Ich habe seit einiger Zeit das Problem, dass Windows im Hintergrund eine mir unbekannte Musik abspielt. Im Lautstärkemixer werden zwei Anwendungen mit dem Namen "Name nicht verfügbar" aufgelistet, von denen jeweils eine für die Musik verantwortlich ist.
Außerdem liegt meine CPU Auslastung konstant bei zwischen 80-100%, obwohl im Taskmanager keine Prozesse aufgelistet werden, die dies verursachen.

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

FRST.txt

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Bernd (administrator) on FELICIA-PC on 25-01-2015 17:23:01
Running from C:\Users\Bernd\Downloads
Loaded Profiles: Bernd (Available profiles: Bernd)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-09-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
HKU\S-1-5-21-3946000646-2341062197-2464890976-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3946000646-2341062197-2464890976-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3946000646-2341062197-2464890976-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3946000646-2341062197-2464890976-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3946000646-2341062197-2464890976-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-23]

Chrome: 
=======
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1405867649&from=adks&uid=ST9500325AS_5VE8F6CGXXXX5VE8F6CG
CHR StartupUrls: Default -> "https://www.google.de/?gws_rd=ssl"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-16]
CHR Extension: (Google Drive) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-16]
CHR Extension: (Adblock Plus) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-23]
CHR Extension: (Google-Suche) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-16]
CHR Extension: (AdBlock) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-23]
CHR Extension: (Google Wallet) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Google Mail) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-23] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Verifies and fixes application compatibility issues; C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [91304 2015-01-12] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-23] ()
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-17] (NetFilterSDK.com)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 17:23 - 2015-01-25 17:24 - 00013137 _____ () C:\Users\Bernd\Downloads\FRST.txt
2015-01-25 17:22 - 2015-01-25 17:23 - 00000000 ____D () C:\FRST
2015-01-25 17:21 - 2015-01-25 17:22 - 02129920 _____ (Farbar) C:\Users\Bernd\Downloads\FRST64.exe
2015-01-25 16:37 - 2015-01-25 16:37 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-25 16:37 - 2015-01-25 16:37 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-25 16:37 - 2015-01-25 16:37 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-25 16:37 - 2015-01-25 16:37 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-25 15:39 - 2015-01-25 15:39 - 00007605 _____ () C:\Users\Bernd\AppData\Local\Resmon.ResmonCfg
2015-01-17 11:40 - 2015-01-25 17:23 - 00000112 _____ () C:\ProgramData\03Tk3L47I.dat
2015-01-17 11:39 - 2015-01-17 11:39 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\Macromedia
2015-01-17 11:38 - 2015-01-17 11:38 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-17 11:36 - 2015-01-25 16:35 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\Compatibility Verifier
2015-01-17 11:34 - 2015-01-17 11:34 - 00277280 _____ () C:\Windows\Minidump\011715-21637-01.dmp
2015-01-14 22:05 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 22:05 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 22:05 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 22:05 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 22:05 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 22:05 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 22:05 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 22:05 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 22:05 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 22:05 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 22:05 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 22:05 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 22:05 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 17:20 - 2013-09-16 15:43 - 02049390 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 17:15 - 2013-09-16 16:23 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 17:11 - 2014-08-06 12:29 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2015-01-25 16:42 - 2013-09-16 16:23 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 16:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 16:30 - 2009-07-14 05:51 - 00062645 _____ () C:\Windows\setupact.log
2015-01-25 16:05 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 16:05 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 15:06 - 2014-07-23 23:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-24 22:06 - 2013-09-16 15:51 - 00000000 ____D () C:\Users\Bernd\AppData\Roaming\Skype
2015-01-21 08:50 - 2014-08-11 14:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-21 08:50 - 2014-08-11 14:56 - 00000000 ____D () C:\ProgramData\Skype
2015-01-18 20:14 - 2014-07-20 15:48 - 00000000 ____D () C:\Program Files (x86)\SupTab
2015-01-17 20:20 - 2014-07-24 00:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-17 20:16 - 2014-07-24 00:29 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-17 11:34 - 2014-03-15 19:09 - 301486723 _____ () C:\Windows\MEMORY.DMP
2015-01-17 11:34 - 2014-03-15 19:09 - 00000000 ____D () C:\Windows\Minidump
2015-01-17 10:27 - 2013-09-16 16:26 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2013-10-13 21:05 - 2013-10-13 21:05 - 0000000 _____ () C:\Program Files (x86)\GUT79B8.tmp
2015-01-25 15:39 - 2015-01-25 15:39 - 0007605 _____ () C:\Users\Bernd\AppData\Local\Resmon.ResmonCfg
2015-01-17 11:40 - 2015-01-25 17:23 - 0000112 _____ () C:\ProgramData\03Tk3L47I.dat

Files to move or delete:
====================
C:\ProgramData\03Tk3L47I.dat


Some content of TEMP:
====================
C:\Users\Bernd\AppData\Local\Temp\adks_omiga-plus_20140702.exe
C:\Users\Bernd\AppData\Local\Temp\aff_setup.exe
C:\Users\Bernd\AppData\Local\Temp\AllDaySavings.exe
C:\Users\Bernd\AppData\Local\Temp\CloudBackup2505.exe
C:\Users\Bernd\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Bernd\AppData\Local\Temp\nsd17CD.tmp.exe
C:\Users\Bernd\AppData\Local\Temp\SIntf16.dll
C:\Users\Bernd\AppData\Local\Temp\SIntf32.dll
C:\Users\Bernd\AppData\Local\Temp\SIntfNT.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite16501.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite18062.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite25821.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite26877.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite30305.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite36222.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite41780.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite43377.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite50806.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite55733.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite56959.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite57938.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite60446.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite65698.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite73258.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite77068.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite86928.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite92388.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite93638.dll
C:\Users\Bernd\AppData\Local\Temp\System.Data.SQLite97032.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-06 09:41

==================== End Of Log ============================
         

--- --- ---

--- --- ---


Addition.txt

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Bernd at 2015-01-25 17:25:30
Running from C:\Users\Bernd\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {A66AA0E7-B395-4E8F-936F-42238A71F017} - System32\Tasks\{660D6396-5992-41E7-8729-F139103390C9} => pcalua.exe -a C:\Users\Bernd\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=adks <==== ATTENTION
Task: {DC121FFA-146A-4588-A53E-A7C6E49CF4B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: {EB861441-A44B-4CE9-AD66-DBC2B7E29A5B} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {F14DAB3D-15D4-46DB-B4FE-C31AF61A8B47} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-23] (AVAST Software)
Task: {F20774B4-AFE8-4D6D-BA25-3764A074CD27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-17 11:36 - 2015-01-12 13:55 - 00091304 _____ () C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2015-01-17 11:36 - 2015-01-13 23:12 - 51548328 _____ () C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2014-07-23 23:49 - 2014-07-23 23:49 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-01-25 15:06 - 2015-01-25 15:06 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012500\algo.dll
2014-07-23 23:49 - 2014-07-23 23:49 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-17 11:36 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2015-01-17 11:36 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\libegl.dll
2015-01-17 11:36 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
2015-01-17 10:27 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-17 10:27 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-17 10:27 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-17 10:27 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-17 11:36 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3946000646-2341062197-2464890976-500 - Administrator - Disabled)
Bernd (S-1-5-21-3946000646-2341062197-2464890976-1000 - Administrator - Enabled) => C:\Users\Bernd
Gast (S-1-5-21-3946000646-2341062197-2464890976-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3946000646-2341062197-2464890976-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2015 11:12:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54b5ebf9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x1a416250
ID des fehlerhaften Prozesses: 0xde0
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/18/2015 08:02:41 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT-AUTORITÄT)
Description: Die Anwendung oder der Dienst "Compatibility Verify" konnte nicht heruntergefahren werden.

Error: (12/06/2014 09:51:00 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x80042308).

Error: (12/06/2014 09:51:00 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80042308).

Error: (11/10/2014 11:46:56 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x80042308).

Error: (11/10/2014 11:46:56 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80042308).

Error: (11/06/2014 11:48:46 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x80042308).

Error: (11/06/2014 11:48:46 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80042308).

Error: (11/05/2014 05:29:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Simpsons.exe, Version: 1.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: Simpsons.exe, Version: 1.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000dca27
ID des fehlerhaften Prozesses: 0x130c
Startzeit der fehlerhaften Anwendung: 0xSimpsons.exe0
Pfad der fehlerhaften Anwendung: Simpsons.exe1
Pfad des fehlerhaften Moduls: Simpsons.exe2
Berichtskennung: Simpsons.exe3

Error: (10/16/2014 09:33:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Simpsons.exe, Version: 1.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: Simpsons.exe, Version: 1.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00049530
ID des fehlerhaften Prozesses: 0x8b4
Startzeit der fehlerhaften Anwendung: 0xSimpsons.exe0
Pfad der fehlerhaften Anwendung: Simpsons.exe1
Pfad des fehlerhaften Moduls: Simpsons.exe2
Berichtskennung: Simpsons.exe3


System errors:
=============
Error: (01/25/2015 05:13:21 PM) (Source: volsnap) (EventID: 14) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen.

Error: (01/25/2015 05:12:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (01/25/2015 05:12:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (01/25/2015 05:12:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (01/25/2015 05:12:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (01/25/2015 05:12:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (01/25/2015 05:12:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (01/25/2015 05:12:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (01/25/2015 05:12:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (01/25/2015 05:12:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.


Microsoft Office Sessions:
=========================
Error: (01/21/2015 11:12:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054b5ebf9unknown0.0.0.000000000c00000051a416250de001d035621ce2f143C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeunknownf05368ec-a155-11e4-8c34-705ab63a23c1

Error: (01/18/2015 08:02:41 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT-AUTORITÄT)
Description: 1C:\Users\Bernd\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exeCompatibility Verify0302621611780143003A005C00550073006500720073005C004200650072006E0064005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C0043006F006D007000610074006900620069006C006900740079002000560065007200690066006900650072005C0063006F006D007000610074006900620069006C0069007400790063006800650063006B007300760063002E006500780065000000

Error: (12/06/2014 09:51:00 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x80042308

Error: (12/06/2014 09:51:00 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80042308

Error: (11/10/2014 11:46:56 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x80042308

Error: (11/10/2014 11:46:56 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80042308

Error: (11/06/2014 11:48:46 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x80042308

Error: (11/06/2014 11:48:46 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80042308

Error: (11/05/2014 05:29:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Simpsons.exe1.0.0.000000000Simpsons.exe1.0.0.000000000c0000005000dca27130c01cff9159754034eC:\Program Files (x86)\Vivendi Universal Games\The Simpsons Hit & Run\Simpsons.exeC:\Program Files (x86)\Vivendi Universal Games\The Simpsons Hit & Run\Simpsons.exef6a23175-6508-11e4-b338-705ab63a23c1

Error: (10/16/2014 09:33:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Simpsons.exe1.0.0.000000000Simpsons.exe1.0.0.000000000c0000005000495308b401cfe885e44965cdC:\Program Files (x86)\Vivendi Universal Games\The Simpsons Hit & Run\Simpsons.exeC:\Program Files (x86)\Vivendi Universal Games\The Simpsons Hit & Run\Simpsons.exe100951f0-550f-11e4-aced-705ab63a23c1


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 61%
Total physical RAM: 4025.98 MB
Available physical RAM: 1534.93 MB
Total Pagefile: 8050.14 MB
Available Pagefile: 5338.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:453.66 GB) (Free:382.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8B7198DE)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

hi,

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
• Drücke Start Scan
  
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
  TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
  Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.