Lüfter lauter als normal, stellenweise hohe pings sowie deutlich schlechtere PC performance

Harlequin08 · 08.04.2015, 01:07

Hallo an die Community, ich hoffe ihr könnt mir weiterhelfen.

Seit circa einem halben Jahr sehe ich wie die Performance meines Laptops mehr und mehr abnimmt und nun wird es stellenweise richtig nerfig. Ich habe heute verschiedene Virenscanner laufen lassen (Avira schläft irgndwan ein und bleibt im freeze Zustand)... und bin nicht sehr erfolgreich ausgegangen. (Ich habe von Malware wie BitCoin Minern gehört und habe den Verdacht, dass bei meinem Lap Top einige Hintergrund Prozesse mitlaufen, die nicht gerade erwünscht sind... Daher habe ich zunächst das Malware program, wie beschrieben durchlaufen lassen, mit dem Erfolg auf einen und (später mehr).

Anschliessend habe ich einen HiJack log erstellt, in der Hoffnung, dass dieser euch mehr verrät:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 01:25:30, on 08.04.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)

FIREFOX: 36.0.4 (x86 de)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Users\Mustermann\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
C:\Users\Mustermann\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Shopping Suggestion. - {e7e8ed77-2fba-4ec6-bc07-65de4de6709f} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [BakupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -k -h
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Mustermann\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Mustermann\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - Startup: Curse.lnk = Mustermann\AppData\Roaming\Curse Client\Bin\Curse.exe
O4 - Startup: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: CineForm Status.lnk = C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avira Email-Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Browser-Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) - Unknown owner - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (file missing)
O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12269 bytes

Darunter MBAM Scan:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 08.04.2015
Suchlauf-Zeit: 01:52:16
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.07.07
Rootkit Datenbank: v2015.03.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Mustermann

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 460175
Verstrichene Zeit: 17 Min, 15 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Vielen Dank! Und ich hoffe ihr könnt mir weiterhelfen.

Gruss, Harlequin

schrauber · 08.04.2015, 05:37

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Harlequin08 · 08.04.2015, 08:22

Hallo schrauber,

vielen Dank für deine schnelle Hilfe!

Anbei dir FRST.txt datei:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Mustermann (administrator) on Mustermann on 08-04-2015 09:09:24
Running from C:\Users\Mustermann\Downloads
Loaded Profiles: Mustermann & UpdatusUser &  (Available profiles: Mustermann & UpdatusUser)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\Mustermann\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2013-01-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-07-31] ()
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3175282945-3325030847-1761490177-1002\...\Run: [Facebook Update] => C:\Users\Mustermann\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-18] (Facebook Inc.)
HKU\S-1-5-21-3175282945-3325030847-1761490177-1002\...\Run: [Spotify Web Helper] => C:\Users\Mustermann\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-21] (Spotify Ltd)
HKU\S-1-5-21-3175282945-3325030847-1761490177-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\Mustermann\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-18] (Facebook Inc.)
HKU\S-1-5-21-3175282945-3325030847-1761490177-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Mustermann\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-21] (Spotify Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\Users\CarlS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\CarlS\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\CarlS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3175282945-3325030847-1761490177-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-3175282945-3325030847-1761490177-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-3175282945-3325030847-1761490177-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-3175282945-3325030847-1761490177-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
URLSearchHook: [S-1-5-21-3175282945-3325030847-1761490177-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-3175282945-3325030847-1761490177-1005] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-3175282945-3325030847-1761490177-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-21-3175282945-3325030847-1761490177-1002 -> DefaultScope {47E0EADF-F0EE-44A5-B2C0-A8860BDE5DCB} URL = 
SearchScopes: HKU\S-1-5-21-3175282945-3325030847-1761490177-1002 -> {47E0EADF-F0EE-44A5-B2C0-A8860BDE5DCB} URL = 
SearchScopes: HKU\S-1-5-21-3175282945-3325030847-1761490177-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {47E0EADF-F0EE-44A5-B2C0-A8860BDE5DCB} URL = 
SearchScopes: HKU\S-1-5-21-3175282945-3325030847-1761490177-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {47E0EADF-F0EE-44A5-B2C0-A8860BDE5DCB} URL = 
BHO: No Name -> {41564952-412D-5637-4300-7A786E7484D7} ->  No File
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-07-31] (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-25] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-25] (Oracle Corporation)
BHO-x32: Shopping Suggestion. -> {e7e8ed77-2fba-4ec6-bc07-65de4de6709f} -> C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 62.21.99.94 62.21.99.95

FireFox:
========
FF ProfilePath: C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default
FF DefaultSearchEngine: Google
FF Homepage: www.google.de
FF NetworkProxy: "http", "193.254.236.82"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-01-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin HKU\S-1-5-21-3175282945-3325030847-1761490177-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mustermann\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3175282945-3325030847-1761490177-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mustermann\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF SearchPlugin: C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\searchplugins\englische-ergebnisse.xml [2014-06-07]
FF SearchPlugin: C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\searchplugins\gmx-suche.xml [2014-06-07]
FF SearchPlugin: C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\searchplugins\lastminute.xml [2014-04-27]
FF SearchPlugin: C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\searchplugins\webde-suche.xml [2014-06-07]
FF Extension: Avira Browser Safety - C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\Extensions\abs@avira.com [2015-04-06]
FF Extension: GMX MailCheck - C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\Extensions\toolbar@gmx.net [2015-02-28]
FF Extension: DivX Web Player - C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\Extensions\DivXWebPlayer@divx.com.xpi [2013-01-26]
FF Extension: Adblock Plus - C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-25]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR Profile: C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-27] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-27] (Dritek System Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 cpuz134; \??\C:\Users\Mustermann\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-08 09:09 - 2015-04-08 09:09 - 00020727 _____ () C:\Users\Mustermann\Downloads\FRST.txt
2015-04-08 09:09 - 2015-04-08 09:09 - 00000000 ____D () C:\FRST
2015-04-08 09:08 - 2015-04-08 09:08 - 02095616 _____ (Farbar) C:\Users\Mustermann\Downloads\FRST64.exe
2015-04-08 02:09 - 2015-04-08 02:09 - 00001198 _____ () C:\Users\Mustermann\Desktop\MBAM.txt
2015-04-08 01:23 - 2015-04-08 01:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mustermann\Downloads\HijackThis.exe
2015-04-08 00:32 - 2015-04-08 01:14 - 00001249 _____ () C:\Users\Mustermann\Desktop\Mustermann.txt
2015-04-07 22:28 - 2015-04-07 22:28 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini
2015-04-07 22:28 - 2015-04-07 22:28 - 00000000 _SHDL () C:\Users\TEMP\Vorlagen
2015-04-07 22:28 - 2015-04-07 22:28 - 00000000 _SHDL () C:\Users\TEMP\Startmenü
2015-04-07 22:28 - 2015-04-07 22:28 - 00000000 _SHDL () C:\Users\TEMP\Netzwerkumgebung
2015-04-07 22:28 - 2015-04-07 22:28 - 00000000 _SHDL () C:\Users\TEMP\Lokale Einstellungen
2015-04-07 22:28 - 2015-04-07 22:28 - 00000000 _SHDL () C:\Users\TEMP\Eigene Dateien
2015-04-07 22:28 - 2015-04-07 22:28 - 00000000 _SHDL () C:\Users\TEMP\Druckumgebung
2015-04-07 22:28 - 2015-04-07 22:28 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Musik
2015-04-07 22:28 - 2015-04-07 22:28 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Bilder
2015-04-07 22:28 - 2015-04-07 22:28 - 00000000 _SHDL () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-07 22:28 - 2015-04-07 22:28 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Verlauf
2015-04-07 22:28 - 2015-04-07 22:28 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Anwendungsdaten
2015-04-07 22:28 - 2015-04-07 22:28 - 00000000 _SHDL () C:\Users\TEMP\Anwendungsdaten
2015-04-07 22:28 - 2015-04-07 22:28 - 00000000 ____D () C:\Users\TEMP
2015-04-07 22:28 - 2015-03-11 18:29 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-07 22:28 - 2015-03-11 18:29 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-07 22:28 - 2015-03-11 18:29 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-07 22:28 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-07 22:28 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-07 22:28 - 2013-11-03 00:59 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help
2015-04-07 22:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-07 22:07 - 2015-04-08 01:52 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-07 22:07 - 2015-04-07 22:07 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-07 22:07 - 2015-04-07 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-07 22:07 - 2015-04-07 22:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-07 22:07 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-07 22:07 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-07 22:07 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-07 22:05 - 2015-04-07 22:06 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Mustermann\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-07 21:54 - 2015-04-07 22:25 - 00176280 _____ () C:\WINDOWS\PFRO.log
2015-04-07 21:51 - 2015-04-07 21:51 - 00768512 _____ (Reimage®) C:\Users\Mustermann\Downloads\ReimageRepair(1).exe
2015-04-07 21:49 - 2015-04-07 21:49 - 00004266 _____ () C:\WINDOWS\System32\Tasks\ReimageUpdater
2015-04-07 21:47 - 2015-04-07 22:26 - 00000154 _____ () C:\WINDOWS\setupact.log
2015-04-07 21:47 - 2015-04-07 21:47 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-07 21:00 - 2015-04-07 21:52 - 00000165 _____ () C:\WINDOWS\Reimage.ini
2015-04-07 21:00 - 2015-04-07 21:00 - 00768512 _____ (Reimage®) C:\Users\Mustermann\Downloads\ReimageRepair.exe
2015-03-24 20:44 - 2015-03-24 20:45 - 00000000 ____D () C:\Users\Mustermann\AppData\Local\Adobe
2015-03-22 11:34 - 2015-03-22 11:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 21:05 - 2015-03-24 20:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-08 09:04 - 2013-12-20 13:39 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FBA75E87-19D9-4287-B943-B34BFC57BD11}
2015-04-08 09:03 - 2014-11-28 18:55 - 01606921 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-08 09:01 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-08 01:45 - 2012-12-25 17:48 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-08 01:25 - 2014-01-18 00:31 - 00012271 _____ () C:\Users\Mustermann\Downloads\hijackthis.log
2015-04-07 23:50 - 2012-12-25 17:33 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3175282945-3325030847-1761490177-1002
2015-04-07 23:42 - 2013-03-18 21:37 - 00000938 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3175282945-3325030847-1761490177-1002UA.job
2015-04-07 22:43 - 2012-12-29 18:32 - 00000000 ____D () C:\Filme
2015-04-07 22:42 - 2013-11-08 09:40 - 00000000 ____D () C:\Users\Mustermann\AppData\Local\Deployment
2015-04-07 22:40 - 2013-03-28 22:32 - 00000000 ____D () C:\Users\Mustermann\Desktop\Music 2013
2015-04-07 22:32 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-07 22:32 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-07 22:32 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-07 22:31 - 2014-05-18 17:33 - 00000000 ____D () C:\Users\Mustermann\AppData\Roaming\Curse Client
2015-04-07 22:26 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-07 22:25 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-07 21:54 - 2012-12-25 17:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-07 21:45 - 2013-01-06 21:05 - 00799744 ___SH () C:\Users\Mustermann\Desktop\Thumbs.db
2015-04-07 21:36 - 2015-02-10 20:20 - 00001937 _____ () C:\Users\Mustermann\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-04-07 21:36 - 2015-01-28 22:46 - 00000000 ____D () C:\Users\Mustermann\AppData\Local\Research In Motion
2015-04-07 21:36 - 2015-01-28 22:45 - 00000000 ____D () C:\ProgramData\Research In Motion
2015-04-07 21:30 - 2014-11-29 11:23 - 00000000 ____D () C:\Users\Mustermann\AppData\Roaming\Avira
2015-04-07 21:29 - 2014-11-29 11:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-07 21:29 - 2014-11-29 11:13 - 00000000 ____D () C:\ProgramData\Avira
2015-04-07 20:42 - 2013-03-18 21:37 - 00000916 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3175282945-3325030847-1761490177-1002Core.job
2015-04-07 18:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-06 15:37 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-24 20:44 - 2012-12-25 17:48 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-03-22 22:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-22 17:53 - 2014-10-05 12:13 - 00000000 ____D () C:\Users\Mustermann\AppData\Roaming\Spotify
2015-03-22 14:45 - 2014-10-05 12:13 - 00000000 ____D () C:\Users\Mustermann\AppData\Local\Spotify
2015-03-11 18:35 - 2013-08-22 16:44 - 00410792 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-11 18:29 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-11 18:29 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-03-11 18:29 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-03-11 18:28 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-03-11 18:28 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-03-11 18:27 - 2013-08-22 17:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2015-03-11 18:27 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-03-11 18:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-03-11 18:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-03-11 18:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2015-03-11 18:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-03-11 18:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-03-11 18:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2015-03-11 18:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\IME
2015-03-11 18:27 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-03-11 18:27 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-03-11 18:27 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-03-11 18:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-03-11 18:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-03-11 18:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-03-11 18:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-03-10 23:10 - 2014-11-29 11:16 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-03-10 23:10 - 2014-11-29 11:16 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-03-10 23:10 - 2014-11-29 11:16 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-03-09 20:09 - 2013-08-22 17:36 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2015-03-09 20:09 - 2013-08-22 17:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll

==================== Files in the root of some directories =======

2014-02-28 17:26 - 2014-02-28 17:26 - 0000033 _____ () C:\Users\Mustermann\AppData\Roaming\gnuplot_history
2015-02-10 20:57 - 2015-02-10 21:48 - 0000154 _____ () C:\Users\Mustermann\AppData\Roaming\Rim.Desktop.Exception.log
2015-02-10 20:20 - 2015-04-07 21:36 - 0001937 _____ () C:\Users\Mustermann\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-02-10 20:57 - 2015-02-10 21:48 - 0000154 _____ () C:\Users\Mustermann\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-02-10 21:25 - 2015-02-10 21:48 - 0000154 _____ () C:\Users\Mustermann\AppData\Roaming\Rim.Transcoder.Exception.log
2015-02-10 21:25 - 2015-02-10 21:43 - 0026624 _____ () C:\Users\Mustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-02 18:40 - 2014-03-02 18:40 - 0002577 _____ () C:\Users\Mustermann\AppData\Local\recently-used.xbel
2013-08-08 17:41 - 2013-08-08 17:41 - 0007605 _____ () C:\Users\Mustermann\AppData\Local\Resmon.ResmonCfg
2012-08-27 03:25 - 2012-08-27 03:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Mustermann\AppData\Local\Temp\avgnt.exe
C:\Users\Mustermann\AppData\Local\Temp\ReimagePackage.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-02-01 18:50

==================== End Of Log ============================

--- --- ---

und die Addition.txt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Mustermann at 2015-04-08 09:10:08
Running from C:\Users\Mustermann\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0053 - NTI Corporation)
Acer Instant Update Service (HKLM\...\{D32367AC-8FCA-4DE8-A2C6-037AE14B4001}) (Version: 1.00.3012 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3003 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3006 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3112 - Acer Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (Version: 14.0.3658 - AVG Technologies) Hidden
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Backup Manager v4 (x32 Version: 4.0.0.0053 - NTI Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.4.2 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X64 11.6.11.002_WHQL (HKLM\...\Elantech) (Version: 11.6.11.002 - ELAN Microelectronic Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3002 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3102 - Acer)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Ihr Firmenname)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3175282945-3325030847-1761490177-1002\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB)
Spotify (HKU\S-1-5-21-3175282945-3325030847-1761490177-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

21-09-2014 20:17:36 Windows Update
19-10-2014 17:23:02 Windows Update
13-11-2014 20:53:17 Windows Update
20-11-2014 20:30:43 Windows Update
27-11-2014 20:38:26 avast! antivirus system restore point
29-11-2014 11:18:17 avast! antivirus system restore point
07-12-2014 05:45:18 Windows Update
11-12-2014 22:33:01 Windows Update
05-01-2015 19:33:47 Windows Update
28-01-2015 00:08:22 Windows Live Essentials
28-01-2015 00:09:12 DirectX wurde installiert
10-02-2015 20:19:05 Installed BlackBerry Desktop Software.
15-02-2015 22:47:18 Windows Update
23-02-2015 20:29:44 Windows Update
09-03-2015 19:54:12 Windows Update
07-04-2015 21:47:34 Removed Shared C Run-time for x64

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {30CB288C-6BF9-42BE-AE51-0CFA6103CBE5} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {31EDD1FA-B821-4C7F-BB20-4595A2D9019B} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
Task: {3A41D104-32B8-4F98-96CC-8E2D7C3139B1} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {3B00A1D6-9FBE-4ABB-B7C3-67B974B75E0E} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {41A614F9-3901-402B-8C90-55CCB326B44C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {5285DF28-E4C9-4B00-978A-2EC2D395D1B6} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {59F20F7D-4B5E-4FEE-8588-8B1800D55BD5} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {6A39668F-8FA5-43F0-B2AA-95AC1266F218} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3175282945-3325030847-1761490177-1002Core => C:\Users\Mustermann\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-18] (Facebook Inc.)
Task: {733B7D88-366B-466D-A23F-B9050EFFFC52} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3175282945-3325030847-1761490177-1002UA => C:\Users\Mustermann\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-18] (Facebook Inc.)
Task: {7DBE95AF-CA04-4025-974C-A30071669242} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {93EFBC41-EB8E-45CA-8736-6B4C3EEB8AEE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {94EA158F-FA27-41BB-AF2C-9CBF20927675} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-07-13] ()
Task: {9DFFABF0-9BCB-4022-AA01-C103ECAC232E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-15] (Microsoft Corporation)
Task: {9ED32C6B-1544-4B98-9098-99B228E2955E} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-07-13] ()
Task: {A41D1AB7-9934-4455-BC82-89876FE58748} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A59EC215-70A5-44FD-820E-F99ECC7D97A1} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-07-13] ()
Task: {B15F7560-06DB-426D-848D-5DA63D0F5A66} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-24] (Adobe Systems Incorporated)
Task: {B4305368-F092-4F64-A798-9CC433ED14F8} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-07-31] (Acer Incorporated)
Task: {EF06A9F4-D690-49AF-9F6A-A73DA494E933} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3175282945-3325030847-1761490177-1002Core.job => C:\Users\Mustermann\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3175282945-3325030847-1761490177-1002UA.job => C:\Users\Mustermann\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-13 01:01 - 2012-07-13 01:01 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2012-07-13 01:01 - 2012-07-13 01:01 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-27 03:27 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:054203E4

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3175282945-3325030847-1761490177-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mustermann\AppData\Local\Microsoft\BingDesktop\themes\2015-03-24.jpg
HKU\S-1-5-21-3175282945-3325030847-1761490177-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Mustermann\AppData\Local\Microsoft\BingDesktop\themes\2015-03-24.jpg
DNS Servers: 62.21.99.94 - 62.21.99.95

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "IntelliType Pro"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "LManager"
HKU\S-1-5-21-3175282945-3325030847-1761490177-1002\...\StartupApproved\StartupFolder: => "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-3175282945-3325030847-1761490177-1002\...\StartupApproved\Run: => "Pando Media Booster"
HKU\S-1-5-21-3175282945-3325030847-1761490177-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-3175282945-3325030847-1761490177-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Pando Media Booster"

==================== Accounts: =============================

Administrator (S-1-5-21-3175282945-3325030847-1761490177-500 - Administrator - Disabled)
Mustermann (S-1-5-21-3175282945-3325030847-1761490177-1002 - Administrator - Enabled) => C:\Users\Mustermann
Gast (S-1-5-21-3175282945-3325030847-1761490177-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3175282945-3325030847-1761490177-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-3175282945-3325030847-1761490177-1005 - Limited - Enabled) => C:\Users\TEMP

==================== Faulty Device Manager Devices =============

Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2015 10:28:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Mustermann)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.

Error: (04/07/2015 10:28:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Mustermann)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.

Error: (04/07/2015 10:28:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Mustermann)
Description: Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales Profil. 

 Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (04/07/2015 10:28:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
 for C:\Users\UpdatusUser\ntuser.dat

Error: (04/07/2015 10:28:42 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (04/07/2015 10:28:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (04/07/2015 10:02:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (04/07/2015 10:02:56 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (04/07/2015 10:02:56 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 

Error: (04/07/2015 10:02:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4


System errors:
=============
Error: (04/07/2015 11:26:57 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/07/2015 11:25:54 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/07/2015 11:25:53 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/07/2015 11:25:50 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/07/2015 11:25:49 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/07/2015 11:25:47 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/07/2015 11:25:45 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/07/2015 11:25:43 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/07/2015 11:25:41 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/07/2015 11:25:38 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.


Microsoft Office Sessions:
=========================
Error: (04/07/2015 10:28:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Mustermann)
Description: 

Error: (04/07/2015 10:28:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Mustermann)
Description: 

Error: (04/07/2015 10:28:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Mustermann)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (04/07/2015 10:28:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
C:\Users\UpdatusUser\ntuser.dat

Error: (04/07/2015 10:28:42 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (04/07/2015 10:28:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (04/07/2015 10:02:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (04/07/2015 10:02:56 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (04/07/2015 10:02:56 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 

Error: (04/07/2015 10:02:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4


CodeIntegrity Errors:
===================================
  Date: 2014-11-27 19:40:45.241
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Definition Updates\{86B4870E-13E4-4BB2-A646-0A7E9DECCF60}\mpengine.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 27%
Total physical RAM: 8007.27 MB
Available physical RAM: 5827.74 MB
Total Pagefile: 9287.27 MB
Available Pagefile: 6314.99 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:299.37 GB) (Free:93.67 GB) NTFS
Drive f: () (Removable) (Total:59.45 GB) (Free:52.48 GB) exFAT
Drive g: (Volume) (Fixed) (Total:146.48 GB) (Free:79.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: ED70E460)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 59.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber · 08.04.2015, 16:00

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Harlequin08 · 09.04.2015, 18:43

Hallo,

anbei die gwünschten Logs:

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v4.201 - Bericht erstellt 09/04/2015 um 19:24:11
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Mustermann - Mustermann
# Gestarted von : C:\Users\Mustermann\Downloads\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : ReimageRealTimeProtector

***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\WINDOWS\Reimage.ini

***** [ Geplante Tasks ] *****

Task Gelöscht : ReimageUpdater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : HKCU\Software\Reimage
Schlüssel Gelöscht : HKU\.DEFAULT\Software\AskPartnerNetwork
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0.4 (x86 de)

[0aer7yhu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
[0aer7yhu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,toolbar%40gmx.net:3.0.5,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0.4");
[0aer7yhu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar_AVIRA-V7C@apn.ask.com.install-event-fired", true);
[0aer7yhu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\CarlS\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\0aer7yhu.default\\\\extensions\\\\abs@avi[...]

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [6849 Bytes] - [27/11/2014 20:30:41]
AdwCleaner[R1].txt - [3091 Bytes] - [09/04/2015 19:21:38]
AdwCleaner[S0].txt - [6273 Bytes] - [27/11/2014 20:33:52]
AdwCleaner[S1].txt - [2981 Bytes] - [09/04/2015 19:24:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3040  Bytes] ##########

JTR:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 8.1 x64
Ran by Mustermann on 09.04.2015 at 19:34:20,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e8ed77-2fba-4ec6-bc07-65de4de6709f}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{e7e8ed77-2fba-4ec6-bc07-65de4de6709f}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{e7e8ed77-2fba-4ec6-bc07-65de4de6709f}



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\flexnet"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Mustermann\AppData\Roaming\mozilla\firefox\profiles\0aer7yhu.default\extensions\toolbar@gmx.net
Emptied folder: C:\Users\Mustermann\AppData\Roaming\mozilla\firefox\profiles\0aer7yhu.default\minidumps [48 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.04.2015 at 19:36:42,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und abschließender FRST log:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Mustermann (administrator) on CARL on 09-04-2015 19:39:01
Running from C:\Users\Mustermann\Downloads
Loaded Profiles: Mustermann (Available profiles: Mustermann & UpdatusUser)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\CarlS\Downloads\FRST64(1).exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2013-01-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-07-31] ()
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3175282945-3325030847-1761490177-1002\...\Run: [Facebook Update] => C:\Users\Mustermann\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-18] (Facebook Inc.)
HKU\S-1-5-21-3175282945-3325030847-1761490177-1002\...\Run: [Spotify Web Helper] => C:\Users\Mustermann\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-21] (Spotify Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\Mustermann\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3175282945-3325030847-1761490177-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-3175282945-3325030847-1761490177-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3175282945-3325030847-1761490177-1002 -> {47E0EADF-F0EE-44A5-B2C0-A8860BDE5DCB} URL = 
BHO: No Name -> {41564952-412D-5637-4300-7A786E7484D7} ->  No File
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-07-31] (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-25] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-25] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 62.21.99.94 62.21.99.95

FireFox:
========
FF ProfilePath: C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default
FF DefaultSearchEngine: Google
FF Homepage: www.google.de
FF NetworkProxy: "http", "193.254.236.82"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-01-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin HKU\S-1-5-21-3175282945-3325030847-1761490177-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mustermann\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF SearchPlugin: C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\searchplugins\englische-ergebnisse.xml [2014-06-07]
FF SearchPlugin: C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\searchplugins\gmx-suche.xml [2014-06-07]
FF SearchPlugin: C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\searchplugins\lastminute.xml [2014-04-27]
FF SearchPlugin: C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\searchplugins\webde-suche.xml [2014-06-07]
FF Extension: Avira Browser Safety - C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\Extensions\abs@avira.com [2015-04-06]
FF Extension: DivX Web Player - C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\Extensions\DivXWebPlayer@divx.com.xpi [2013-01-26]
FF Extension: Adblock Plus - C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-25]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR Profile: C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-27] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-27] (Dritek System Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 cpuz134; \??\C:\Users\Mustermann\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 19:38 - 2015-04-09 19:38 - 02095616 _____ (Farbar) C:\Users\Mustermann\Downloads\FRST64(1).exe
2015-04-09 19:36 - 2015-04-09 19:36 - 00001449 _____ () C:\Users\Mustermann\Desktop\JRT.txt
2015-04-09 19:34 - 2015-04-09 19:34 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-CARL-Windows-8.1-(64-bit).dat
2015-04-09 19:34 - 2015-04-09 19:34 - 00000000 ____D () C:\RegBackup
2015-04-09 19:33 - 2015-04-09 19:34 - 02686959 _____ (Thisisu) C:\Users\Mustermann\Downloads\JRT.exe
2015-04-09 19:28 - 2015-04-09 19:28 - 00003140 _____ () C:\Users\Mustermann\Desktop\AdwCleaner[S1].txt
2015-04-09 19:20 - 2015-04-09 19:21 - 02217984 _____ () C:\Users\Mustermann\Downloads\AdwCleaner_4.201.exe
2015-04-08 09:10 - 2015-04-08 09:10 - 00026821 _____ () C:\Users\Mustermann\Downloads\Addition.txt
2015-04-08 09:09 - 2015-04-09 19:39 - 00016928 _____ () C:\Users\Mustermann\Downloads\FRST.txt
2015-04-08 09:09 - 2015-04-09 19:39 - 00000000 ____D () C:\FRST
2015-04-08 09:08 - 2015-04-08 09:08 - 02095616 _____ (Farbar) C:\Users\Mustermann\Downloads\FRST64.exe
2015-04-08 02:09 - 2015-04-08 02:09 - 00001198 _____ () C:\Users\Mustermann\Desktop\MBAM.txt
2015-04-08 01:23 - 2015-04-08 01:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mustermann\Downloads\HijackThis.exe
2015-04-08 00:32 - 2015-04-08 01:14 - 00001249 _____ () C:\Users\Mustermann\Desktop\Mustermann.txt
2015-04-07 22:28 - 2015-04-09 19:24 - 00000000 ____D () C:\Users\TEMP
2015-04-07 22:07 - 2015-04-08 01:52 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-07 22:07 - 2015-04-07 22:07 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-07 22:07 - 2015-04-07 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-07 22:07 - 2015-04-07 22:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-07 22:07 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-07 22:07 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-07 22:07 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-07 22:05 - 2015-04-07 22:06 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\CarlS\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-07 21:54 - 2015-04-09 19:25 - 00176630 _____ () C:\WINDOWS\PFRO.log
2015-04-07 21:51 - 2015-04-07 21:51 - 00768512 _____ (Reimage®) C:\Users\Mustermann\Downloads\ReimageRepair(1).exe
2015-04-07 21:47 - 2015-04-09 19:25 - 00000231 _____ () C:\WINDOWS\setupact.log
2015-04-07 21:47 - 2015-04-07 21:47 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-07 21:00 - 2015-04-07 21:00 - 00768512 _____ (Reimage®) C:\Users\Mustermann\Downloads\ReimageRepair.exe
2015-03-24 20:44 - 2015-03-24 20:45 - 00000000 ____D () C:\Users\Mustermann\AppData\Local\Adobe
2015-03-22 11:34 - 2015-04-09 19:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 19:34 - 2012-12-25 17:33 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3175282945-3325030847-1761490177-1002
2015-04-09 19:33 - 2014-11-28 18:55 - 01742353 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-09 19:32 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-09 19:32 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-09 19:32 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-09 19:30 - 2014-05-18 17:33 - 00000000 ____D () C:\Users\CarlS\AppData\Roaming\Curse Client
2015-04-09 19:30 - 2012-12-25 17:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-09 19:29 - 2014-11-29 11:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-09 19:29 - 2014-11-29 11:13 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-09 19:29 - 2014-11-29 11:13 - 00000000 ____D () C:\ProgramData\Avira
2015-04-09 19:25 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-09 19:24 - 2014-11-27 20:30 - 00000000 ____D () C:\AdwCleaner
2015-04-09 19:22 - 2013-12-20 13:39 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FBA75E87-19D9-4287-B943-B34BFC57BD11}
2015-04-08 13:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-08 12:45 - 2012-12-25 17:48 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-08 11:42 - 2013-03-18 21:37 - 00000938 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3175282945-3325030847-1761490177-1002UA.job
2015-04-08 01:25 - 2014-01-18 00:31 - 00012271 _____ () C:\Users\Mustermann\Downloads\hijackthis.log
2015-04-07 22:43 - 2012-12-29 18:32 - 00000000 ____D () C:\Filme
2015-04-07 22:42 - 2013-11-08 09:40 - 00000000 ____D () C:\Users\Mustermann\AppData\Local\Deployment
2015-04-07 22:40 - 2013-03-28 22:32 - 00000000 ____D () C:\Users\Mustermann\Desktop\Music 2013
2015-04-07 22:25 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-07 21:45 - 2013-01-06 21:05 - 00799744 ___SH () C:\Users\Mustermann\Desktop\Thumbs.db
2015-04-07 21:36 - 2015-02-10 20:20 - 00001937 _____ () C:\Users\Mustermann\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-04-07 21:36 - 2015-01-28 22:46 - 00000000 ____D () C:\Users\Mustermann\AppData\Local\Research In Motion
2015-04-07 21:36 - 2015-01-28 22:45 - 00000000 ____D () C:\ProgramData\Research In Motion
2015-04-07 21:30 - 2014-11-29 11:23 - 00000000 ____D () C:\Users\Mustermann\AppData\Roaming\Avira
2015-04-07 20:42 - 2013-03-18 21:37 - 00000916 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3175282945-3325030847-1761490177-1002Core.job
2015-04-07 18:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-06 15:37 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-24 20:44 - 2012-12-25 17:48 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-03-22 22:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-22 17:53 - 2014-10-05 12:13 - 00000000 ____D () C:\Users\Mustermann\AppData\Roaming\Spotify
2015-03-22 14:45 - 2014-10-05 12:13 - 00000000 ____D () C:\Users\Mustermann\AppData\Local\Spotify
2015-03-11 18:35 - 2013-08-22 16:44 - 00410792 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-11 18:29 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-03-11 18:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-11 18:29 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-03-11 18:29 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-03-11 18:28 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-03-11 18:28 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-03-11 18:27 - 2013-08-22 17:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2015-03-11 18:27 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-03-11 18:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-03-11 18:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-03-11 18:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2015-03-11 18:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-03-11 18:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-03-11 18:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2015-03-11 18:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\IME
2015-03-11 18:27 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-03-11 18:27 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-03-11 18:27 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-03-11 18:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-03-11 18:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-03-11 18:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-03-11 18:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-03-10 23:10 - 2014-11-29 11:16 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-03-10 23:10 - 2014-11-29 11:16 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-03-10 23:10 - 2014-11-29 11:16 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys

==================== Files in the root of some directories =======

2014-02-28 17:26 - 2014-02-28 17:26 - 0000033 _____ () C:\Users\Mustermann\AppData\Roaming\gnuplot_history
2015-02-10 20:57 - 2015-02-10 21:48 - 0000154 _____ () C:\Users\Mustermann\AppData\Roaming\Rim.Desktop.Exception.log
2015-02-10 20:20 - 2015-04-07 21:36 - 0001937 _____ () C:\Users\Mustermann\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-02-10 20:57 - 2015-02-10 21:48 - 0000154 _____ () C:\Users\Mustermann\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-02-10 21:25 - 2015-02-10 21:48 - 0000154 _____ () C:\Users\Mustermann\AppData\Roaming\Rim.Transcoder.Exception.log
2015-02-10 21:25 - 2015-02-10 21:43 - 0026624 _____ () C:\Users\Mustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-02 18:40 - 2014-03-02 18:40 - 0002577 _____ () C:\Users\Mustermann\AppData\Local\recently-used.xbel
2013-08-08 17:41 - 2013-08-08 17:41 - 0007605 _____ () C:\Users\Mustermann\AppData\Local\Resmon.ResmonCfg
2012-08-27 03:25 - 2012-08-27 03:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Mustermann\AppData\Local\Temp\avgnt.exe
C:\Users\Mustermann\AppData\Local\Temp\Quarantine.exe
C:\Users\Mustermann\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Mustermann\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-02-01 18:50

==================== End Of Log ============================

--- --- ---

schrauber · 10.04.2015, 07:58

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Harlequin08 · 14.04.2015, 20:44

Hallo schrauber,

sorry für die späte Antwort, jetzt hatte mich ein menschlicher Virus heimgesucht *lach*

Anyways, anbei die gemachten Schritte:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8465841c9b0c2d4094ccf8b3a5a0d620
# engine=23381
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-14 07:27:57
# local_time=2015-04-14 09:27:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 66 85 12878873 19343996 0 0
# scanned=281704
# found=10
# cleaned=0
# scan_time=6833
sh=C761F63FE114F471F50BEA4DEB2B03C464DCEC82 ft=1 fh=37598171c3800b46 vn="Win32/Packed.ScrambleWrapper.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvidCodec.com\HDvidCodecIE.exe.vir"
sh=98DFDE80F704942E1F411022727EADCD0291AB5E ft=1 fh=85c205627a968519 vn="Win32/Packed.ScrambleWrapper.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvidCodec.com\hdvidextsetup.exe.vir"
sh=6691CE7F4CB2119170E25894A026EB1E51B580C5 ft=0 fh=0000000000000000 vn="JS/Adware.ShoppingSuggestion.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mustermann\AppData\Roaming\D394D188-BAC7-4e03-8FAF-389A4D7EC6F4\ejbpjlaagejfakeobljhgplbgklgemll.crx.vir"
sh=B68A87B12B8B8614E180CD579657402A3F246EA0 ft=1 fh=6eda9d2956ffcfa1 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mustermann\AppData\Roaming\OpenCandy\D308324A72DF4534BB07E185E7307C0E\speedupmypcROE.exe.vir"
sh=AE4FEF90B79EC983B36A06AEF027DAAB7434F948 ft=0 fh=0000000000000000 vn="Win32/AlteredSoftware.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mustermann\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi"
sh=558687B2FE00471CF0DDECD467438A3C4853A321 ft=1 fh=7fe9029316ed1d75 vn="Win32/ReImageRepair.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mustermann\AppData\Local\Temp\ReimagePackage.exe"
sh=3FBAEE4FE36CD4A254A2C166DE125C9459215FD4 ft=1 fh=b2961f1cd3c95b67 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mustermann\Downloads\Hotspot-Shield-lnstall.exe"
sh=D2E5CBD8EABFC95BABFDC64486C1C1CBA74249C1 ft=1 fh=165c666db1cc561d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mustermann\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe"
sh=45E7449F1A82158B429BE44611AE49BCEFDAB6E1 ft=1 fh=dffb77abfb1a8bfc vn="Win32/ReImageRepair.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\CarlS\Downloads\ReimageRepair(1).exe"
sh=45E7449F1A82158B429BE44611AE49BCEFDAB6E1 ft=1 fh=dffb77abfb1a8bfc vn="Win32/ReImageRepair.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\CarlS\Downloads\ReimageRepair.exe"

Ich vermute mal davon können einige runter, nicht wahr?

Schritt 2:

Code:

ATTFilter

 Results of screen317's Security Check version 1.00  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus    
Windows Defender   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
 Java version 32-bit out of Date! 
 Adobe Flash Player 	17.0.0.169  
 Mozilla Firefox (37.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

und ein frisches FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by Mustermann (administrator) on Mustermann on 14-04-2015 21:37:28
Running from C:\Users\Mustermann\Downloads
Loaded Profiles: Mustermann & UpdatusUser (Available profiles: Mustermann & UpdatusUser)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\CarlS\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2013-01-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-07-31] ()
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3175282945-3325030847-1761490177-1002\...\Run: [Facebook Update] => C:\Users\Mustermann\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-18] (Facebook Inc.)
HKU\S-1-5-21-3175282945-3325030847-1761490177-1002\...\Run: [Spotify Web Helper] => C:\Users\CarlS\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-21] (Spotify Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\Mustermann\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3175282945-3325030847-1761490177-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-3175282945-3325030847-1761490177-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
URLSearchHook: [S-1-5-21-3175282945-3325030847-1761490177-1005] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3175282945-3325030847-1761490177-1002 -> {47E0EADF-F0EE-44A5-B2C0-A8860BDE5DCB} URL = 
BHO: No Name -> {41564952-412D-5637-4300-7A786E7484D7} ->  No File
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-07-31] (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-25] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-25] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 62.21.99.94 62.21.99.95

FireFox:
========
FF ProfilePath: C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default
FF DefaultSearchEngine: Google
FF Homepage: www.google.de
FF NetworkProxy: "http", "193.254.236.82"
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-01-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin HKU\S-1-5-21-3175282945-3325030847-1761490177-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mustermann\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF SearchPlugin: C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\searchplugins\englische-ergebnisse.xml [2014-06-07]
FF SearchPlugin: C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\searchplugins\gmx-suche.xml [2014-06-07]
FF SearchPlugin: C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\searchplugins\lastminute.xml [2014-04-27]
FF SearchPlugin: C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\searchplugins\webde-suche.xml [2014-06-07]
FF Extension: Avira Browser Safety - C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\Extensions\abs@avira.com [2015-04-06]
FF Extension: DivX Web Player - C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\Extensions\DivXWebPlayer@divx.com.xpi [2013-01-26]
FF Extension: Adblock Plus - C:\Users\Mustermann\AppData\Roaming\Mozilla\Firefox\Profiles\0aer7yhu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-25]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR Profile: C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations) [File not signed]
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-27] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-27] (Dritek System Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 cpuz134; \??\C:\Users\Mustermann\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 21:37 - 2015-04-14 21:37 - 00000000 ____D () C:\Users\Mustermann\Downloads\FRST-OlderVersion
2015-04-14 21:36 - 2015-04-14 21:36 - 00000803 _____ () C:\Users\Mustermann\Desktop\checkup.txt
2015-04-14 21:34 - 2015-04-14 21:34 - 00852616 _____ () C:\Users\Mustermann\Downloads\SecurityCheck.exe
2015-04-14 19:29 - 2015-04-14 19:29 - 02347384 _____ (ESET) C:\Users\Mustermann\Downloads\esetsmartinstaller_deu.exe
2015-04-09 19:36 - 2015-04-09 19:36 - 00001449 _____ () C:\Users\Mustermann\Desktop\JRT.txt
2015-04-09 19:34 - 2015-04-09 19:34 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-Mustermann-Windows-8.1-(64-bit).dat
2015-04-09 19:34 - 2015-04-09 19:34 - 00000000 ____D () C:\RegBackup
2015-04-09 19:33 - 2015-04-09 19:34 - 02686959 _____ (Thisisu) C:\Users\Mustermann\Downloads\JRT.exe
2015-04-09 19:28 - 2015-04-09 19:28 - 00003140 _____ () C:\Users\Mustermann\Desktop\AdwCleaner[S1].txt
2015-04-09 19:20 - 2015-04-09 19:21 - 02217984 _____ () C:\Users\Mustermann\Downloads\AdwCleaner_4.201.exe
2015-04-08 09:10 - 2015-04-08 09:10 - 00026821 _____ () C:\Users\Mustermann\Downloads\Addition.txt
2015-04-08 09:09 - 2015-04-14 21:37 - 00018495 _____ () C:\Users\Mustermann\Downloads\FRST.txt
2015-04-08 09:09 - 2015-04-14 21:37 - 00000000 ____D () C:\FRST
2015-04-08 09:08 - 2015-04-14 21:37 - 02096640 _____ (Farbar) C:\Users\Mustermann\Downloads\FRST64.exe
2015-04-08 02:09 - 2015-04-08 02:09 - 00001198 _____ () C:\Users\Mustermann\Desktop\MBAM.txt
2015-04-08 01:23 - 2015-04-08 01:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mustermann\Downloads\HijackThis.exe
2015-04-08 00:32 - 2015-04-08 01:14 - 00001249 _____ () C:\Users\Mustermann\Desktop\Mustermann.txt
2015-04-07 22:28 - 2015-04-09 19:24 - 00000000 ____D () C:\Users\TEMP
2015-04-07 22:07 - 2015-04-08 01:52 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-07 22:07 - 2015-04-07 22:07 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-07 22:07 - 2015-04-07 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-07 22:07 - 2015-04-07 22:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-07 22:07 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-07 22:07 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-07 22:07 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-07 22:05 - 2015-04-07 22:06 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Mustermann\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-07 21:54 - 2015-04-09 19:25 - 00176630 _____ () C:\WINDOWS\PFRO.log
2015-04-07 21:51 - 2015-04-07 21:51 - 00768512 _____ (Reimage®) C:\Users\Mustermann\Downloads\ReimageRepair(1).exe
2015-04-07 21:47 - 2015-04-14 18:17 - 00000385 _____ () C:\WINDOWS\setupact.log
2015-04-07 21:47 - 2015-04-07 21:47 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-07 21:00 - 2015-04-07 21:00 - 00768512 _____ (Reimage®) C:\Users\Mustermann\Downloads\ReimageRepair.exe
2015-03-24 20:44 - 2015-03-24 20:45 - 00000000 ____D () C:\Users\Mustermann\AppData\Local\Adobe
2015-03-22 11:34 - 2015-04-09 19:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-14 20:45 - 2012-12-25 17:48 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-14 20:42 - 2013-03-18 21:37 - 00000938 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3175282945-3325030847-1761490177-1002UA.job
2015-04-14 20:42 - 2013-03-18 21:37 - 00000916 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3175282945-3325030847-1761490177-1002Core.job
2015-04-14 20:26 - 2014-11-28 18:55 - 01966916 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-14 18:45 - 2012-12-25 17:48 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 18:19 - 2013-12-20 13:39 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FBA75E87-19D9-4287-B943-B34BFC57BD11}
2015-04-13 21:11 - 2014-05-18 17:33 - 00000000 ____D () C:\Users\Mustermann\AppData\Roaming\Curse Client
2015-04-13 19:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-13 18:53 - 2013-11-03 00:55 - 00000000 ____D () C:\Users\Mustermann
2015-04-13 18:52 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-13 18:52 - 2012-12-25 17:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-09 20:43 - 2012-12-25 17:33 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3175282945-3325030847-1761490177-1002
2015-04-09 19:32 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-09 19:32 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-09 19:32 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-09 19:29 - 2014-11-29 11:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-09 19:29 - 2014-11-29 11:13 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-09 19:29 - 2014-11-29 11:13 - 00000000 ____D () C:\ProgramData\Avira
2015-04-09 19:24 - 2014-11-27 20:30 - 00000000 ____D () C:\AdwCleaner
2015-04-08 01:25 - 2014-01-18 00:31 - 00012271 _____ () C:\Users\Mustermann\Downloads\hijackthis.log
2015-04-07 22:43 - 2012-12-29 18:32 - 00000000 ____D () C:\Filme
2015-04-07 22:42 - 2013-11-08 09:40 - 00000000 ____D () C:\Users\Mustermann\AppData\Local\Deployment
2015-04-07 22:40 - 2013-03-28 22:32 - 00000000 ____D () C:\Users\Mustermann\Desktop\Music 2013
2015-04-07 22:25 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-07 21:45 - 2013-01-06 21:05 - 00799744 ___SH () C:\Users\Mustermann\Desktop\Thumbs.db
2015-04-07 21:36 - 2015-02-10 20:20 - 00001937 _____ () C:\Users\Mustermann\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-04-07 21:36 - 2015-01-28 22:46 - 00000000 ____D () C:\Users\Mustermann\AppData\Local\Research In Motion
2015-04-07 21:36 - 2015-01-28 22:45 - 00000000 ____D () C:\ProgramData\Research In Motion
2015-04-07 21:30 - 2014-11-29 11:23 - 00000000 ____D () C:\Users\Mustermann\AppData\Roaming\Avira
2015-04-06 15:37 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-22 22:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-22 17:53 - 2014-10-05 12:13 - 00000000 ____D () C:\Users\Mustermann\AppData\Roaming\Spotify
2015-03-22 14:45 - 2014-10-05 12:13 - 00000000 ____D () C:\Users\Mustermann\AppData\Local\Spotify

==================== Files in the root of some directories =======

2014-02-28 17:26 - 2014-02-28 17:26 - 0000033 _____ () C:\Users\Mustermann\AppData\Roaming\gnuplot_history
2015-02-10 20:57 - 2015-02-10 21:48 - 0000154 _____ () C:\Users\Mustermann\AppData\Roaming\Rim.Desktop.Exception.log
2015-02-10 20:20 - 2015-04-07 21:36 - 0001937 _____ () C:\Users\Mustermann\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-02-10 20:57 - 2015-02-10 21:48 - 0000154 _____ () C:\Users\Mustermann\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-02-10 21:25 - 2015-02-10 21:48 - 0000154 _____ () C:\Users\Mustermann\AppData\Roaming\Rim.Transcoder.Exception.log
2015-02-10 21:25 - 2015-02-10 21:43 - 0026624 _____ () C:\Users\Mustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-02 18:40 - 2014-03-02 18:40 - 0002577 _____ () C:\Users\Mustermann\AppData\Local\recently-used.xbel
2013-08-08 17:41 - 2013-08-08 17:41 - 0007605 _____ () C:\Users\Mustermann\AppData\Local\Resmon.ResmonCfg
2012-08-27 03:25 - 2012-08-27 03:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Mustermann\AppData\Local\Temp\avgnt.exe
C:\Users\Mustermann\AppData\Local\Temp\Quarantine.exe
C:\Users\Mustermann\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Mustermann\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-02-01 18:50

==================== End Of Log ============================

--- --- ---

schrauber · 15.04.2015, 10:59

Java udpaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\Mustermann\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi

C:\Users\Mustermann\AppData\Local\Temp\ReimagePackage.exe

C:\Users\Mustermann\Downloads\Hotspot-Shield-lnstall.exe

C:\Users\Mustermann\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe

C:\Users\CarlS\Downloads\ReimageRepair(1).exe

C:\Users\CarlS\Downloads\ReimageRepair.exe
FF NetworkProxy: "http", "193.254.236.82"
FF NetworkProxy: "type", 4
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Noch Probleme?

Harlequin08 · 15.04.2015, 16:48

Hier gibts den Inhalt

(Kannst du mir bitte Grob sagen, was bisher so das Problem war bzw was ich mir eingefangen hatte?)

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 02
Ran by Mustermann at 2015-04-15 17:42:41 Run:1
Running from C:\Users\Mustermann\Downloads
Loaded Profiles: Mustermann & UpdatusUser (Available profiles: Mustermann & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Mustermann\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi

C:\Users\Mustermann\AppData\Local\Temp\ReimagePackage.exe

C:\Users\Mustermann\Downloads\Hotspot-Shield-lnstall.exe

C:\Users\Mustermann\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe

C:\Users\Mustermann\Downloads\ReimageRepair(1).exe

C:\Users\Mustermann\Downloads\ReimageRepair.exe
FF NetworkProxy: "http", "193.254.236.82"
FF NetworkProxy: "type", 4
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
Emptytemp:
         
*****************

C:\Users\Mustermann\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi => Moved successfully.
C:\Users\Mustermann\AppData\Local\Temp\ReimagePackage.exe => Moved successfully.
C:\Users\Mustermann\Downloads\Hotspot-Shield-lnstall.exe => Moved successfully.
C:\Users\Mustermann\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe => Moved successfully.
C:\Users\Mustermann\Downloads\ReimageRepair(1).exe => Moved successfully.
C:\Users\Mustermann\Downloads\ReimageRepair.exe => Moved successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
esgiguard => Service deleted successfully.
EmptyTemp: => Removed 469.6 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 17:43:12 ====

Gruss,
Harlequin

schrauber · 16.04.2015, 06:46

Jede Menge Adware

. Meine Frage von oben?

Harlequin08 · 17.04.2015, 07:49

Vielen Dank schrauber!

Ja es scheint schon viel besser zu laufen. (Von sagen wir mal 10 zeitweisen hohen pings, tritt jetzt nur noch einer vereinzelt aut!)

Vielen Dank!

schrauber · 17.04.2015, 19:41

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

16.04.2015, 06:46	#10
schrauber /// the machine /// TB-Ausbilder	Lüfter lauter als normal, stellenweise hohe pings sowie deutlich schlechtere PC performance Jede Menge Adware . Meine Frage von oben? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Lüfter lauter als normal, stellenweise hohe pings sowie deutlich schlechtere PC performance

Log-Analyse und Auswertung: Lüfter lauter als normal, stellenweise hohe pings sowie deutlich schlechtere PC performance