ich habe seit einigen Tagen keinen Zugriff mehr auf sämtliche Email Accounts. Mein Steam Account war weg, den habe ich aber auch wiederbekommen via "Passwort vergessen".

Es gab dort zugriffe aus Algerien.

Vermute einen keylogger. Scan habe ich mit Avira gemacht.

Avira Logfile

Avira Internet Security
Erstellungsdatum der Reportdatei: Mittwoch, 6. August 2014 17:24

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen seit s nicht mehr zur Verfügung.

Lizenznehmer : *********
Seriennummer : 2226751750-ISECE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : GAMER-PC

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_53e24825\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Reparieren
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig

Beginn des Suchlaufs: Mittwoch, 6. August 2014 17:24

Der Suchlauf über gestartete Prozesse wird begonnen:
Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Program Files (x86)\Steam\GameOverlayUI.exe'
C:\Program Files (x86)\Steam\GameOverlayUI.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '52f2d9e7.qua' verschoben!
Beginne mit der Suche in 'C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\klavasyswatch.dll.817dda8857b98d41aec66b4d22610e2e'
C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\klavasyswatch.dll.817dda8857b98d41aec66b4d22610e2e
[FUND] Ist das Trojanische Pferd TR/Rootkit.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1836a70c.qua' verschoben!

Ende des Suchlaufs: Mittwoch, 6. August 2014 17:25
Benötigte Zeit: 01:10 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
782 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
780 Dateien ohne Befall
1 Archive wurden durchsucht
0 Warnungen
2 Hinweise

Hier die anderen Logs:

GMER Logfile
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-06 17:50:04
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-9YN162 rev.CC4B 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Willi\AppData\Local\Temp\kgloqpow.sys

---- User code sections - GMER 2.1 ----

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\svchost.exe [1056:3596] 000007fef80d0ea8
Thread C:\Windows\system32\svchost.exe [1056:3600] 000007fef80c9db0
Thread C:\Windows\system32\svchost.exe [1056:3660] 000007fef80caa10
Thread C:\Windows\system32\svchost.exe [1056:3696] 000007fef80d1c94
Thread [3048:2100] 0000000077662e65
Thread [3048:1404] 0000000071d07950
Thread [3048:2140] 0000000071eac59c
Thread [3048:3032] 0000000071eac59c
Thread [3048:4372] 0000000071eac59c
Thread [3048:4384] 0000000071eac59c
Thread [3048:3460] 000000006322facd
Thread [3048:2752] 0000000063250623
Thread [3048:6932] 0000000063250623
Thread [3048:7060] 0000000057ead80c
Thread [3048:1124] 000000006d17784b
Thread [3048:284] 000000005c7b55e7
Thread [3048:2280] 000000005c1fe99b
Thread [3048:4284] 000000005c1fe99b
Thread [3048:5996] 000000005c1fe99b
Thread [3048:6272] 00000000767012e5
Thread [3048:6284] 00000000767012e5
Thread [3048:4224] 0000000077663e85
Thread [3048:6292] 000000005c1fe99b
Thread [3048:3820] 000000006d4a27c1
Thread [3048:5020] 0000000077663e85
Thread [3048:6584] 0000000071eac59c
---- Processes - GMER 2.1 ----

Process C:\Users\Willi\AppData\Roaming\Windows Net Data\net.exe (*** suspicious ***) @ C:\Users\Willi\AppData\Roaming\Windows Net Data\net.exe [2400] (Windows Net/Windows Net)(2013-10-17 15:28:29) 0000000000400000

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\KLIF\Parameters@LastProcessedRevision 2005230

---- EOF - GMER 2.1 ----

defogger_disable
defogger_disable by jpshortstuff (
Log created at 17:32 on 06/08/2014 (Willi)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


FRST Scan result
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by Willi (administrator) on GAMER-PC on 06-08-2014 17:42:14
Running from C:\Users\Willi\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [96441528 2014-07-09] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-29] (Microsoft Corporation)
HKU\S-1-5-21-1796275383-3995191035-40029559-1000\...\Run: [THPanel] => C:\Program Files (x86)\Thunder Master\THPanel.exe [2050416 2012-07-13] (Palit Microsystems Ltd.)
HKU\S-1-5-21-1796275383-3995191035-40029559-1000\...\Run: [SSync] => C:\Users\Willi\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKU\S-1-5-21-1796275383-3995191035-40029559-1000\...\Run: [DataMgr] => C:\Users\Willi\AppData\Roaming\DataMgr\DataMgr.exe [168848 2013-06-26] (HTTO Group, Ltd.)
HKU\S-1-5-21-1796275383-3995191035-40029559-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-1796275383-3995191035-40029559-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3595608 2014-06-20] (Electronic Arts)
HKU\S-1-5-21-1796275383-3995191035-40029559-1000\...\Run: [SCheck] => C:\Users\Willi\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-1796275383-3995191035-40029559-1000\...\Run: [Snoozer] => C:\Users\Willi\AppData\Roaming\Snz\Snz.exe [1209624 2013-12-24] ()
HKU\S-1-5-21-1796275383-3995191035-40029559-1000\...\Run: [Intermediate] => C:\Users\Willi\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-1796275383-3995191035-40029559-1000\...\Run: [OMESupervisor] => C:\Users\Willi\AppData\Local\omesuperv.exe [2239256 2013-12-24] ()
HKU\S-1-5-21-1796275383-3995191035-40029559-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1796275383-3995191035-40029559-1000\...\Run: [GoogleChromeAutoLaunch_15ABF0FDC4412B2CD53E5201FB759E63] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
HKU\S-1-5-21-1796275383-3995191035-40029559-1000\...\Run: [8515eb34d8f9de5af815466e9715b3e5] => .. [0 2014-08-06] ()
HKU\S-1-5-21-1796275383-3995191035-40029559-1000\...\Run: [e101a39ab5de59589562aa0ff3295ba5] => .. [0 2014-08-06] ()
HKU\S-1-5-21-1796275383-3995191035-40029559-1000\...\Run: [038b9aec4f0fcf61b0a7ac87706c7c47] => .. [0 2014-08-06] ()
HKU\S-1-5-21-1796275383-3995191035-40029559-1000\...\Run: [2f489e7cb5f8a5b3d67277572c4fdec5] => .. [0 2014-08-06] ()
HKU\S-1-5-21-1796275383-3995191035-40029559-1000\...\Policies\Explorer: [DisallowRun] 1
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hp psc 1000 series.lnk
ShortcutTarget: hp psc 1000 series.lnk -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
ShortcutTarget: hpoddt01.exe.lnk -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Willi\AppData\Roaming\Windows Net Data\net.exe (Windows Net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST1000DM003-9YN162_S1DA6WM8XXXXS1DA6WM8&ts=1382263729
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST1000DM003-9YN162_S1DA6WM8XXXXS1DA6WM8&ts=1382263730&type=default&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST1000DM003-9YN162_S1DA6WM8XXXXS1DA6WM8&ts=1382263730&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST1000DM003-9YN162_S1DA6WM8XXXXS1DA6WM8&ts=1382263730&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST1000DM003-9YN162_S1DA6WM8XXXXS1DA6WM8&ts=1382263730&type=default&q={searchTerms}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.my-online-search.com/?q={searchTerms}&babsrc=SP_ofln&mntrId=4A6BD43D7EB97343&cat=delta&dlb=2&affID=119357&tsp=5014
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=ST1000DM003-9YN162_S1DA6WM8XXXXS1DA6WM8&ts=1382263730&type=default&q={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [655928 2013-09-02] (Avira Operations GmbH & Co. KG) [File not signed]
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-02] (Avira Operations GmbH & Co. KG) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG) [File not signed]
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG) [File not signed]
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-02] (Avira Operations GmbH & Co. KG) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-08-04] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-20] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 AFS; C:\Windows\SysWow64\Drivers\AFS.sys [77004 2013-09-17] (Oak Technology Inc.) [File not signed]
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-01-25] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-01-25] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-28] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-05-28] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-05-28] (Kaspersky Lab ZAO)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
U3 kgloqpow; \??\C:\Users\Willi\AppData\Local\Temp\kgloqpow.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-06 17:42 - 2014-08-06 17:42 - 00024872 _____ () C:\Users\Willi\Downloads\FRST.txt
2014-08-06 17:38 - 2014-08-06 17:38 - 00380416 _____ () C:\Users\Willi\Downloads\Gmer-19357.exe
2014-08-06 17:33 - 2014-08-06 17:42 - 00000000 ____D () C:\FRST
2014-08-06 17:33 - 2014-08-06 17:33 - 02094080 _____ (Farbar) C:\Users\Willi\Downloads\FRST64.exe
2014-08-06 17:32 - 2014-08-06 17:32 - 00000472 _____ () C:\Users\Willi\Downloads\defogger_disable.log
2014-08-06 17:32 - 2014-08-06 17:32 - 00000000 _____ () C:\Users\Willi\defogger_reenable
2014-08-06 17:31 - 2014-08-06 17:31 - 00050477 _____ () C:\Users\Willi\Downloads\Defogger.exe
2014-08-06 17:09 - 2014-08-06 17:09 - 00262144 _____ () C:\Windows\system32\config\elam
2014-08-06 17:07 - 2014-08-06 17:22 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-06 17:07 - 2014-08-06 17:07 - 00001089 _____ () C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-08-06 17:07 - 2014-08-06 17:07 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-08-06 17:07 - 2014-08-06 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2014-08-06 17:07 - 2014-08-06 17:07 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-08-06 17:07 - 2014-05-28 16:38 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-08-06 17:07 - 2014-05-28 16:38 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-08-06 17:07 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-08-06 17:00 - 2014-08-06 17:02 - 233071424 _____ () C:\Users\Willi\Downloads\kav14.0.0.4651abcdefg_de_6139.exe
2014-08-04 17:35 - 2014-08-04 17:35 - 00589696 _____ () C:\Users\Willi\Downloads\BEClient (3).dll
2014-08-02 19:57 - 2014-08-02 19:58 - 00000000 ____D () C:\Users\Willi\Desktop\Musik
2014-08-02 19:56 - 2014-08-02 19:57 - 00000000 ____D () C:\Spiele
2014-07-18 17:48 - 2014-08-02 19:58 - 00000000 ____D () C:\Users\Willi\Desktop\Müll
==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-06 17:42 - 2014-08-06 17:42 - 00024872 _____ () C:\Users\Willi\Downloads\FRST.txt
2014-08-06 17:42 - 2014-08-06 17:33 - 00000000 ____D () C:\FRST
2014-08-06 17:38 - 2014-08-06 17:38 - 00380416 _____ () C:\Users\Willi\Downloads\Gmer-19357.exe
2014-08-06 17:35 - 2013-07-05 03:48 - 00000000 ____D () C:\Users\Willi\AppData\Roaming\TS3Client
2014-08-06 17:33 - 2014-08-06 17:33 - 02094080 _____ (Farbar) C:\Users\Willi\Downloads\FRST64.exe
2014-08-06 17:33 - 2014-06-28 18:09 - 00000000 ____D () C:\install
2014-08-06 17:32 - 2014-08-06 17:32 - 00000472 _____ () C:\Users\Willi\Downloads\defogger_disable.log
2014-08-06 17:32 - 2014-08-06 17:32 - 00000000 _____ () C:\Users\Willi\defogger_reenable
2014-08-06 17:32 - 2013-07-04 19:09 - 00000000 ____D () C:\Users\Willi
2014-08-06 17:31 - 2014-08-06 17:31 - 00050477 _____ () C:\Users\Willi\Downloads\Defogger.exe
2014-08-06 17:27 - 2013-07-04 01:04 - 01509610 _____ () C:\Windows\WindowsUpdate.log
2014-08-06 17:25 - 2014-03-06 14:28 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-06 17:25 - 2014-03-06 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-06 17:25 - 2013-10-07 18:52 - 00000000 ____D () C:\ProgramData\Origin
2014-08-06 17:25 - 2013-07-30 22:32 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-06 17:25 - 2013-07-04 21:01 - 00000000 ____D () C:\Users\Willi\AppData\Roaming\Skype
2014-08-06 17:25 - 2013-07-04 21:01 - 00000000 ____D () C:\ProgramData\Skype
2014-08-06 17:22 - 2014-08-06 17:07 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-06 17:22 - 2014-05-07 15:18 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf69f6d8fb6e77.job
2014-08-06 17:21 - 2013-07-09 00:29 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-08-06 17:21 - 2013-07-04 21:58 - 00311940 _____ () C:\Windows\PFRO.log
2014-08-06 17:21 - 2013-07-04 19:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-06 17:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-06 17:21 - 2009-07-14 06:51 - 00168481 _____ () C:\Windows\setupact.log
2014-08-06 17:20 - 2009-07-14 06:45 - 00010112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-06 17:20 - 2009-07-14 06:45 - 00010112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-06 17:09 - 2014-08-06 17:09 - 00262144 _____ () C:\Windows\system32\config\elam
2014-08-06 17:09 - 2014-05-20 09:09 - 00000000 ____D () C:\Users\Willi\AppData\Roaming\mscdm
2014-08-06 17:07 - 2014-08-06 17:07 - 00001089 _____ () C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-08-06 17:07 - 2014-08-06 17:07 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-08-06 17:07 - 2014-08-06 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2014-08-06 17:07 - 2014-08-06 17:07 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-08-06 17:02 - 2014-08-06 17:00 - 233071424 _____ () C:\Users\Willi\Downloads\kav14.0.0.4651abcdefg_de_6139.exe
2014-08-06 16:32 - 2013-10-07 18:52 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-06 16:30 - 2005-04-08 04:16 - 00000000 ___HD () C:\Users\Willi\AppData\Roaming\4A6B5A10
2014-08-06 16:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-08-05 21:21 - 2013-07-04 21:05 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-05 20:46 - 2014-03-13 13:43 - 00000000 ____D () C:\Users\Willi\Desktop\DeadZReborn-Feb-28-2014
2014-08-05 20:45 - 2014-07-07 19:25 - 00000000 ____D () C:\Users\Willi\AppData\Roaming\SpinTires
2014-08-04 22:54 - 2014-02-21 12:57 - 00000000 ____D () C:\Users\Willi\Desktop\yolo
2014-08-04 18:02 - 2013-07-05 00:10 - 00000000 ____D () C:\Users\Willi\AppData\Local\ArmA 2 OA
2014-08-04 17:35 - 2014-08-04 17:35 - 00589696 _____ () C:\Users\Willi\Downloads\BEClient (3).dll
2014-08-02 20:02 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-02 19:58 - 2014-08-02 19:57 - 00000000 ____D () C:\Users\Willi\Desktop\Musik
2014-08-02 19:58 - 2014-07-18 17:48 - 00000000 ____D () C:\Users\Willi\Desktop\Müll
2014-08-02 19:58 - 2013-07-07 19:34 - 00000000 ____D () C:\Users\Willi\Desktop\Bilder
2014-08-02 19:57 - 2014-08-02 19:56 - 00000000 ____D () C:\Spiele
2014-08-02 19:57 - 2013-07-30 16:33 - 00000000 ____D () C:\Users\Willi\Desktop\Detektorn und alles
2014-08-02 19:55 - 2013-07-04 21:05 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-02 19:53 - 2013-07-05 12:07 - 00000000 ____D () C:\Fraps
2014-08-02 19:51 - 2014-06-28 16:31 - 00000000 ____D () C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-02 19:47 - 2013-10-07 18:57 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-08-02 19:47 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-02 16:40 - 2013-10-20 12:09 - 00105108 _____ () C:\Users\Willi\daemonprocess.txt
2014-08-01 22:56 - 2013-09-23 16:56 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-01 22:56 - 2013-09-23 16:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-22 21:01 - 2014-02-20 15:38 - 00000000 ____D () C:\Program Files (x86)\Heroes & Generals
2014-07-18 17:26 - 2013-07-04 21:05 - 00002471 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-17 13:37 - 2013-12-19 17:51 - 00000000 ____D () C:\Users\Willi\AppData\Local\DayZ
2014-07-10 13:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 23:59 - 2009-07-14 06:45 - 00276968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 23:57 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 18:51 - 2013-12-28 13:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 18:50 - 2013-12-28 13:43 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:

Some content of TEMP:
C:\Users\Willi\AppData\Local\Temp\Band.of.Brothers.Teil8.Der.Spezialauftrag.German.2001.DVDRiP.XviD.iNTERNAL MFi.avi.flv__3515_i66781867_il5424456.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-05 21:34

==================== End Of Log ============================
Zitat von addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014
Ran by Willi at 2014-08-06 17:42:42
Running from C:\Users\Willi\Downloads
Boot Mode: Normal

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

02-08-2014 17:48:33 Removed Vegas Pro 12.0 (64-bit)
02-08-2014 17:55:03 Removed Google Earth Pro.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Class Guid:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

