunjaCarlos\Downloads\FRST.txt
2014-03-20 22:42 - 2014-03-20 22:39 - 00000000 ____D () C:\FRST
2014-03-20 22:38 - 2014-03-20 22:37 - 02157056 _____ (Farbar) C:\Users\DunjaCarlos\Downloads\FRST64.exe
2014-03-20 22:37 - 2014-03-20 22:37 - 00000256 _____ () C:\Users\DunjaCarlos\Downloads\defogger_enable.log
2014-03-20 22:37 - 2014-02-01 19:51 - 00000000 ____D () C:\Users\DunjaCarlos
2014-03-20 22:33 - 2014-03-20 22:33 - 00000484 _____ () C:\Users\DunjaCarlos\Downloads\defogger_disable.log
2014-03-20 22:33 - 2009-07-14 05:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-20 22:33 - 2009-07-14 05:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-20 22:32 - 2014-03-20 22:32 - 00050477 _____ () C:\Users\DunjaCarlos\Downloads\Defogger.exe
2014-03-20 22:30 - 2011-04-12 08:43 - 00653928 _____ () C:\Windows\system32\perfh007.dat
2014-03-20 22:30 - 2011-04-12 08:43 - 00129800 _____ () C:\Windows\system32\perfc007.dat
2014-03-20 22:30 - 2009-07-14 06:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-20 22:29 - 2014-02-01 19:51 - 02088674 _____ () C:\Windows\WindowsUpdate.log
2014-03-20 22:26 - 2012-05-09 12:18 - 00171139 _____ () C:\Windows\setupact.log
2014-03-20 22:25 - 2014-02-01 21:04 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-20 22:25 - 2014-02-01 19:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-20 22:25 - 2010-11-21 04:47 - 00172564 _____ () C:\Windows\PFRO.log
2014-03-20 22:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-20 22:24 - 2014-02-02 08:13 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-03-20 22:15 - 2014-02-01 21:04 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-20 21:45 - 2014-03-20 21:45 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Roaming\Malwarebytes
2014-03-20 21:45 - 2014-03-20 21:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-20 21:44 - 2014-03-20 21:44 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-20 21:44 - 2014-03-20 21:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-20 21:43 - 2014-03-20 21:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\DunjaCarlos\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-20 21:43 - 2014-03-20 21:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\DunjaCarlos\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-20 21:09 - 2014-02-02 08:04 - 00000000 ____D () C:\ProgramData\Panda Security
2014-03-20 21:09 - 2014-02-02 08:04 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-03-20 21:09 - 2009-07-14 05:45 - 00416336 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-20 21:05 - 2014-03-20 21:05 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Roaming\Avira
2014-03-20 21:05 - 2014-02-02 08:04 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Roaming\Panda Security
2014-03-20 21:05 - 2014-02-01 21:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-20 21:02 - 2014-03-20 21:02 - 00000000 ____D () C:\ProgramData\Avira
2014-03-20 21:02 - 2014-03-20 21:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-20 21:00 - 2014-03-20 20:57 - 138607664 _____ () C:\Users\DunjaCarlos\Downloads\avira_free_antivirus_de_14.0.3.350.exe
2014-03-20 21:00 - 2014-02-01 21:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-20 16:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-20 14:17 - 2014-02-02 10:24 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Roaming\vlc
2014-03-19 10:12 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-16 09:09 - 2014-03-16 09:09 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Local\Microsoft Games
2014-03-13 10:40 - 2014-02-01 21:03 - 00108840 _____ () C:\Users\DunjaCarlos\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-13 10:32 - 2014-03-13 10:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 10:31 - 2014-03-13 10:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-03-13 10:30 - 2014-03-13 10:30 - 00000000 ____D () C:\Windows\PCHEALTH
2014-03-13 10:30 - 2014-03-13 10:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-03-13 10:30 - 2014-03-13 10:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-13 10:30 - 2011-04-12 08:54 - 00000000 ____D () C:\Windows\ShellNew
2014-03-13 10:30 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-03-13 10:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-13 10:28 - 2014-03-13 10:28 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-13 10:28 - 2014-03-13 10:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-03-13 10:28 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-03-13 10:27 - 2014-03-13 10:27 - 00000000 __RHD () C:\MSOCache
2014-03-13 10:27 - 2014-03-13 10:27 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Local\Microsoft Help
2014-03-09 10:24 - 2014-03-20 21:02 - 00000426 _____ () C:\AVScanner.ini
2014-03-07 19:25 - 2014-02-02 10:17 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Roaming\Nico Mak Computing
2014-03-02 10:28 - 2014-03-02 10:22 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-02 10:27 - 2014-03-02 10:21 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Local\Adobe
2014-03-02 10:27 - 2014-02-01 20:39 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Roaming\Adobe
2014-03-02 10:23 - 2014-03-02 10:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-02 10:23 - 2014-03-02 10:23 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-25 11:41 - 2014-03-20 21:03 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-25 11:41 - 2014-03-20 21:03 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-25 11:41 - 2014-03-20 21:03 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-20 16:42 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

Some content of TEMP:
====================
C:\Users\DunjaCarlos\AppData\Local\Temp\avgnt.exe
C:\Users\DunjaCarlos\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 14:40

==================== End Of Log ============================


Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by DunjaCarlos at 2014-03-20 22:42:26
Running from C:\Users\DunjaCarlos\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Browser Configuration Utility (HKLM-x32\...\{D793423B-FF18-4A54-B9C9-75B3396BAAC4}) (Version: 1.0.10.0 - DeviceVM Inc.)
DWA-547 (HKLM-x32\...\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}) (Version: - D-Link)
EPU (HKLM-x32\...\{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}) (Version: 1.02.20 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 261.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 261.01 - NVIDIA Corporation)
NVIDIA Grafiktreiber 261.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 261.01 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.1.9.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.9.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.0.14.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6101 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 261.01 (Version: 261.01 - NVIDIA Corporation) Hidden
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Salaat Time 2.7 (HKLM\...\{F993F285-0F98-4E13-9421-41DB36806EE3}) (Version: 2.7 - Salaat Time - www.salaattime.com)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
TurboV EVO (HKLM-x32\...\{491D92A9-69CA-4EB4-81D3-0106F9337957}) (Version: 1.02.32 - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
YTD Video Downloader 4.7.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.2 - GreenTree Applications SRL)

==================== Restore Points =========================

20-02-2014 09:00:55 Geplanter Prüfpunkt
02-03-2014 18:53:03 Geplanter Prüfpunkt
10-03-2014 11:38:37 Geplanter Prüfpunkt
13-03-2014 09:27:20 Installed Microsoft Office Enterprise 2007
20-03-2014 13:47:35 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1F8F53F4-E5A0-4DBD-BA29-405E8F4C6AF3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {4B572DAC-3890-4A55-804B-A51449F32BC1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-01] (Google Inc.)
Task: {4C09C628-4E7B-4622-A409-9854FADF5A1A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {8C668661-32F4-476C-A9D1-A9249B8C8F4C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-01] (Google Inc.)
Task: {EEB402AB-AB8C-4B6D-9474-83AA0CD4732D} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [2010-07-07] (ASUSTeK Computer Inc.)
Task: {F0F74E96-B40F-469A-A4D9-50209A05AB66} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {FD548ABC-CCDB-428F-A459-74152EA0F6E0} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-03-30 07:32 - 2009-03-30 07:32 - 00032768 ____R () C:\Windows\DAODx.exe
2014-02-01 20:15 - 2010-06-24 07:19 - 00109056 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
2014-02-01 20:05 - 2009-05-07 09:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-02-01 20:05 - 2009-05-07 09:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-02-01 20:05 - 2008-01-18 07:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2014-02-01 20:05 - 2010-03-02 08:31 - 64105984 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-03-20 21:03 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-02-01 20:15 - 2010-02-08 17:19 - 00053248 _____ () C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
2014-02-01 20:15 - 2010-06-01 10:38 - 00253952 _____ () C:\Program Files\ASUS\TurboV EVO\pngio.dll
2014-02-01 21:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-01 21:15 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-01 21:15 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-01 21:15 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-01 21:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-02-01 20:43 - 2009-10-07 16:58 - 00376832 _____ () C:\Program Files (x86)\D-Link\DWA-547 revA\WlanDll.dll
2014-02-01 20:43 - 2009-09-08 18:04 - 00208896 _____ () C:\Program Files (x86)\D-Link\DWA-547 revA\WlanWPS.dll
2014-02-01 20:15 - 2010-06-01 10:38 - 00061440 _____ () C:\Program Files\ASUS\TurboV EVO\flashobj.dll
2014-02-01 20:15 - 2009-04-22 20:20 - 00179712 _____ () C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL
2014-02-01 20:15 - 2010-01-08 17:17 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU\pngio.dll
2014-02-01 20:15 - 2010-01-08 17:17 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
2009-06-27 10:11 - 2009-06-27 10:11 - 00503202 _____ () C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
2014-03-15 19:19 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 19:19 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 19:19 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 19:19 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 19:19 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 19:19 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 19:19 - 2014-03-15 01:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2014 10:25:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2014 09:09:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2014 07:16:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2014 00:11:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2014 09:40:47 AM) (Source: Application Hang) (User: )
Description: Programm chrome.exe, Version 33.0.1750.154 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ed4

Startzeit: 01cf4417eec130cc

Endzeit: 4

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: 538f8328-b00b-11e3-8937-bcaec55be401

Error: (03/20/2014 09:31:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2014 09:24:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/19/2014 11:32:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/19/2014 11:05:32 PM) (Source: Application Hang) (User: )
Description: Programm chrome.exe, Version 33.0.1750.154 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2278

Startzeit: 01cf43b7c3a7db4a

Endzeit: 5

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: 944e74b1-afb2-11e3-9753-bcaec55be401

Error: (03/19/2014 07:34:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/20/2014 10:24:38 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/19/2014 08:59:17 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.1
registriert werden. Der Computer mit IP-Adresse 10.0.0.2 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/18/2014 01:49:05 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎18.‎03.‎2014 um 11:16:58 unerwartet heruntergefahren.

Error: (03/17/2014 11:04:44 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/16/2014 00:07:48 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/15/2014 10:03:01 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/15/2014 00:35:10 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎15.‎03.‎2014 um 12:30:25 unerwartet heruntergefahren.

Error: (03/12/2014 04:05:18 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/12/2014 03:26:05 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎12.‎03.‎2014 um 13:30:48 unerwartet heruntergefahren.

Error: (03/11/2014 11:15:49 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 4094.18 MB
Available physical RAM: 2080.39 MB
Total Pagefile: 8186.54 MB
Available Pagefile: 5512.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.87 GB) (Free:258.49 GB) NTFS
Drive d: () (Fixed) (Total:292.97 GB) (Free:212.84 GB) NTFS
Drive e: () (Fixed) (Total:345.57 GB) (Free:202.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 61B2FBA9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=346 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Gmer:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-20 22:59:33
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721010CLA332 rev.JP4OA3MA 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\DUNJAC~1\AppData\Local\Temp\ffldrpob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fbb000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff80002fbb011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[932] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075511465 2 bytes [51, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[932] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000755114bb 2 bytes [51, 75]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3756] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075511465 2 bytes [51, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3756] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000755114bb 2 bytes [51, 75]
.text ... * 2
---- Processes - GMER 2.1 ----

Library C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll (*** suspicious ***) @ C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [3552](2009-06-27 09:11:12) 0000000060900000

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{22C2F627-D0B0-43AA-A8F6-D2CE58AA0927}@LeaseObtainedTime 1395352585
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{22C2F627-D0B0-43AA-A8F6-D2CE58AA0927}@T1 1395395785
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{22C2F627-D0B0-43AA-A8F6-D2CE58AA0927}@T2 1395428185
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{22C2F627-D0B0-43AA-A8F6-D2CE58AA0927}@LeaseTerminatesTime 1395438985

---- EOF - GMER 2.1 ----

mbam:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.20.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
DunjaCarlos :: DUNJACARLOS-PC [Administrator]

Schutz: Aktiviert

20.03.2014 21:47:23
mbam-log-2014-03-20 (21-47-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 316697
Laufzeit: 36 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\ProgramData\YTD Video Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\DunjaCarlos\Downloads\SoftonicDownloader_fuer_wettercenter.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\DunjaCarlos\Downloads\YTD471Setup.exe (PUP.Optional.Spigot.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Setup\Scripts\Windows7Loader.exe (Trojan.Agent.W) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Carlos\Programme\Autodata.2011.v3.38.GERMAN-PillePalle\AUTODATA 3.38 EN\ADCDA2\ADBCD.exe (Spyware.PWS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Zitat:

D:\Carlos\Programme\Autodata.2011.v3.38.GERMAN-PillePalle\AUTODATA 3.38 EN\ADCDA2\ADBCD.exe (Spyware.PWS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

Zitat:

Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
13-03-2014 09:27:20 Installed Microsoft Office Enterprise 2007

Windows 7 Ultimate und Office Enterprise sind aber legal? Gewerblich genutzer Rechner?

Es tut mir Leid, bin nicht der einzige Nutzer auf diesem PC. Hoffe es ist nun alles entfernt, diese Autodata habe ich so eben gelöscht.

Was ist mit meiner Frage zu Win7 Ultimate und dem Enterprise Office?

Ja der Rechner wird auch gewerblich genützt
die Win7 ist legal, das Office habe ich nicht selbst installiert, aber nehme an es ist in Ordnung?

Zitat:

Ja der Rechner wird auch gewerblich genützt

Firmenrechner werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:

3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.

Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne..

haben wir nicht, könnt ihr bitte eine Ausnahme machen auch wenn ich es in der ersten Anfrage nicht angegeben habe, hatte diese Regel leider nicht gelesen.

Vielen Dank
mfg

Ja kein Problem, darum geht es weniger, es geht um den farbig hervorgehoben Teil.
Den hast du gelesen und verstanden?

Vielen Dank, ja das ist kein Problem da der PC vor kurzem neu aufgesetzt wurde und alle Daten verschoben wurden und noch keine auf diesem PC sind.

Danke

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Code: Alles auswählenAufklappen

ATTFilter

Combofix Logfile:

	
Code: 

Alles auswählenAufklappen 
ATTFilter

  
	
ComboFix 14-03-19.01 - DunjaCarlos 21.03.2014  19:23:11.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4094.1856 [GMT 1:00]
ausgeführt von:: c:\users\DunjaCarlos\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-02-21 bis 2014-03-21  ))))))))))))))))))))))))))))))
.
.
2014-03-21 18:25 . 2014-03-21 18:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-03-21 16:09 . 2014-03-21 16:08	84720	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-03-20 21:39 . 2014-03-20 21:42	--------	d-----w-	C:\FRST
2014-03-20 20:45 . 2014-03-20 20:45	--------	d-----w-	c:\users\DunjaCarlos\AppData\Roaming\Malwarebytes
2014-03-20 20:44 . 2014-03-20 20:44	--------	d-----w-	c:\programdata\Malwarebytes
2014-03-20 20:44 . 2014-03-20 20:45	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-20 20:44 . 2013-04-04 13:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-03-20 20:05 . 2014-03-20 20:05	--------	d-----w-	c:\users\DunjaCarlos\AppData\Roaming\Avira
2014-03-20 20:03 . 2014-02-25 10:41	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2014-03-20 20:03 . 2014-02-25 10:41	131576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-03-20 20:03 . 2014-02-25 10:41	108440	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-03-20 20:02 . 2014-03-20 20:02	--------	d-----w-	c:\programdata\Avira
2014-03-20 20:02 . 2014-03-20 20:02	--------	d-----w-	c:\program files (x86)\Avira
2014-03-16 08:09 . 2014-03-16 08:09	--------	d-----w-	c:\users\DunjaCarlos\AppData\Local\Microsoft Games
2014-03-13 09:31 . 2014-03-13 09:31	--------	d-----w-	c:\program files (x86)\Microsoft Works
2014-03-13 09:30 . 2014-03-13 09:30	--------	d-----w-	c:\windows\PCHEALTH
2014-03-13 09:28 . 2014-03-13 09:28	--------	d-----w-	c:\program files\Microsoft Office
2014-03-13 09:28 . 2014-03-13 09:28	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2014-03-13 09:27 . 2014-03-13 09:27	--------	d-----w-	c:\users\DunjaCarlos\AppData\Local\Microsoft Help
2014-03-13 09:27 . 2014-03-13 09:32	--------	d-----w-	c:\programdata\Microsoft Help
2014-03-13 09:27 . 2014-03-13 09:27	--------	d-----r-	C:\MSOCache
2014-03-13 09:18 . 2008-05-07 18:59	99840	----a-w-	c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL
2014-03-13 09:17 . 2014-03-13 09:17	--------	d-----w-	c:\users\DunjaCarlos\AppData\Local\ElevatedDiagnostics
2014-03-02 09:23 . 2014-03-02 09:23	--------	d-----w-	c:\programdata\McAfee
2014-03-02 09:23 . 2014-03-02 09:23	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2014-03-02 09:21 . 2014-03-02 09:27	--------	d-----w-	c:\users\DunjaCarlos\AppData\Local\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-06 12:16 . 2014-02-12 20:40	23170048	----a-w-	c:\windows\system32\mshtml.dll
2014-02-06 11:30 . 2014-02-12 20:40	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-02-06 11:30 . 2014-02-12 20:40	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-02-06 11:12 . 2014-02-12 20:40	2765824	----a-w-	c:\windows\system32\iertutil.dll
2014-02-06 11:07 . 2014-02-12 20:40	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-02-06 11:06 . 2014-02-12 20:40	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-02-06 10:57 . 2014-02-12 20:40	53760	----a-w-	c:\windows\system32\jsproxy.dll
2014-02-06 10:56 . 2014-02-12 20:40	33792	----a-w-	c:\windows\system32\iernonce.dll
2014-02-06 10:52 . 2014-02-12 20:40	574976	----a-w-	c:\windows\system32\ieui.dll
2014-02-06 10:49 . 2014-02-12 20:40	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-02-06 10:48 . 2014-02-12 20:40	111616	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-02-06 10:48 . 2014-02-12 20:40	708608	----a-w-	c:\windows\system32\jscript9diag.dll
2014-02-06 10:32 . 2014-02-12 20:40	218624	----a-w-	c:\windows\system32\ie4uinit.exe
2014-02-06 10:20 . 2014-02-12 20:40	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-02-06 10:17 . 2014-02-12 20:40	195584	----a-w-	c:\windows\system32\msrating.dll
2014-02-06 10:11 . 2014-02-12 20:40	5768704	----a-w-	c:\windows\system32\jscript9.dll
2014-02-06 10:01 . 2014-02-12 20:40	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-02-06 10:00 . 2014-02-12 20:40	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:57 . 2014-02-12 20:40	627200	----a-w-	c:\windows\system32\msfeeds.dll
2014-02-06 09:50 . 2014-02-12 20:40	2041856	----a-w-	c:\windows\system32\inetcpl.cpl
2014-02-06 09:47 . 2014-02-12 20:40	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-02-06 09:46 . 2014-02-12 20:40	553472	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-02-06 09:25 . 2014-02-12 20:40	4244480	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-02-06 09:24 . 2014-02-12 20:40	2334208	----a-w-	c:\windows\system32\wininet.dll
2014-02-06 09:22 . 2014-02-12 20:40	13051392	----a-w-	c:\windows\system32\ieframe.dll
2014-02-06 09:09 . 2014-02-12 20:40	1964032	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-02-06 08:55 . 2014-02-12 20:40	1393664	----a-w-	c:\windows\system32\urlmon.dll
2014-02-06 08:41 . 2014-02-12 20:40	1820160	----a-w-	c:\windows\SysWow64\wininet.dll
2014-02-06 08:40 . 2014-02-12 20:40	817664	----a-w-	c:\windows\system32\ieapfltr.dll
2014-02-02 21:52 . 2014-02-02 21:52	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-02-02 21:52 . 2014-02-02 21:52	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2014-02-02 21:52 . 2014-02-02 21:52	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-02-02 21:52 . 2014-02-02 21:52	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2014-02-02 21:52 . 2014-02-02 21:52	235008	----a-w-	c:\windows\system32\elshyph.dll
2014-02-02 21:52 . 2014-02-02 21:52	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2014-02-02 21:52 . 2014-02-02 21:52	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2014-02-02 21:52 . 2014-02-02 21:52	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2014-02-02 21:52 . 2014-02-02 21:52	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2014-02-02 21:52 . 2014-02-02 21:52	61952	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-02-02 21:52 . 2014-02-02 21:52	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2014-02-02 21:52 . 2014-02-02 21:52	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2014-02-02 21:52 . 2014-02-02 21:52	34816	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-02-02 21:52 . 2014-02-02 21:52	337408	----a-w-	c:\windows\SysWow64\html.iec
2014-02-02 21:52 . 2014-02-02 21:52	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2014-02-02 21:52 . 2014-02-02 21:52	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2014-02-02 21:52 . 2014-02-02 21:52	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2014-02-02 21:52 . 2014-02-02 21:52	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2014-02-02 21:52 . 2014-02-02 21:52	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2014-02-02 21:52 . 2014-02-02 21:52	1051136	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-02-02 21:52 . 2014-02-02 21:52	942592	----a-w-	c:\windows\system32\jsIntl.dll
2014-02-02 21:52 . 2014-02-02 21:52	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2014-02-02 21:52 . 2014-02-02 21:52	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2014-02-02 21:52 . 2014-02-02 21:52	247808	----a-w-	c:\windows\system32\msls31.dll
2014-02-02 21:52 . 2014-02-02 21:52	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2014-02-02 21:52 . 2014-02-02 21:52	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2014-02-02 21:52 . 2014-02-02 21:52	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2014-02-02 21:52 . 2014-02-02 21:52	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-02-02 21:52 . 2014-02-02 21:52	81408	----a-w-	c:\windows\system32\icardie.dll
2014-02-02 21:52 . 2014-02-02 21:52	77312	----a-w-	c:\windows\system32\tdc.ocx
2014-02-02 21:52 . 2014-02-02 21:52	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2014-02-02 21:52 . 2014-02-02 21:52	48640	----a-w-	c:\windows\system32\mshtmler.dll
2014-02-02 21:52 . 2014-02-02 21:52	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2014-02-02 21:52 . 2014-02-02 21:52	413696	----a-w-	c:\windows\system32\html.iec
2014-02-02 21:52 . 2014-02-02 21:52	40448	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-02-02 21:52 . 2014-02-02 21:52	30208	----a-w-	c:\windows\system32\licmgr10.dll
2014-02-02 21:52 . 2014-02-02 21:52	296960	----a-w-	c:\windows\system32\dxtrans.dll
2014-02-02 21:52 . 2014-02-02 21:52	263376	----a-w-	c:\windows\system32\iedkcs32.dll
2014-02-02 21:52 . 2014-02-02 21:52	243200	----a-w-	c:\windows\system32\webcheck.dll
2014-02-02 21:52 . 2014-02-02 21:52	235520	----a-w-	c:\windows\system32\url.dll
2014-02-02 21:52 . 2014-02-02 21:52	167424	----a-w-	c:\windows\system32\iexpress.exe
2014-02-02 21:52 . 2014-02-02 21:52	143872	----a-w-	c:\windows\system32\wextract.exe
2014-02-02 21:52 . 2014-02-02 21:52	1228800	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-02-02 21:52 . 2014-02-02 21:52	105984	----a-w-	c:\windows\system32\iesysprep.dll
2014-02-02 21:52 . 2014-02-02 21:52	101376	----a-w-	c:\windows\system32\inseng.dll
2014-02-02 21:52 . 2014-02-02 21:52	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-02-02 21:52 . 2014-02-02 21:52	774144	----a-w-	c:\windows\system32\jscript.dll
2014-02-02 21:52 . 2014-02-02 21:52	62464	----a-w-	c:\windows\system32\pngfilt.dll
2014-02-02 21:52 . 2014-02-02 21:52	48128	----a-w-	c:\windows\system32\imgutil.dll
2014-02-02 21:52 . 2014-02-02 21:52	147968	----a-w-	c:\windows\system32\occache.dll
2014-02-02 21:52 . 2014-02-02 21:52	13824	----a-w-	c:\windows\system32\mshta.exe
2014-02-02 21:52 . 2014-02-02 21:52	135680	----a-w-	c:\windows\system32\iepeers.dll
2014-02-02 21:45 . 2014-02-02 21:45	878080	----a-w-	c:\windows\system32\advapi32.dll
2014-02-02 21:45 . 2014-02-02 21:45	859648	----a-w-	c:\windows\system32\tdh.dll
2014-02-02 21:45 . 2014-02-02 21:45	5549504	----a-w-	c:\windows\system32\ntoskrnl.exe
2014-02-02 21:45 . 2014-02-02 21:45	362496	----a-w-	c:\windows\system32\wow64win.dll
2014-02-02 21:45 . 2014-02-02 21:45	243712	----a-w-	c:\windows\system32\wow64.dll
2014-02-02 21:45 . 2014-02-02 21:45	1732032	----a-w-	c:\windows\system32\ntdll.dll
2014-02-02 21:45 . 2014-02-02 21:45	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2014-02-02 21:45 . 2014-02-02 21:45	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2014-02-02 21:45 . 2014-02-02 21:45	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2014-02-02 21:45 . 2014-02-02 21:45	640512	----a-w-	c:\windows\SysWow64\advapi32.dll
2014-02-02 21:45 . 2014-02-02 21:45	619520	----a-w-	c:\windows\SysWow64\tdh.dll
2014-02-02 21:45 . 2014-02-02 21:45	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2014-02-02 21:45 . 2014-02-02 21:45	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-02-02 21:45 . 2014-02-02 21:45	3969472	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2014-02-02 21:45 . 2014-02-02 21:45	3914176	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2014-02-02 21:45 . 2014-02-02 21:45	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2014-02-02 21:45 . 2014-02-02 21:45	2048	----a-w-	c:\windows\SysWow64\user.exe
2014-02-02 21:45 . 2014-02-02 21:45	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2014-02-02 21:45 . 2014-02-02 21:45	1292192	----a-w-	c:\windows\SysWow64\ntdll.dll
2013-03-08 01:46	94208	--sh--w-	c:\windows\SysWOW64\SalaatTime.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SalaatTime"="c:\program files (x86)\Salaat Time\SalaatTime.exe" [2013-03-10 17199104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-15 9936512]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files (x86)\D-Link\DWA-547 revA\wirelesscm.exe [2014-2-1 517440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EraserUtilDrv11312;EraserUtilDrv11312;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\D-Link\DWA-547 revA\jswpsapi.exe;c:\program files (x86)\D-Link\DWA-547 revA\jswpsapi.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 18:17	1150280	----a-w-	c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-01 20:03]
.
2014-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-01 20:03]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-03-21  19:27:22
ComboFix-quarantined-files.txt  2014-03-21 18:27
.
Vor Suchlauf: 7 Verzeichnis(se), 277.070.602.240 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 276.665.196.544 Bytes frei
.
- - End Of File - - AE193B468DF9A965AF11C6BB7EBE5AC7
         
 
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
         

Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Vielen Dank für deine Antwort und die Hilfe.

1. Schritt AdwCleaner

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.022 - Bericht erstellt am 22/03/2014 um 22:35:04
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : DunjaCarlos - DUNJACARLOS-PC
# Gestartet von : C:\Users\DunjaCarlos\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : BCUService

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\DeviceVM
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Datei Gelöscht : C:\Windows\System32\roboot64.exe

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Schlüssel Gelöscht : HKCU\Software\DeviceVM
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D793423B-FF18-4A54-B9C9-75B3396BAAC4}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\DunjaCarlos\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1679 octets] - [22/03/2014 22:34:25]
AdwCleaner[S0].txt - [1502 octets] - [22/03/2014 22:35:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1562 octets] ##########
         

2. Schritt JRT:

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by DunjaCarlos on 22.03.2014 at 22:40:12,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.03.2014 at 22:43:54,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

3. Schritt FRST:


FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by DunjaCarlos (administrator) on DUNJACARLOS-PC on 22-03-2014 22:47:17
Running from C:\Users\DunjaCarlos\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
() C:\Windows\DAODx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Salaat Time - www.salaattime.com) C:\Program Files (x86)\Salaat Time\SalaatTime.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
(
ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU\EPU.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2369536 2010-03-15] (VIA)
HKLM-x32\...\Run: [TurboV EVO] - C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [9936512 2010-07-15] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Six Engine] - C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-03-16] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1624422066-2509176335-3414399805-1000\...\Run: [SalaatTime] - C:\Program Files (x86)\Salaat Time\SalaatTime.exe [17199104 2013-03-10] (Salaat Time - www.salaattime.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x867CDB81881FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {50E2F7FC-9885-4844-A6C6-B2BBBF5A1421} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
SearchScopes: HKCU - {DBA5419D-022F-4fb4-A206-DA98A6C4B581} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\DunjaCarlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-01]
CHR Extension: (Google Drive) - C:\Users\DunjaCarlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-01]
CHR Extension: (YouTube) - C:\Users\DunjaCarlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-01]
CHR Extension: (Google-Suche) - C:\Users\DunjaCarlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-01]
CHR Extension: (AdBlock Premium) - C:\Users\DunjaCarlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2014-02-01]
CHR Extension: (Google Wallet) - C:\Users\DunjaCarlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-01]
CHR Extension: (Google Mail) - C:\Users\DunjaCarlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-01]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-24] ()
S3 jswpsapi; C:\Program Files (x86)\D-Link\DWA-547 revA\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-22 22:43 - 2014-03-22 22:43 - 00000807 _____ () C:\Users\DunjaCarlos\Desktop\JRT.txt
2014-03-22 22:40 - 2014-03-22 22:40 - 00000000 ____D () C:\Windows\ERUNT
2014-03-22 22:39 - 2014-03-22 22:39 - 01037734 _____ (Thisisu) C:\Users\DunjaCarlos\Downloads\JRT.exe
2014-03-22 22:37 - 2014-03-22 22:37 - 00001642 _____ () C:\Users\DunjaCarlos\Desktop\AdwCleaner[S0].txt
2014-03-22 22:34 - 2014-03-22 22:35 - 00000000 ____D () C:\AdwCleaner
2014-03-22 22:33 - 2014-03-22 22:33 - 01950720 _____ () C:\Users\DunjaCarlos\Downloads\adwcleaner.exe
2014-03-22 09:39 - 2014-03-22 09:39 - 00000000 ____D () C:\Windows\pss
2014-03-21 19:30 - 2014-03-21 19:30 - 00022918 _____ () C:\Users\DunjaCarlos\Desktop\Combofix.txt
2014-03-21 19:27 - 2014-03-21 19:27 - 00022918 _____ () C:\ComboFix.txt
2014-03-21 19:22 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-21 19:22 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-21 19:22 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-21 19:22 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-21 19:22 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-21 19:22 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-21 19:22 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-21 19:22 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-21 19:17 - 2014-03-21 19:27 - 00000000 ____D () C:\Qoobox
2014-03-21 19:17 - 2014-03-21 19:26 - 00000000 ____D () C:\Windows\erdnt
2014-03-21 19:17 - 2014-03-21 19:17 - 05190052 ____R (Swearware) C:\Users\DunjaCarlos\Downloads\ComboFix.exe
2014-03-21 17:09 - 2014-03-21 17:08 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-21 00:57 - 2014-03-21 00:58 - 13697720 _____ (Microsoft Corporation) C:\Users\DunjaCarlos\Downloads\mseinstall.exe
2014-03-20 22:59 - 2014-03-20 22:59 - 00003503 _____ () C:\Users\DunjaCarlos\Desktop\Gmer.txt
2014-03-20 22:50 - 2014-03-20 22:50 - 00380416 _____ () C:\Users\DunjaCarlos\Downloads\Gmer-19357.exe
2014-03-20 22:39 - 2014-03-22 22:47 - 00008860 _____ () C:\Users\DunjaCarlos\Downloads\FRST.txt
2014-03-20 22:39 - 2014-03-22 22:47 - 00000000 ____D () C:\FRST
2014-03-20 22:39 - 2014-03-20 22:42 - 00018508 _____ () C:\Users\DunjaCarlos\Downloads\Addition.txt
2014-03-20 22:37 - 2014-03-20 22:38 - 02157056 _____ (Farbar) C:\Users\DunjaCarlos\Downloads\FRST64.exe
2014-03-20 22:37 - 2014-03-20 22:37 - 00000256 _____ () C:\Users\DunjaCarlos\Downloads\defogger_enable.log
2014-03-20 22:33 - 2014-03-20 22:33 - 00000484 _____ () C:\Users\DunjaCarlos\Downloads\defogger_disable.log
2014-03-20 22:32 - 2014-03-20 22:32 - 00050477 _____ () C:\Users\DunjaCarlos\Downloads\Defogger.exe
2014-03-20 21:45 - 2014-03-20 21:45 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Roaming\Malwarebytes
2014-03-20 21:44 - 2014-03-20 21:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-20 21:44 - 2014-03-20 21:44 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-20 21:44 - 2014-03-20 21:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-20 21:44 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-20 21:43 - 2014-03-20 21:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\DunjaCarlos\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-20 21:42 - 2014-03-20 21:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\DunjaCarlos\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-20 21:05 - 2014-03-20 21:05 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Roaming\Avira
2014-03-20 21:03 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-20 21:03 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-20 21:03 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-20 21:02 - 2014-03-20 21:02 - 00000000 ____D () C:\ProgramData\Avira
2014-03-20 21:02 - 2014-03-20 21:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-20 21:02 - 2014-03-09 10:24 - 00000426 _____ () C:\AVScanner.ini
2014-03-20 20:57 - 2014-03-20 21:00 - 138607664 _____ () C:\Users\DunjaCarlos\Downloads\avira_free_antivirus_de_14.0.3.350.exe
2014-03-16 09:09 - 2014-03-16 09:09 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Local\Microsoft Games
2014-03-13 10:31 - 2014-03-13 10:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-03-13 10:30 - 2014-03-13 10:30 - 00000000 ____D () C:\Windows\PCHEALTH
2014-03-13 10:30 - 2014-03-13 10:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-03-13 10:28 - 2014-03-13 10:28 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-13 10:28 - 2014-03-13 10:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-03-13 10:27 - 2014-03-13 10:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 10:27 - 2014-03-13 10:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-13 10:27 - 2014-03-13 10:27 - 00000000 ___RD () C:\MSOCache
2014-03-13 10:27 - 2014-03-13 10:27 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Local\Microsoft Help
2014-03-02 10:23 - 2014-03-02 10:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-02 10:23 - 2014-03-02 10:23 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-02 10:22 - 2014-03-02 10:28 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-02 10:21 - 2014-03-02 10:27 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

2014-03-22 22:47 - 2014-03-20 22:39 - 00008860 _____ () C:\Users\DunjaCarlos\Downloads\FRST.txt
2014-03-22 22:47 - 2014-03-20 22:39 - 00000000 ____D () C:\FRST
2014-03-22 22:44 - 2009-07-14 05:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 22:44 - 2009-07-14 05:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 22:43 - 2014-03-22 22:43 - 00000807 _____ () C:\Users\DunjaCarlos\Desktop\JRT.txt
2014-03-22 22:41 - 2011-04-12 08:43 - 00653928 _____ () C:\Windows\system32\perfh007.dat
2014-03-22 22:41 - 2011-04-12 08:43 - 00129800 _____ () C:\Windows\system32\perfc007.dat
2014-03-22 22:41 - 2009-07-14 06:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-22 22:40 - 2014-03-22 22:40 - 00000000 ____D () C:\Windows\ERUNT
2014-03-22 22:40 - 2014-02-01 19:51 - 01063438 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 22:39 - 2014-03-22 22:39 - 01037734 _____ (Thisisu) C:\Users\DunjaCarlos\Downloads\JRT.exe
2014-03-22 22:37 - 2014-03-22 22:37 - 00001642 _____ () C:\Users\DunjaCarlos\Desktop\AdwCleaner[S0].txt
2014-03-22 22:36 - 2014-02-01 21:04 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-22 22:36 - 2014-02-01 19:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-22 22:36 - 2012-05-09 12:18 - 00180715 _____ () C:\Windows\setupact.log
2014-03-22 22:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-22 22:35 - 2014-03-22 22:34 - 00000000 ____D () C:\AdwCleaner
2014-03-22 22:33 - 2014-03-22 22:33 - 01950720 _____ () C:\Users\DunjaCarlos\Downloads\adwcleaner.exe
2014-03-22 22:15 - 2014-02-01 21:04 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-22 09:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-22 09:39 - 2014-03-22 09:39 - 00000000 ____D () C:\Windows\pss
2014-03-22 08:09 - 2014-02-01 21:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-22 08:09 - 2010-11-21 04:47 - 00175764 _____ () C:\Windows\PFRO.log
2014-03-21 19:30 - 2014-03-21 19:30 - 00022918 _____ () C:\Users\DunjaCarlos\Desktop\Combofix.txt
2014-03-21 19:27 - 2014-03-21 19:27 - 00022918 _____ () C:\ComboFix.txt
2014-03-21 19:27 - 2014-03-21 19:17 - 00000000 ____D () C:\Qoobox
2014-03-21 19:27 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-21 19:26 - 2014-03-21 19:17 - 00000000 ____D () C:\Windows\erdnt
2014-03-21 19:26 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-21 19:21 - 2014-02-01 21:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-21 19:17 - 2014-03-21 19:17 - 05190052 ____R (Swearware) C:\Users\DunjaCarlos\Downloads\ComboFix.exe
2014-03-21 17:08 - 2014-03-21 17:09 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-21 11:02 - 2014-02-02 10:24 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Roaming\vlc
2014-03-21 00:58 - 2014-03-21 00:57 - 13697720 _____ (Microsoft Corporation) C:\Users\DunjaCarlos\Downloads\mseinstall.exe
2014-03-20 22:59 - 2014-03-20 22:59 - 00003503 _____ () C:\Users\DunjaCarlos\Desktop\Gmer.txt
2014-03-20 22:54 - 2014-02-01 21:03 - 00108840 _____ () C:\Users\DunjaCarlos\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-20 22:50 - 2014-03-20 22:50 - 00380416 _____ () C:\Users\DunjaCarlos\Downloads\Gmer-19357.exe
2014-03-20 22:42 - 2014-03-20 22:39 - 00018508 _____ () C:\Users\DunjaCarlos\Downloads\Addition.txt
2014-03-20 22:38 - 2014-03-20 22:37 - 02157056 _____ (Farbar) C:\Users\DunjaCarlos\Downloads\FRST64.exe
2014-03-20 22:37 - 2014-03-20 22:37 - 00000256 _____ () C:\Users\DunjaCarlos\Downloads\defogger_enable.log
2014-03-20 22:37 - 2014-02-01 19:51 - 00000000 ____D () C:\Users\DunjaCarlos
2014-03-20 22:33 - 2014-03-20 22:33 - 00000484 _____ () C:\Users\DunjaCarlos\Downloads\defogger_disable.log
2014-03-20 22:32 - 2014-03-20 22:32 - 00050477 _____ () C:\Users\DunjaCarlos\Downloads\Defogger.exe
2014-03-20 21:45 - 2014-03-20 21:45 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Roaming\Malwarebytes
2014-03-20 21:45 - 2014-03-20 21:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-20 21:44 - 2014-03-20 21:44 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-20 21:44 - 2014-03-20 21:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-20 21:43 - 2014-03-20 21:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\DunjaCarlos\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-20 21:43 - 2014-03-20 21:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\DunjaCarlos\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-20 21:09 - 2014-02-02 08:04 - 00000000 ____D () C:\ProgramData\Panda Security
2014-03-20 21:09 - 2014-02-02 08:04 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-03-20 21:09 - 2009-07-14 05:45 - 00416336 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-20 21:05 - 2014-03-20 21:05 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Roaming\Avira
2014-03-20 21:05 - 2014-02-02 08:04 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Roaming\Panda Security
2014-03-20 21:02 - 2014-03-20 21:02 - 00000000 ____D () C:\ProgramData\Avira
2014-03-20 21:02 - 2014-03-20 21:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-20 21:00 - 2014-03-20 20:57 - 138607664 _____ () C:\Users\DunjaCarlos\Downloads\avira_free_antivirus_de_14.0.3.350.exe
2014-03-19 10:12 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-16 09:09 - 2014-03-16 09:09 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Local\Microsoft Games
2014-03-13 10:32 - 2014-03-13 10:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 10:31 - 2014-03-13 10:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-03-13 10:30 - 2014-03-13 10:30 - 00000000 ____D () C:\Windows\PCHEALTH
2014-03-13 10:30 - 2014-03-13 10:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-03-13 10:30 - 2014-03-13 10:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-13 10:30 - 2011-04-12 08:54 - 00000000 ____D () C:\Windows\ShellNew
2014-03-13 10:30 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-03-13 10:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-13 10:28 - 2014-03-13 10:28 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-13 10:28 - 2014-03-13 10:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-03-13 10:28 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-03-13 10:27 - 2014-03-13 10:27 - 00000000 ___RD () C:\MSOCache
2014-03-13 10:27 - 2014-03-13 10:27 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Local\Microsoft Help
2014-03-09 10:24 - 2014-03-20 21:02 - 00000426 _____ () C:\AVScanner.ini
2014-03-07 19:25 - 2014-02-02 10:17 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Roaming\Nico Mak Computing
2014-03-02 10:28 - 2014-03-02 10:22 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-02 10:27 - 2014-03-02 10:21 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Local\Adobe
2014-03-02 10:27 - 2014-02-01 20:39 - 00000000 ____D () C:\Users\DunjaCarlos\AppData\Roaming\Adobe
2014-03-02 10:23 - 2014-03-02 10:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-02 10:23 - 2014-03-02 10:23 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-25 11:41 - 2014-03-20 21:03 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-25 11:41 - 2014-03-20 21:03 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-25 11:41 - 2014-03-20 21:03 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-20 16:42 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

Some content of TEMP:
====================
C:\Users\DunjaCarlos\AppData\Local\Temp\avgnt.exe
C:\Users\DunjaCarlos\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 14:40

==================== End Of Log ============================
         

--- --- ---


und Addition:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by DunjaCarlos at 2014-03-22 22:48:20
Running from C:\Users\DunjaCarlos\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
DWA-547 (HKLM-x32\...\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}) (Version:  - D-Link)
EPU (HKLM-x32\...\{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}) (Version: 1.02.20 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 261.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 261.01 - NVIDIA Corporation)
NVIDIA Grafiktreiber 261.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 261.01 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.1.9.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.9.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.0.14.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6101 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 261.01 (Version: 261.01 - NVIDIA Corporation) Hidden
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Salaat Time 2.7 (HKLM\...\{F993F285-0F98-4E13-9421-41DB36806EE3}) (Version: 2.7 - Salaat Time - www.salaattime.com)
TurboV EVO (HKLM-x32\...\{491D92A9-69CA-4EB4-81D3-0106F9337957}) (Version: 1.02.32 - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
YTD Video Downloader 4.7.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.2 - GreenTree Applications SRL)

==================== Restore Points  =========================

20-02-2014 09:00:55 Geplanter Prüfpunkt
02-03-2014 18:53:03 Geplanter Prüfpunkt
10-03-2014 11:38:37 Geplanter Prüfpunkt
13-03-2014 09:27:20 Installed Microsoft Office Enterprise 2007
20-03-2014 13:47:35 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-03-21 19:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {4B572DAC-3890-4A55-804B-A51449F32BC1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-01] (Google Inc.)
Task: {8C668661-32F4-476C-A9D1-A9249B8C8F4C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-01] (Google Inc.)
Task: {EEB402AB-AB8C-4B6D-9474-83AA0CD4732D} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [2010-07-07] (ASUSTeK Computer Inc.)
Task: {FD548ABC-CCDB-428F-A459-74152EA0F6E0} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-01 20:15 - 2010-06-24 07:19 - 00109056 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
2009-03-30 07:32 - 2009-03-30 07:32 - 00032768 ____R () C:\Windows\DAODx.exe
2014-02-01 20:05 - 2009-05-07 09:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-02-01 20:05 - 2009-05-07 09:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-02-01 20:05 - 2008-01-18 07:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2014-02-01 20:05 - 2010-03-02 08:31 - 64105984 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-03-20 21:03 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-02-01 20:15 - 2010-02-08 17:19 - 00053248 _____ () C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
2014-02-01 20:15 - 2010-06-01 10:38 - 00253952 _____ () C:\Program Files\ASUS\TurboV EVO\pngio.dll
2014-02-01 20:43 - 2009-10-07 16:58 - 00376832 _____ () C:\Program Files (x86)\D-Link\DWA-547 revA\WlanDll.dll
2014-02-01 20:43 - 2009-09-08 18:04 - 00208896 _____ () C:\Program Files (x86)\D-Link\DWA-547 revA\WlanWPS.dll
2014-02-01 20:15 - 2010-06-01 10:38 - 00061440 _____ () C:\Program Files\ASUS\TurboV EVO\flashobj.dll
2014-02-01 20:15 - 2009-04-22 20:20 - 00179712 _____ () C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL
2014-02-01 20:15 - 2010-01-08 17:17 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU\pngio.dll
2014-02-01 20:15 - 2010-01-08 17:17 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
2014-03-15 19:19 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 19:19 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 19:19 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 19:19 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 19:19 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 19:19 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-03-21 19:25:33.374
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-03-21 19:25:33.333
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 48%
Total physical RAM: 3326.18 MB
Available physical RAM: 1709.29 MB
Total Pagefile: 6650.54 MB
Available Pagefile: 4625.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.87 GB) (Free:258.59 GB) NTFS
Drive d: () (Fixed) (Total:292.97 GB) (Free:216.05 GB) NTFS
Drive e: () (Fixed) (Total:345.57 GB) (Free:202.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 61B2FBA9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=346 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Mfg

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Super,
habe das MBAM laufen lassen, hatte nichts gefunden
hier noch das Log vom Onlinescanner:

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=feb121dce099404f9e759e4a6d8ecb97
# engine=17564
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-22 11:50:37
# local_time=2014-03-23 12:50:37 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 14989 2210973 0 0
# compatibility_mode=5893 16776574 100 94 4200240 147162087 0 0
# scanned=105298
# found=0
# cleaned=0
# scan_time=2562
         

mfg