Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   LowPricesApp nicht deinstallierbar u. evtl. andere unerwünschte Gäste auf Laptop (https://www.trojaner-board.de/162142-lowpricesapp-deinstallierbar-u-evtl-andere-unerwuenschte-gaeste-laptop.html)

Dan512 24.12.2014 19:40
LowPricesApp nicht deinstallierbar u. evtl. andere unerwünschte Gäste auf Laptop
 
Guten Tag!
Beim Laptop meiner Mutter sind meinem Empfinden nach verschiedene Dinge komisch:

Ein Programm namens LowPrices App geht nicht zu deinstallieren. (Versuch über Systemsteuerung --> Programme. Es kommt in der Fehlermeldung, dass erst der Browser geschlossen werden müsste, aber auch nach dem Schließen aller Browser erscheint dieselbe Meldung)

Außerdem befinden sich auf ihrem Laufwerk verschiedene Ordner (teilweise mit Inhalt, teils ohne), die sie ihrer Aussage nach nie angelegt hat oder nie benutzt und die komisch klingen, z.B.: ProcAlyzer Dumps oder Cyber Link oder auch "2a837c06416174a9edb20a".

Zudem hat sie in ihrem Firefox Browser beim Surfen immer extrem viel Werbung, viel mehr Popups, als ich es von mir selbst so kenne. Da habe ich nix Handfestes nur einen Eindruck.

Und gestern habe ich länger damit zu tun gehabt, eine Yahoo Smartbar oder so zu deinstallieren. Bin unsicher, ob ich das Ding tatsächlich entfernen konnte.

Ich bin alle Schritte durchgegangen und habe die angegebenen Programme runtergeladen und durchgeführt. Hier alle log files, die ich nun habe. Ich hoffe, Sie können mir damit weiterhelfen.

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:54 on 24/12/2014 (reifertlutz)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-12-2014
Ran by reifertlutz (administrator) on REIFERTLUTZPC on 24-12-2014 17:02:05
Running from C:\Users\reifertlutz\Desktop
Loaded Profiles: UpdatusUser & reifertlutz (Available profiles: UpdatusUser & reifertlutz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ScanSoft, Inc) C:\Program Files (x86)\ScanSoft\OmniPageSE\opware32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Omnipage] => C:\Program Files (x86)\ScanSoft\OmniPageSE\opware32.exe [49152 2002-06-03] (ScanSoft, Inc)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Registry Helper] => "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot
HKLM-x32\...\Run: [gmsd_de_5] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [451656 2013-01-07] (TomTom)
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\RunOnce: [Adobe Speed Launcher] => 1419426807
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\MountPoints2: {ca82d418-4e18-11e3-bc28-e840f2ee9318} - E:\PMCsetup.exe
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Users\reifertlutz\AppData\Local\Smartbar\Application\Resources\crdlil64.dll => C:\Users\reifertlutz\AppData\Local\Smartbar\Application\Resources\crdlil64.dll File Not Found
AppInit_DLLs-x32: C:\Users\reifertlutz\AppData\Local\Smartbar\Application\Resources\crdlil.dll => "C:\Users\reifertlutz\AppData\Local\Smartbar\Application\Resources\crdlil.dll" File Not Found
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1723013525-2470266197-251947448-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55362;https=127.0.0.1:55362
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1723013525-2470266197-251947448-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2EqdGVodG4L_T5f0yJbcw,,&q={searchTerms}
HKU\S-1-5-21-1723013525-2470266197-251947448-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDMGQWKF413qRRwzPQdBHfLzh0wK3nA05uHYVIT1oxO7YvU9twQ36bj4bnlb7TmeHsEz1f7jtZc87nomGBBuHJ-zEqjzdWo5tF3Lw,,
HKU\S-1-5-21-1723013525-2470266197-251947448-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2EqdGVodG4L_T5f0yJbcw,,&q={searchTerms}
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2Es2GWEDmmh7BWRyM-znw,,&q={searchTerms}
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2Es2GWEDmmh7BWRyM-znw,,&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0EzytAtCzzyD0FyCzztN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyB0DyC0A0CtDtCtAtGtA0DyB0FtGzytB0A0FtGyBtC0FyBtGtB0F0BtCyD0DtBtC0ByBtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzztD0C0CtAzytG0DtA0EtCtGyEtD0D0EtGzzyByCyDtGyC0DtCyEtCzz0EtA0ByB0F0B2Q&cr=593722260&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0EzytAtCzzyD0FyCzztN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyB0DyC0A0CtDtCtAtGtA0DyB0FtGzytB0A0FtGyBtC0FyBtGtB0F0BtCyD0DtBtC0ByBtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzztD0C0CtAzytG0DtA0EtCtGyEtD0D0EtGzzyByCyDtGyC0DtCyEtCzz0EtA0ByB0F0B2Q&cr=593722260&ir=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2EqdGVodG4L_T5f0yJbcw,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2EqdGVodG4L_T5f0yJbcw,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1723013525-2470266197-251947448-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2EqdGVodG4L_T5f0yJbcw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1723013525-2470266197-251947448-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2EqdGVodG4L_T5f0yJbcw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1723013525-2470266197-251947448-1002 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2Es2GWEDmmh7BWRyM-znw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1723013525-2470266197-251947448-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0EzytAtCzzyD0FyCzztN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyB0DyC0A0CtDtCtAtGtA0DyB0FtGzytB0A0FtGyBtC0FyBtGtB0F0BtCyD0DtBtC0ByBtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzztD0C0CtAzytG0DtA0EtCtGyEtD0D0EtGzzyByCyDtGyC0DtCyEtCzz0EtA0ByB0F0B2Q&cr=593722260&ir=
BHO: ShopperMaster -> {09927aae-8774-4c72-9dbc-b19f4a38acbb} -> C:\ProgramData\ShopperMaster\TaoMOu7rIlcrtR.x64.dll ()
BHO: couponpeak -> {60cb15be-fce5-4a1e-9e14-1cc0c1d0e0ec} -> C:\ProgramData\couponpeak\GjVEn08npnXlKh.x64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1723013525-2470266197-251947448-1002 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Trovi search
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default\user.js
FF SearchPlugin: C:\Users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default\searchplugins\Vosteran.xml
FF SearchPlugin: C:\Users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default\searchplugins\Web Search.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-08]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M5AE1C9F4-0501-4F28-9D66-1AAF41D1F6E3&SearchSource=55&CUI=&UM=6&UP=SPD9412EA5-D678-44D3-BE8F-FB26BBC5D715&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M5AE1C9F4-0501-4F28-9D66-1AAF41D1F6E3&SearchSource=55&CUI=&UM=6&UP=SPD9412EA5-D678-44D3-BE8F-FB26BBC5D715&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=M1E859DE7-F995-40EE-BB77-6692DDBDBFF1&SearchSource=58&CUI=&UM=6&UP=SPE12761E0-85FC-440B-AFC2-A3044952925B&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Mah Jong Connect) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\agfjdflmdlnffhlfmjdpbcoccaeamikk [2014-11-22]
CHR Extension: (Docs) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-12]
CHR Extension: (Google Drive) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-12]
CHR Extension: (YouTube) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-12]
CHR Extension: (McAfee Security Scan+) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-07-12]
CHR Extension: (Google Search) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-12]
CHR Extension: (Torrent Beast) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjceekmpapinmdhfghihaeikdmbdnipm [2014-10-29]
CHR Extension: (CoolSaleCoupon) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfgpollmkoiapcljppikcfofdmnmmdfb [2014-10-29]
CHR Extension: (Google Wallet) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-12]
CHR Extension: (Tab Bundler) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooajenhhhbdbcolenhmmkgmkcocfdahd [2014-11-07]
CHR Extension: (Gmail) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-12]
CHR Extension: (Domain Availability Checker and Whois Lookup) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokekecininnhejfkgcbnekjddnepope [2014-11-07]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - No Path
CHR HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [34304 2014-08-27] () [File not signed] <==== ATTENTION
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-24 17:02 - 2014-12-24 17:02 - 00026133 _____ () C:\Users\reifertlutz\Desktop\FRST.txt
2014-12-24 17:01 - 2014-12-24 17:02 - 00000000 ____D () C:\FRST
2014-12-24 16:59 - 2014-12-24 16:59 - 02122240 _____ (Farbar) C:\Users\reifertlutz\Desktop\FRST64.exe
2014-12-24 16:54 - 2014-12-24 16:54 - 00000484 _____ () C:\Users\reifertlutz\Desktop\defogger_disable.log
2014-12-24 16:54 - 2014-12-24 16:54 - 00000000 _____ () C:\Users\reifertlutz\defogger_reenable
2014-12-24 16:52 - 2014-12-24 16:53 - 00050477 _____ () C:\Users\reifertlutz\Desktop\Defogger.exe
2014-12-24 00:22 - 2014-12-24 00:22 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-24 00:22 - 2014-12-24 00:22 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-24 00:22 - 2014-12-24 00:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-23 22:08 - 2014-12-23 22:08 - 00000000 _____ () C:\autoexec.bat
2014-12-23 22:05 - 2014-12-23 22:05 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\reifertlutz\Downloads\sh-remover.exe
2014-12-22 23:36 - 2014-12-22 23:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-19 20:06 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-19 20:06 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-14 13:51 - 2014-12-14 13:51 - 00000162 ____H () C:\Users\reifertlutz\Documents\~$vent hat es mit Unterwegssein zu tun.odt
2014-12-13 13:19 - 2014-12-13 13:19 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 12:18 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 12:18 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-12 12:18 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-12 12:18 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-12 12:18 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-12 12:18 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-12 12:18 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-12 12:18 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-12 12:18 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-12 12:18 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-11 08:00 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 08:00 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 08:00 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 08:00 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 08:00 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 08:00 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 08:00 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 08:00 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 08:00 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 08:00 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 08:00 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 08:00 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 08:00 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 08:00 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 08:00 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 08:00 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 08:00 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 08:00 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 08:00 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 08:00 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 08:00 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 08:00 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 08:00 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 08:00 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 08:00 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 08:00 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 08:00 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 08:00 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 08:00 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 08:00 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 08:00 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 08:00 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 08:00 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 08:00 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 08:00 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 08:00 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 08:00 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 08:00 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 08:00 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 08:00 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 08:00 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 08:00 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 08:00 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 08:00 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 08:00 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 07:59 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 07:59 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 07:59 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 07:59 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 07:59 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 07:59 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 07:59 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 07:59 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 07:59 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 07:59 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 07:59 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 07:59 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 07:59 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 07:59 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 07:59 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 07:59 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 07:59 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 07:59 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 07:59 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 07:59 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 07:58 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 07:58 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 07:58 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 07:58 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 07:58 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 07:58 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 07:58 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 07:58 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 07:58 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 07:58 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 07:58 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 07:58 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 07:58 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 07:58 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 14:57 - 2014-12-08 14:57 - 00000291 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-12-08 14:56 - 2014-12-08 14:56 - 00001425 _____ () C:\Users\reifertlutz\Desktop\Internet Explorer.lnk
2014-12-08 14:31 - 2014-12-24 00:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-08 13:20 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141208-132030.backup
2014-12-08 12:19 - 2014-12-08 12:19 - 00000000 ____D () C:\Users\reifertlutz\Documents\ProcAlyzer Dumps
2014-12-08 12:13 - 2014-12-08 12:13 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-08 12:12 - 2014-12-08 13:14 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-08 12:12 - 2014-12-08 12:19 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-08 12:12 - 2014-12-08 12:12 - 00001355 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-08 12:12 - 2014-12-08 12:12 - 00001343 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-12-08 12:12 - 2014-12-08 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-08 12:12 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-12-08 11:39 - 2014-12-08 11:39 - 00000000 ____D () C:\Program Files (x86)\predm
2014-12-03 10:00 - 2014-12-03 10:00 - 00011453 _____ () C:\Users\reifertlutz\Documents\Advent hat es mit Unterwegssein zu tun.odt
2014-12-01 21:10 - 2014-12-01 21:10 - 00000000 ____D () C:\ProgramData\LowPricesApp
2014-11-30 19:41 - 2014-12-08 12:08 - 00000000 ____D () C:\Program Files (x86)\KnockOffCoupons
2014-11-30 19:33 - 2014-11-30 19:33 - 00004036 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-11-30 19:31 - 2014-11-30 19:31 - 00003178 _____ () C:\Windows\System32\Tasks\Run_Bobby_Browser
2014-11-30 11:02 - 2014-11-30 11:02 - 00613057 _____ () C:\Users\reifertlutz\AppData\Local\nsd4B28.tmp
2014-11-30 11:00 - 2014-12-08 11:41 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\systweak
2014-11-30 11:00 - 2014-10-27 12:10 - 00020248 _____ () C:\Windows\system32\roboot64.exe
2014-11-30 10:56 - 2014-11-30 10:56 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\WSE_Vosteran
2014-11-30 10:14 - 2014-11-30 10:14 - 00000099 _____ () C:\Windows\Reimage.ini
2014-11-30 09:57 - 2014-11-30 09:57 - 00000000 __SHD () C:\Users\reifertlutz\AppData\Local\EmieUserList
2014-11-30 09:57 - 2014-11-30 09:57 - 00000000 __SHD () C:\Users\reifertlutz\AppData\Local\EmieSiteList
2014-11-30 09:57 - 2014-11-30 09:57 - 00000000 __SHD () C:\Users\reifertlutz\AppData\Local\EmieBrowserModeList
2014-11-30 09:53 - 2014-11-30 09:53 - 00000000 ____D () C:\ProgramData\GetDiscountApp
2014-11-30 09:42 - 2014-12-01 09:55 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-11-30 09:42 - 2014-12-01 09:55 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-11-30 09:42 - 2014-12-01 09:55 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-11-30 09:42 - 2014-11-30 11:04 - 00002840 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-11-30 09:42 - 2014-11-30 11:04 - 00002838 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-11-30 09:42 - 2014-11-30 11:04 - 00002838 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-11-30 09:41 - 2014-11-30 09:41 - 00613057 _____ () C:\Users\reifertlutz\AppData\Local\nsd8CA8.tmp
2014-11-30 09:41 - 2014-11-30 09:41 - 00000000 __SHD () C:\Users\reifertlutz\AppData\Roaming\AnyProtectEx
2014-11-30 09:31 - 2014-11-30 09:31 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\QuickScan

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-24 16:54 - 2012-09-09 13:30 - 00000000 ____D () C:\Users\reifertlutz
2014-12-24 16:48 - 2012-05-12 01:02 - 01546299 _____ () C:\Windows\WindowsUpdate.log
2014-12-24 16:47 - 2012-03-20 16:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-24 14:49 - 2012-09-19 21:14 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\Skype
2014-12-24 14:23 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-24 14:23 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-24 14:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-24 14:13 - 2009-07-14 05:51 - 00091164 _____ () C:\Windows\setupact.log
2014-12-24 14:12 - 2012-09-11 16:03 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\SoftGrid Client
2014-12-24 08:47 - 2010-11-21 04:47 - 00236956 _____ () C:\Windows\PFRO.log
2014-12-23 21:57 - 2014-07-12 06:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-22 23:36 - 2014-03-20 10:49 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-22 23:35 - 2014-11-17 12:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-22 23:35 - 2014-11-17 12:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-22 23:35 - 2014-03-19 22:28 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-22 23:28 - 2014-06-23 20:37 - 00000000 ____D () C:\Users\reifertlutz\AppData\Local\Adobe
2014-12-22 23:28 - 2012-03-20 16:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-22 23:28 - 2012-03-20 16:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-22 23:28 - 2012-03-20 16:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-22 19:21 - 2014-09-22 07:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-22 19:21 - 2012-03-20 15:51 - 00000000 ____D () C:\ProgramData\Skype
2014-12-22 19:18 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-21 19:52 - 2012-05-12 10:49 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-12-21 19:52 - 2012-05-12 10:49 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-12-21 19:52 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-21 19:41 - 2012-12-09 12:17 - 00000000 ____D () C:\Users\reifertlutz\Documents\Meine PSP-Dateien
2014-12-16 17:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 13:29 - 2012-03-20 16:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-13 13:19 - 2014-05-07 05:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-13 13:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-13 13:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 12:24 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 12:19 - 2012-09-21 20:32 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-08 14:57 - 2014-03-19 22:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-08 14:30 - 2014-07-12 08:05 - 00000600 _____ () C:\Users\reifertlutz\AppData\Roaming\winscp.rnd
2014-12-08 12:56 - 2014-11-02 19:59 - 00001417 _____ () C:\Windows\wininit.ini

Some content of TEMP:
====================
C:\Users\reifertlutz\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-16 16:56

==================== End Of Log ============================

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-12-2014
Ran by reifertlutz at 2014-12-24 17:02:50
Running from C:\Users\reifertlutz\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0530.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Creative Suite 2 (HKLM-x32\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version:  - )
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
ArcSoft PhotoBase 3 (HKLM-x32\...\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}) (Version:  - )
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )
CanoScan LiDE20,30 Manual (HKLM-x32\...\{B360A8E5-C171-4AAE-9777-65B3CDB0072C}) (Version:  - )
Corel Paint Shop Pro X (HKLM-x32\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.01 - Corel Inc)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digitale Bibliothek 3 (HKLM-x32\...\Digitale Bibliothek 3) (Version:  - )
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FOTOParadies (HKLM-x32\...\{1CEA14B0-9E95-43FC-8D79-C81D20052375}}_is1) (Version: 3.1.10.253 - Foto Online Service GmbH)
fourutility (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{28e4e445}) (Version:  - Software Publisher) <==== ATTENTION
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009F0}) (Version: 7.0.90 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
LowPricesApp (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - LowPricesApp) <==== ATTENTION
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyTomTom 3.2.0.906 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.906 - TomTom)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 285.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.90 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
OmniPage SE (HKLM-x32\...\{6249C22D-E6A8-407B-BA8B-40298848ED94}) (Version: 11.00.0001 - ScanSoft, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.17.5 - Synaptics Incorporated)
Vistaprint Fotobücher (HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\{BA786D68-3AD8-42DC-8BE1-9E09B4737A27}_is1) (Version:  - Vistaprint)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinSCP 5.5.4 (HKLM-x32\...\winscp3_is1) (Version: 5.5.4 - Martin Prikryl)
Yahoo Community Smartbar (x32 Version: 11.112.66.19229 - Linkury Inc.) Hidden <==== ATTENTION
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

21-12-2014 11:23:57 Windows Update
22-12-2014 23:34:01 Removed Java 7 Update 71
22-12-2014 23:35:06 Installed Java 7 Update 71

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C278042-3FB2-489E-8790-D4DC4350AA53} - System32\Tasks\{7776E575-8489-4E46-97D5-F38B25D4D7A0} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {2AC2889D-12FC-4503-B8F5-15AA11CA66E4} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {6042F8AC-461C-4F40-999D-0ADC231624E1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {62922AEF-E109-4C5D-80B2-3F5DF6EDAB78} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {69A61176-9374-4C75-BA61-76E3D3ECDFA6} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {758145A5-C992-45ED-88AC-FA02242CC387} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-22] (Adobe Systems Incorporated)
Task: {76D85C66-5F67-4931-9A32-C8EF4E7D4D09} - System32\Tasks\Run_Bobby_Browser => C:\Users\reifertlutz\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
Task: {8C67663A-8284-421D-A73E-E2B095E4E17D} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-07] (Acer Incorporated)
Task: {8F11DF9C-B127-4B76-BCD8-510A9FB53A25} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {94B70E48-C44E-464E-853C-6CC5DFE76639} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {A4B08B6B-2724-44F9-B250-AFDC1AC63C65} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E7ADFD12-AD2D-40AC-AEBC-7FCD17848EFC} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EA949005-C047-4FC8-BC8B-A2B7F2E6725A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {FB377EA3-758A-49F4-83C6-60A5A474F769} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2009-01-22 00:45 - 2009-01-22 00:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2012-03-20 16:07 - 2011-08-09 00:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-12-08 12:12 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-08 12:12 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-08 12:12 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-08 12:12 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-08 12:12 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-01-07 13:42 - 2013-01-07 13:42 - 00026184 _____ () C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll
2013-01-07 13:42 - 2013-01-07 13:42 - 00074312 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
2013-01-07 13:42 - 2013-01-07 13:42 - 00268360 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
2014-12-24 00:21 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1723013525-2470266197-251947448-500 - Administrator - Disabled)
Gast (S-1-5-21-1723013525-2470266197-251947448-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1723013525-2470266197-251947448-1003 - Limited - Enabled)
reifertlutz (S-1-5-21-1723013525-2470266197-251947448-1002 - Administrator - Enabled) => C:\Users\reifertlutz
UpdatusUser (S-1-5-21-1723013525-2470266197-251947448-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/24/2014 02:15:24 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Fehler bei der Registrierung des Click-2-Run-Pakets.

Error: (12/24/2014 02:15:24 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=F34}
Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.7140.5002.sft' herstellen (Rückgabecode 2460420A-40002EFD, ursprünglicher Rückgabecode 2460420A-40002EFD).

Error: (12/24/2014 02:14:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 08:50:01 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Fehler bei der Registrierung des Click-2-Run-Pakets.

Error: (12/24/2014 08:50:01 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=C54}
Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.7140.5002.sft' herstellen (Rückgabecode 2460420A-40002EFD, ursprünglicher Rückgabecode 2460420A-40002EFD).

Error: (12/24/2014 08:48:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 00:24:18 AM) (Source: MsiInstaller) (EventID: 11719) (User: reifertlutzpc)
Description: Product: Community Smartbar -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (12/24/2014 00:24:18 AM) (Source: MsiInstaller) (EventID: 11719) (User: reifertlutzpc)
Description: Product: Community Smartbar -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (12/22/2014 07:20:35 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Fehler bei der Registrierung des Click-2-Run-Pakets.

Error: (12/22/2014 07:20:35 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=10C8}
Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.7140.5002.sft' herstellen (Rückgabecode 2460420A-40002EFD, ursprünglicher Rückgabecode 2460420A-40002EFD).


System errors:
=============
Error: (12/24/2014 08:48:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (12/24/2014 08:48:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (12/21/2014 10:55:24 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (12/21/2014 10:55:24 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (12/21/2014 10:55:24 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (12/21/2014 00:35:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst sftvsa erreicht.

Error: (12/17/2014 07:38:36 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (12/17/2014 07:38:36 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (12/17/2014 07:37:14 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (12/16/2014 04:27:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053


Microsoft Office Sessions:
=========================
Error: (12/24/2014 02:15:24 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Fehler bei der Registrierung des Click-2-Run-Pakets.

Error: (12/24/2014 02:15:24 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=F34}
hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.7140.5002.sft2460420A-40002EFD2460420A-40002EFD

Error: (12/24/2014 02:14:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 08:50:01 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Fehler bei der Registrierung des Click-2-Run-Pakets.

Error: (12/24/2014 08:50:01 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=C54}
hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.7140.5002.sft2460420A-40002EFD2460420A-40002EFD

Error: (12/24/2014 08:48:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/24/2014 00:24:18 AM) (Source: MsiInstaller) (EventID: 11719) (User: reifertlutzpc)
Description: Product: Community Smartbar -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/24/2014 00:24:18 AM) (Source: MsiInstaller) (EventID: 11719) (User: reifertlutzpc)
Description: Product: Community Smartbar -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2014 07:20:35 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Fehler bei der Registrierung des Click-2-Run-Pakets.

Error: (12/22/2014 07:20:35 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=10C8}
hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.7140.5002.sft2460420A-40002EFD2460420A-40002EFD


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 390 @ 2.67GHz
Percentage of memory in use: 41%
Total physical RAM: 3764.86 MB
Available physical RAM: 2213.13 MB
Total Pagefile: 7527.9 MB
Available Pagefile: 5171.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:385.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DB3BF565)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-24 18:23:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\REIFER~1\AppData\Local\Temp\kxriipog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                    fffff80002ff5000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545                                                                                    fffff80002ff5011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000076761465 2 bytes [76, 76]
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000767614bb 2 bytes [76, 76]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2240] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                          0000000076761465 2 bytes [76, 76]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2240] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                          00000000767614bb 2 bytes [76, 76]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000076761465 2 bytes [76, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000767614bb 2 bytes [76, 76]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[4040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000076761465 2 bytes [76, 76]
.text    C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe[4040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        00000000767614bb 2 bytes [76, 76]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000076761465 2 bytes [76, 76]
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000767614bb 2 bytes [76, 76]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      0000000076761465 2 bytes [76, 76]
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000767614bb 2 bytes [76, 76]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4428] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                            0000000076761465 2 bytes [76, 76]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4428] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                          00000000767614bb 2 bytes [76, 76]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000076761465 2 bytes [76, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000767614bb 2 bytes [76, 76]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000076761465 2 bytes [76, 76]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000767614bb 2 bytes [76, 76]
.text    ...                                                                                                                                                    * 2

---- EOF - GMER 2.1 ----
Ich hoffe, das ist nun alles richtig so.

schrauber 24.12.2014 19:57
hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    fourutility

    LowPricesApp

    LPT System Updater Service

    Yahoo Community Smartbar



  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Dan512 25.12.2014 14:05
Programme ausgeführt
 
Hallo,
vielen Dank für die Hilfe!!

Ich habe also zunächst den Revo Unistaller ausgeführt.

Dabei kam beim Entfernen von fourutility folgende Fehlermeldung:
Problem beim Starten von C:\PROGRA~Z\KNOCKO~1\BUYING~1.DLL
Das angegebene Modul wurde nicht gefunden

Bei LowPricesApp kam die Meldung, dass zwei Dateien nicht gelöscht werden konnten.

LPT System Updater Service und die Yahoo Community Smartbar tauchten nicht auf bei den Programmen, damit konnte ich den Prozess also nicht durchführen.

Anschließend habe ich den Scan mit Combofix durchgeführt. (ich glaube dabei wurde die LowPrices App dann aber endgültig beseitigt) Dabei verlief alles reibungslos. Hier ist das Log File.

Code:
ComboFix 14-12-23.01 - reifertlutz 25.12.2014  11:55:54.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3765.2431 [GMT 1:00]
ausgeführt von:: c:\users\reifertlutz\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\couponpeak
c:\programdata\couponpeak\GjVEn08npnXlKh.dat
c:\programdata\couponpeak\GjVEn08npnXlKh.dll
c:\programdata\couponpeak\GjVEn08npnXlKh.tlb
c:\programdata\couponpeak\GjVEn08npnXlKh.x64.dll
c:\programdata\GetDiscountApp
c:\programdata\GetDiscountApp\GetDiscountApp.exe
c:\programdata\LowPricesApp
c:\programdata\LowPricesApp\LowPricesApp.exe
c:\programdata\ShopperMaster
c:\programdata\ShopperMaster\TaoMOu7rIlcrtR.dat
c:\programdata\ShopperMaster\TaoMOu7rIlcrtR.dll
c:\programdata\ShopperMaster\TaoMOu7rIlcrtR.tlb
c:\programdata\ShopperMaster\TaoMOu7rIlcrtR.x64.dll
c:\users\REIFER~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\reifertlutz\4.0
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\agfjdflmdlnffhlfmjdpbcoccaeamikk
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\agfjdflmdlnffhlfmjdpbcoccaeamikk\120\background.html
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\agfjdflmdlnffhlfmjdpbcoccaeamikk\120\content.js
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\agfjdflmdlnffhlfmjdpbcoccaeamikk\120\hs.js
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\agfjdflmdlnffhlfmjdpbcoccaeamikk\120\lsdb.js
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\agfjdflmdlnffhlfmjdpbcoccaeamikk\120\manifest.json
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjceekmpapinmdhfghihaeikdmbdnipm
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjceekmpapinmdhfghihaeikdmbdnipm\150\background.html
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjceekmpapinmdhfghihaeikdmbdnipm\150\content.js
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjceekmpapinmdhfghihaeikdmbdnipm\150\lsdb.js
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjceekmpapinmdhfghihaeikdmbdnipm\150\manifest.json
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjceekmpapinmdhfghihaeikdmbdnipm\150\PXSrR.js
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfgpollmkoiapcljppikcfofdmnmmdfb
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfgpollmkoiapcljppikcfofdmnmmdfb\3.95\background.html
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfgpollmkoiapcljppikcfofdmnmmdfb\3.95\content.js
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfgpollmkoiapcljppikcfofdmnmmdfb\3.95\lsdb.js
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfgpollmkoiapcljppikcfofdmnmmdfb\3.95\manifest.json
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfgpollmkoiapcljppikcfofdmnmmdfb\3.95\tdWs8hi.js
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooajenhhhbdbcolenhmmkgmkcocfdahd
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooajenhhhbdbcolenhmmkgmkcocfdahd\158\background.html
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooajenhhhbdbcolenhmmkgmkcocfdahd\158\Bbs2G.js
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooajenhhhbdbcolenhmmkgmkcocfdahd\158\content.js
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooajenhhhbdbcolenhmmkgmkcocfdahd\158\lsdb.js
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooajenhhhbdbcolenhmmkgmkcocfdahd\158\manifest.json
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokekecininnhejfkgcbnekjddnepope
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokekecininnhejfkgcbnekjddnepope\212\background.html
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokekecininnhejfkgcbnekjddnepope\212\content.js
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokekecininnhejfkgcbnekjddnepope\212\lsdb.js
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokekecininnhejfkgcbnekjddnepope\212\manifest.json
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokekecininnhejfkgcbnekjddnepope\212\SBrWWIQ.js
c:\users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\reifertlutz\AppData\Local\nsd4B28.tmp
c:\users\reifertlutz\AppData\Local\nsd8CA8.tmp
c:\users\reifertlutz\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\reifertlutz\AppData\Roaming\AnyProtectEx
c:\users\reifertlutz\AppData\Roaming\AnyProtectEx\installer\ab.test.json
c:\users\reifertlutz\AppData\Roaming\AnyProtectEx\installer\tempfile.t
c:\users\reifertlutz\AppData\Roaming\AnyProtectEx\language\de.xml
c:\users\reifertlutz\AppData\Roaming\AnyProtectEx\language\en.xml
c:\users\reifertlutz\AppData\Roaming\AnyProtectEx\language\fr.xml
c:\users\reifertlutz\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.quick.results
c:\users\reifertlutz\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.results
c:\users\reifertlutz\AppData\Roaming\AnyProtectEx\swf\mov01.swf
c:\users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default\searchplugins\trovi-search.xml
c:\users\reifertlutz\Documents\~WRL2648.tmp
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-11-25 bis 2014-12-25  ))))))))))))))))))))))))))))))
.
.
2014-12-25 09:45 . 2014-12-25 09:45        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-12-24 16:01 . 2014-12-24 16:03        --------        d-----w-        C:\FRST
2014-12-23 23:22 . 2014-12-23 23:22        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2014-12-19 19:06 . 2014-12-13 05:09        144384        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-19 19:06 . 2014-12-13 03:33        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-12-13 12:19 . 2014-12-13 12:19        --------        d-----w-        c:\windows\system32\appraiser
2014-12-12 11:18 . 2014-10-18 01:33        3209728        ----a-w-        c:\windows\SysWow64\mf.dll
2014-12-12 11:18 . 2014-07-07 02:06        206848        ----a-w-        c:\windows\system32\mfps.dll
2014-12-12 11:18 . 2014-07-07 02:06        55808        ----a-w-        c:\windows\system32\rrinstaller.exe
2014-12-12 11:18 . 2014-07-07 02:06        24576        ----a-w-        c:\windows\system32\mfpmp.exe
2014-12-12 11:18 . 2014-07-07 02:02        2048        ----a-w-        c:\windows\system32\mferror.dll
2014-12-12 11:18 . 2014-07-07 01:40        103424        ----a-w-        c:\windows\SysWow64\mfps.dll
2014-12-12 11:18 . 2014-07-07 01:39        50176        ----a-w-        c:\windows\SysWow64\rrinstaller.exe
2014-12-12 11:18 . 2014-07-07 01:39        23040        ----a-w-        c:\windows\SysWow64\mfpmp.exe
2014-12-12 11:18 . 2014-07-07 01:37        2048        ----a-w-        c:\windows\SysWow64\mferror.dll
2014-12-12 11:18 . 2014-10-18 02:05        4121600        ----a-w-        c:\windows\system32\mf.dll
2014-12-11 06:59 . 2014-11-27 01:43        813744        ----a-w-        c:\program files\Internet Explorer\iexplore.exe
2014-12-11 06:58 . 2014-10-30 02:03        165888        ----a-w-        c:\windows\system32\charmap.exe
2014-12-08 13:57 . 2014-12-08 13:57        --------        d-----w-        c:\program files (x86)\Common Files\Java
2014-12-08 11:12 . 2014-12-25 10:13        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2014-12-08 11:12 . 2014-12-25 10:14        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy 2
2014-12-08 10:39 . 2014-12-08 10:39        --------        d-----w-        c:\program files (x86)\predm
2014-11-30 18:41 . 2014-12-08 11:08        --------        d-----w-        c:\program files (x86)\KnockOffCoupons
2014-11-30 10:00 . 2014-10-27 11:10        20248        ----a-w-        c:\windows\system32\roboot64.exe
2014-11-30 10:00 . 2014-12-08 10:41        --------        d-----w-        c:\users\reifertlutz\AppData\Roaming\systweak
2014-11-30 09:56 . 2014-11-30 09:56        --------        d-----w-        c:\users\reifertlutz\AppData\Roaming\WSE_Vosteran
2014-11-30 08:57 . 2014-11-30 08:57        --------        d-sh--w-        c:\users\reifertlutz\AppData\Local\EmieUserList
2014-11-30 08:57 . 2014-11-30 08:57        --------        d-sh--w-        c:\users\reifertlutz\AppData\Local\EmieSiteList
2014-11-30 08:57 . 2014-11-30 08:57        --------        d-sh--w-        c:\users\reifertlutz\AppData\Local\EmieBrowserModeList
2014-11-30 08:31 . 2014-11-30 08:31        --------        d-----w-        c:\users\reifertlutz\AppData\Roaming\QuickScan
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-22 22:35 . 2014-03-19 21:28        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-22 22:28 . 2012-03-20 15:22        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-22 22:28 . 2012-03-20 15:22        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-12 11:19 . 2012-09-21 19:32        112710672        ----a-w-        c:\windows\system32\MRT.exe
2014-11-11 03:08 . 2014-11-18 21:13        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 21:13        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-18 21:13        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 21:13        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-10-25 01:57 . 2014-11-12 22:40        77824        ----a-w-        c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 22:40        67584        ----a-w-        c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 22:40        861696        ----a-w-        c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 22:40        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll
2014-10-14 15:25 . 2013-05-06 09:55        43064        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-10-14 15:25 . 2013-04-01 19:15        131608        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2014-10-14 15:25 . 2013-04-01 19:15        119272        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-10-14 02:16 . 2014-11-12 22:42        155064        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 22:42        683520        ----a-w-        c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 22:40        3241984        ----a-w-        c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 22:42        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 22:41        146432        ----a-w-        c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 22:42        681984        ----a-w-        c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 22:41        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 22:40        2363904        ----a-w-        c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 22:41        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 22:41        146432        ----a-w-        c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 22:42        681984        ----a-w-        c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-12 22:40        3198976        ----a-w-        c:\windows\system32\win32k.sys
2014-10-03 02:12 . 2014-11-12 22:41        500224        ----a-w-        c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-12 22:41        284672        ----a-w-        c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-12 22:41        680960        ----a-w-        c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-12 22:41        440832        ----a-w-        c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-12 22:41        296448        ----a-w-        c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-12 22:41        442880        ----a-w-        c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 22:41        374784        ----a-w-        c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 22:41        195584        ----a-w-        c:\windows\SysWow64\AudioSes.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2013-01-07 451656]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Omnipage"="c:\program files (x86)\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-10-22 124208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 LPTSystemUpdater;LPT System Updater Service;c:\program files (x86)\LPT\srpts.exe;c:\program files (x86)\LPT\srpts.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-20 22:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-15 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-15 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2012-02-07 1829768]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2Es2GWEDmmh7BWRyM-znw,,&q={searchTerms}
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default\
FF - prefs.js: browser.search.selectedEngine - Trovi search
FF - prefs.js: browser.startup.homepage - google.de
FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_status - inactive|||8641417345020854
FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_inactive_by_user - true|||8641417345020854
FF - user.js: extensions.irspeeddial.aflt - fxtb103
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 355155331
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0EzytAtCzzyD0FyCzztN0D0Tzu0StCtDyCyEtN1L2XzutBtFtBtCtFtCyEtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyBtC0B0DtBtD0AtBtG0B0DyEtAtG0EyCtB0EtGyEtDyB0CtGtCtB0DtAtAtAyBzyyDzz0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyE0DtDzyyEyC0BtGtCyB0F0DtG0Bzz0CtAtG0EtA0C0DtGyCzytB0DtAtCtAtC0FtC0AyB2Q
FF - user.js: extensions.srchvstrn.hmpg - true
FF - user.js: extensions.srchvstrn.hmpgUrl - hxxp://Vosteran.com/?f=1&a=vst_cmi_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0EzytAtCzzyD0FyCzztN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyB0DyC0A0CtDtCtAtGtA0DyB0FtGzytB0A0FtGyBtC0FyBtGtB0F0BtCyD0DtBtC0ByBtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzztD0C0CtAzytG0DtA0EtCtGyEtD0D0EtGzzyByCyDtGyC0DtCyEtCzz0EtA0ByB0F0B2Q&cr=593722260&ir=
FF - user.js: extensions.srchvstrn.dfltSrch - true
FF - user.js: extensions.srchvstrn.srchPrvdr - Vosteran
FF - user.js: extensions.srchvstrn.dnsErr - true
FF - user.js: extensions.srchvstrn_i.newTab - true
FF - user.js: extensions.srchvstrn.newTabUrl - hxxp://Vosteran.com/?f=2&a=vst_cmi_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0EzytAtCzzyD0FyCzztN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyB0DyC0A0CtDtCtAtGtA0DyB0FtGzytB0A0FtGyBtC0FyBtGtB0F0BtCyD0DtBtC0ByBtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzztD0C0CtAzytG0DtA0EtCtGyEtD0D0EtGzzyByCyDtGyC0DtCyEtCzz0EtA0ByB0F0B2Q&cr=593722260&ir=
FF - user.js: extensions.srchvstrn.tlbrSrchUrl - hxxp://Vosteran.com/?f=3&a=vst_cmi_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0EzytAtCzzyD0FyCzztN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyB0DyC0A0CtDtCtAtGtA0DyB0FtGzytB0A0FtGyBtC0FyBtGtB0F0BtCyD0DtBtC0ByBtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzztD0C0CtAzytG0DtA0EtCtGyEtD0D0EtGzzyByCyDtGyC0DtCyEtCzz0EtA0ByB0F0B2Q&cr=593722260&ir=&q=
FF - user.js: extensions.srchvstrn.id - E840F2EE93185F68
FF - user.js: extensions.srchvstrn.instlDay - 16404
FF - user.js: extensions.srchvstrn.vrsn -
FF - user.js: extensions.srchvstrn.vrsni -
FF - user.js: extensions.srchvstrn_i.vrsnTs - 10:56
FF - user.js: extensions.srchvstrn.prtnrId - WSE_Vosteran
FF - user.js: extensions.srchvstrn.prdct - srchvstrn
FF - user.js: extensions.srchvstrn.aflt - vst_cmi_14_48_ff
FF - user.js: extensions.srchvstrn_i.smplGrp - none
FF - user.js: extensions.srchvstrn.tlbrId -
FF - user.js: extensions.srchvstrn.instlRef - 142905_d
FF - user.js: extensions.srchvstrn.dfltLng -
FF - user.js: extensions.srchvstrn.appId - {4CB3598A-82E8-4D1F-983F-061238AE696E}
FF - user.js: extensions.srchvstrn.excTlbr - false
FF - user.js: extensions.srchvstrn.cr - 593722260
FF - user.js: extensions.srchvstrn.cd - 2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0EzytAtCzzyD0FyCzztN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyB0DyC0A0CtDtCtAtGtA0DyB0FtGzytB0A0FtGyBtC0FyBtGtB0F0BtCyD0DtBtC0ByBtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzztD0C0CtAzytG0DtA0EtCtGyEtD0D0EtGzzyByCyDtGyC0DtCyEtCzz0EtA0ByB0F0B2Q
FF - user.js: extensions.srchvstrn.AL - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Registry Helper - c:\program files (x86)\Registry Helper\RegistryHelper.Exe
Wow6432Node-HKLM-Run-gmsd_de_5 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{09927aae-8774-4c72-9dbc-b19f4a38acbb} - c:\programdata\ShopperMaster\TaoMOu7rIlcrtR.x64.dll
BHO-{60cb15be-fce5-4a1e-9e14-1cc0c1d0e0ec} - c:\programdata\couponpeak\GjVEn08npnXlKh.x64.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-I - Cinema - c:\program files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-12-25  12:20:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-12-25 11:19
.
Vor Suchlauf: 12 Verzeichnis(se), 415.599.783.936 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 414.968.311.808 Bytes frei
.
- - End Of File - - FAAA9AA37061F13DA960B2D0CC5E12CE

schrauber 26.12.2014 09:02
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Dan512 28.12.2014 15:37
weitere Protokolle
 
Hallo Schrauber,

hier kommen die neuen Logfiles:

mbam:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 27.12.2014
Suchlauf-Zeit: 12:26:13
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.27.04
Rootkit Datenbank: v2014.12.23.02
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: reifertlutz

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 385524
Verstrichene Zeit: 23 Min, 55 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 29
PUP.Optional.Snapdo.T, HKU\S-1-5-21-1723013525-2470266197-251947448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Löschen bei Neustart, [aa261e493a42ba7c4f78b660946f3fc1],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-1723013525-2470266197-251947448-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [aa261e493a42ba7c4f78b660946f3fc1],
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [aa261e493a42ba7c4f78b660946f3fc1],
PUP.Optional.Linkury.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LPTSystemUpdater, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\IB Updater, In Quarantäne, [40906700c8b437ff5c1bb6d7f50e09f7],
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, In Quarantäne, [418fdb8c8eee7bbbe5918c01a261c63a],
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, In Quarantäne, [f7d9d88f81fb11251fd3392452b18977],
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\GAMESDESKTOP, In Quarantäne, [f9d7bbacaecedf57a9291d418281a45c],
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\IB Updater, In Quarantäne, [20b04225b8c46fc7e6910c81b94a916f],
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, In Quarantäne, [349cc3a4c2ba092db9bdddb0b152da26],
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, In Quarantäne, [dcf4f86f661659dd1dd59fbee1224eb2],
PUP.Optional.Linkury.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}, In Quarantäne, [f2de9ccbed8f54e2c30d75113cc7847c],
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [5b754027b2ca5ed8bb05b1c9ac57d22e],
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, Löschen bei Neustart, [a42c8bdcec902e08406c922aa26202fe],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1723013525-2470266197-251947448-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, In Quarantäne, [dcf4472090ece0561be8f867659e0af6],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-1723013525-2470266197-251947448-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, In Quarantäne, [ac24a8bfe5979d9977529840877d3cc4],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-1723013525-2470266197-251947448-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, In Quarantäne, [eee2d196106c48eedc17c19cf70c43bd],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1723013525-2470266197-251947448-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [aa26e1865923d46212870e91ad560bf5],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1723013525-2470266197-251947448-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [5a76b2b586f681b5c6eee4d126deed13],
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-1723013525-2470266197-251947448-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [d3fd92d50d6ff640932cc3b7e71ca25e],
PUP.Optional.ShopperMaster.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{09927aae-8774-4c72-9dbc-b19f4a38acbb}, In Quarantäne, [a12f81e692ea0135b4204f352fd69a66],
PUP.Optional.ShopperMaster.A, HKLM\SOFTWARE\CLASSES\CLSID\{09927AAE-8774-4C72-9DBC-B19F4A38ACBB}, In Quarantäne, [a12f81e692ea0135b4204f352fd69a66],
PUP.Optional.ShopperMaster.A, HKLM\SOFTWARE\CLASSES\., In Quarantäne, [a12f81e692ea0135b4204f352fd69a66],
PUP.Optional.ShopperMaster.A, HKLM\SOFTWARE\CLASSES\..9, In Quarantäne, [a12f81e692ea0135b4204f352fd69a66],
PUP.Optional.ShopperMaster.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\., In Quarantäne, [a12f81e692ea0135b4204f352fd69a66],
PUP.Optional.ShopperMaster.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\..9, In Quarantäne, [a12f81e692ea0135b4204f352fd69a66],
PUP.Optional.ShopperMaster.A, HKU\S-1-5-21-1723013525-2470266197-251947448-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{09927AAE-8774-4C72-9DBC-B19F4A38ACBB}, In Quarantäne, [a12f81e692ea0135b4204f352fd69a66],
PUP.Optional.ShopperMaster.A, HKU\S-1-5-21-1723013525-2470266197-251947448-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{09927AAE-8774-4C72-9DBC-B19F4A38ACBB}, In Quarantäne, [a12f81e692ea0135b4204f352fd69a66],
PUP.Optional.ShopperMaster.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{09927AAE-8774-4C72-9DBC-B19F4A38ACBB}, In Quarantäne, [a12f81e692ea0135b4204f352fd69a66],

Registrierungswerte: 10
PUP.Optional.StartPage.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, In Quarantäne, [834da5c2017b59ddadcd35a4d32fde22],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, In Quarantäne, [834da5c2017b59ddadcd35a4d32fde22]
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, In Quarantäne, [834da5c2017b59ddadcd35a4d32fde22]
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, In Quarantäne, [f3dd0d5a6f0dda5cef8be2f76a988977],
PUP.Optional.Incredibar, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}, C:\Program Files\IB Updater\Firefox, In Quarantäne, [c010452276061521eb23249d7d87a957]
PUP.Optional.Incredibar, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}, C:\Program Files\IB Updater\Firefox, In Quarantäne, [9f313730007c360039d5b20f56aeb64a]
PUP.Optional.Linkury.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LPTSYSTEMUPDATER|ImagePath, "C:\Program Files (x86)\LPT\srpts.exe", In Quarantäne, [9e32fc6bf9830d296087cecb20e354ac]
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, Löschen bei Neustart, [a42c8bdcec902e08406c922aa26202fe]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-1723013525-2470266197-251947448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Löschen bei Neustart, [bb1567002e4ef83e1791a6d2887b857b]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1723013525-2470266197-251947448-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X1L1C1C1J2Z, In Quarantäne, [5a76b2b586f681b5c6eee4d126deed13]

Registrierungsdaten: 10
PUP.Optional.HelperBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2EqdGVodG4L_T5f0yJbcw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2EqdGVodG4L_T5f0yJbcw,,&q={searchTerms}),Ersetzt,[943c79ee1963c076c4dc98dc31d4d42c]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1723013525-2470266197-251947448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2EqdGVodG4L_T5f0yJbcw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2EqdGVodG4L_T5f0yJbcw,,&q={searchTerms}),Löschen bei Neustart,[8749580f7a02231340633e36e71e09f7]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1723013525-2470266197-251947448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDMGQWKF413qRRwzPQdBHfLzh0wK3nA05uHYVIT1oxO7YvU9twQ36bj4bnlb7TmeHsEz1f7jtZc87nomGBBuHJ-zEqjzdWo5tF3Lw,,, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDMGQWKF413qRRwzPQdBHfLzh0wK3nA05uHYVIT1oxO7YvU9twQ36bj4bnlb7TmeHsEz1f7jtZc87nomGBBuHJ-zEqjzdWo5tF3Lw,,),Löschen bei Neustart,[3898382fbdbff83e2f7580f4e0257a86]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1723013525-2470266197-251947448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2EqdGVodG4L_T5f0yJbcw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2EqdGVodG4L_T5f0yJbcw,,&q={searchTerms}),Löschen bei Neustart,[88489ccbdf9d191df6acd59f3ec7ca36]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1723013525-2470266197-251947448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2EqdGVodG4L_T5f0yJbcw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2EqdGVodG4L_T5f0yJbcw,,&q={searchTerms}),Löschen bei Neustart,[b31d4c1b0c7087af01a4452f699cc13f]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1723013525-2470266197-251947448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2EqdGVodG4L_T5f0yJbcw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2EqdGVodG4L_T5f0yJbcw,,&q={searchTerms}),Löschen bei Neustart,[3997392e89f373c3d0d61b59fa0b60a0]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1723013525-2470266197-251947448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2EqdGVodG4L_T5f0yJbcw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2EqdGVodG4L_T5f0yJbcw,,&q={searchTerms}),Löschen bei Neustart,[a828fb6c3844f6400c95df953acb6f91]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1723013525-2470266197-251947448-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2Es2GWEDmmh7BWRyM-znw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2Es2GWEDmmh7BWRyM-znw,,&q={searchTerms}),Ersetzt,[08c86ef9a0dca78fa8fd5a1af3122cd4]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1723013525-2470266197-251947448-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2Es2GWEDmmh7BWRyM-znw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2Es2GWEDmmh7BWRyM-znw,,&q={searchTerms}),Ersetzt,[319f432496e6af87eeb8bbb9fe0710f0]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1723013525-2470266197-251947448-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2Es2GWEDmmh7BWRyM-znw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjCgjpsNj7HuxTzYIpWC1KF6EjUQgYG0yuDyu9kRPlD_n8GHuuen0HxZaonu-6JmPDAp53fpKruWqCSMk4rB_00V35GbJc9VH0gZNTFkCG3mAMh_7ZYAiywAYYevI0kfb7d-bb-ap9wBaC7o2Es2GWEDmmh7BWRyM-znw,,&q={searchTerms}),Ersetzt,[01cf8ed98def0b2bfaa7740031d45ea2]

Ordner: 10
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Configs, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Resources, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Configs, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Resources, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.GetTheDiscount.A, C:\ProgramData\GetTheDiscount, In Quarantäne, [a62a7cebafcd4de92e9f242c30d322de],
PUP.Optional.Vosteran.A, C:\Users\reifertlutz\AppData\Roaming\WSE_Vosteran, In Quarantäne, [3b9527400e6e7abc9e463f16fa09d42c],
PUP.Optional.Vosteran.A, C:\Users\reifertlutz\AppData\Roaming\WSE_Vosteran\icons_3.6.6.0, In Quarantäne, [3b9527400e6e7abc9e463f16fa09d42c],
PUP.Optional.SmartBar.A, C:\Users\reifertlutz\AppData\LocalLow\Smartbar, In Quarantäne, [418f0f588af2db5b10464511d72c9a66],

Dateien: 108
PUP.Optional.VeriStaff, C:\Program Files (x86)\LPT\LPTInstaller.msi, In Quarantäne, [a03056115a22142263185a03916fb44c],
PUP.Optional.SmartBar, C:\Program Files (x86)\LPT\Smartbar.Monetization.Proxy.ProxyRemover.exe, In Quarantäne, [dcf4e6818cf06accb0c763fa39c7e917],
PUP.Optional.VeriStaff, C:\Program Files (x86)\LPT\srptm.exe, In Quarantäne, [a52b45224834de5887f42439aa56ae52],
PUP.Optional.VeriStaff, C:\Program Files (x86)\LPT\srptsl.exe, In Quarantäne, [8a468fd89fdd59dd1a5eb7a62dd327d9],
PUP.Optional.Solimba, C:\Users\reifertlutz\Documents\WinSCP.exe, In Quarantäne, [f7d9a5c2bebe24128cc7159d936ed52b],
PUP.Optional.VeriStaff, C:\Users\reifertlutz\AppData\Local\LPT\LPTInstaller.msi, In Quarantäne, [765a70f7700c9e98502b69f49b65d927],
PUP.Optional.SmartBar, C:\Users\reifertlutz\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyRemover.exe, In Quarantäne, [ce02ea7d86f63bfbb1c676e719e733cd],
PUP.Optional.VeriStaff, C:\Users\reifertlutz\AppData\Local\LPT\srptm.exe, In Quarantäne, [735d9dcaaecebb7b2952b6a716eab947],
PUP.Optional.VeriStaff, C:\Users\reifertlutz\AppData\Local\LPT\srptsl.exe, In Quarantäne, [fad6d88fe09cb2840b6dc09d16eab749],
PUP.Optional.SnapDo.A, C:\Windows\Installer\315adc1.msi, In Quarantäne, [735d382fbcc0fc3a7faa584b13ee2cd4],
PUP.Optional.VeriStaff, C:\Windows\Installer\315adc7.msi, In Quarantäne, [7d5322456a12270f0b704e0f808002fe],
PUP.Optional.SmartBar, C:\Windows\Installer\MSIF6A8.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [765a05625a22290d9ce185a9926e15eb],
PUP.Optional.WebSearch.A, C:\Users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default\searchplugins\Web Search.xml, In Quarantäne, [3a9690d7691344f28168415418eb04fc],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\PublisherSettings.xml, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Community.CsharpSqlite.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Community.CsharpSqlite.SQLiteClient.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\linmsl.exe, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\linmsl.exe.config, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\lrrot.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\NewConfig.txt, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Newtonsoft.Json.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Proxy.Lib.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\ProxySettings.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Smartbar.Common.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Smartbar.Communication.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Smartbar.Communication.NamedPipe.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Smartbar.Personalization.Common.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\smia.exe, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\smia.exe.config, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\smia64.exe, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\smia64.exe.config, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\sppsm.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\spusm.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\srbs.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\srbu.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\sreu.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\srpdm.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\srprl.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\srpt.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\srptc.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\srptm.exe.config, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\srptsl.exe.config, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\srut.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\UserSettings.xml, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\XMLOperations.xml, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Configs\BrowserSettings.xml, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Configs\LPTMapping.xml, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Configs\Timers.xml, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Resources\crdli.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Resources\crdli64.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Resources\crdlil.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Resources\crdlil64.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Resources\LPT.xml, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Resources\ntdis_32.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Users\reifertlutz\AppData\Local\LPT\Resources\ntdis_64.dll, In Quarantäne, [c40cc7a0611b45f1d90bc4d5c93a6d93],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\PublisherSettings.xml, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Community.CsharpSqlite.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Community.CsharpSqlite.SQLiteClient.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\linmsl.exe, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\linmsl.exe.config, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\lrrot.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\NewConfig.txt, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Newtonsoft.Json.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Proxy.Lib.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\ProxySettings.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Common.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Communication.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Communication.NamedPipe.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Infrastructure.Utilities.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Monetization.Proxy.ProxyService.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Personalization.Common.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\smia.exe, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\smia.exe.config, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\smia64.exe, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\smia64.exe.config, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\sppsm.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\spusm.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srbs.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srbu.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\sreu.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srpdm.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srprl.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srpt.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srptc.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srptm.exe.config, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srpts.exe, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srpts.exe.config, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srptsl.exe.config, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srut.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\UserSettings.xml, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\XMLOperations.xml, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Configs\BrowserSettings.xml, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Configs\LPTMapping.xml, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Configs\Timers.xml, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Resources\crdli.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Resources\crdli64.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Resources\crdliL.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Resources\crdliL64.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Resources\LPT.xml, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Resources\ntdis_32.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\Resources\ntdis_64.dll, In Quarantäne, [567add8afb8149ed09dcdbbe669d57a9],
PUP.Optional.Vosteran.A, C:\Users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default\searchplugins\Vosteran.xml, In Quarantäne, [864a303794e8cb6b3f40e0fe09fbbf41],
PUP.Optional.GetTheDiscount.A, C:\ProgramData\GetTheDiscount\GetTheDiscount.exe, In Quarantäne, [a62a7cebafcd4de92e9f242c30d322de],
PUP.Optional.Trovi, C:\Users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.selectedEngine", "Trovi search");), Ersetzt,[537df473e3992f07cd09dadc6a9bbb45]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
AdwCleaner:
Code:
# AdwCleaner v4.106 - Bericht erstellt am 27/12/2014 um 14:02:55
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : reifertlutz - REIFERTLUTZPC
# Gestartet von : C:\Users\reifertlutz\Desktop\Virenbehandlung\adwcleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\c6fbfe4e18b35a57
Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Users\reifertlutz\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\reifertlutz\Documents\Updater
Ordner Gelöscht : C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Datei Gelöscht : C:\Windows\Reimage.ini
Datei Gelöscht : C:\Windows\SysWOW64\RegistryHelperLM.ocx
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\reifertlutz\AppData\LocalLow\SkwConfig.bin
Datei Gelöscht : C:\Users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default\invalidprefs.js
Datei Gelöscht : C:\Users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default\searchplugins\bingp.xml
Datei Gelöscht : C:\Users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default\user.js

***** [ Tasks ] *****

Task Gelöscht : LaunchSignup
Task Gelöscht : Run_Bobby_Browser

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\reifertlutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\Boost
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\BoBrowser
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Boost
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4E732E5D-E577-451A-9BB1-CBE64A2CBC2F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I - Cinema
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apnwidgets.ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 de)

[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("avira.safe_search.prev_newtab", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Trovi search");
[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("extensions.LCsP37y2Y9eCqtz0.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("extensions.VXby4sCLx1zPWxPY.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("extensions.bxqDK3Nw0aFnhpmK.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"149177818ba28-00688b1dc33dfd-41534136-0-149177818bb2dd\"");
[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.SAUTH_expires_at", "1419803859");
[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"e7b9a4f85e5d7a5e4040b71c95339f08fd259a42\"");
[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.SAUTH_userid", "5646664725");
[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.SAUTH_utoken", "\"f165a2fb9b9dd8c427003d0523603fd79d6ae1a2\"");
[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.install", "1416176924895");
[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_cmi_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0EzytAtCzzyD0FyCzztN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V[...]
[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_cmi_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0EzytAtCzzyD0FyCzztN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD[...]
[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[r8zr0jye.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_cmi_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0EzytAtCzzyD0FyCzztN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytD[...]

-\\ Google Chrome v

[C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0EzytAtCzzyD0FyCzztN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyB0DyC0A0CtDtCtAtGtA0DyB0FtGzytB0A0FtGyBtC0FyBtGtB0F0BtCyD0DtBtC0ByBtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzztD0C0CtAzytG0DtA0EtCtGyEtD0D0EtGzzyByCyDtGyC0DtCyEtCzz0EtA0ByB0F0B2Q&cr=593722260&ir=
[C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0EzytAtCzzyD0FyCzztN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyB0DyC0A0CtDtCtAtGtA0DyB0FtGzytB0A0FtGyBtC0FyBtGtB0F0BtCyD0DtBtC0ByBtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDzztD0C0CtAzytG0DtA0EtCtGyEtD0D0EtGzzyByCyDtGyC0DtCyEtCzz0EtA0ByB0F0B2Q&cr=593722260&ir=
[C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=M1E859DE7-F995-40EE-BB77-6692DDBDBFF1&SearchSource=58&CUI=&UM=6&UP=SPE12761E0-85FC-440B-AFC2-A3044952925B&q={searchTerms}&SSPV=
[C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=M1E859DE7-F995-40EE-BB77-6692DDBDBFF1&SearchSource=58&CUI=&UM=6&UP=SPE12761E0-85FC-440B-AFC2-A3044952925B&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [10780 octets] - [27/12/2014 13:39:52]
AdwCleaner[S0].txt - [10535 octets] - [27/12/2014 14:02:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10596 octets] ##########
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by reifertlutz on 27.12.2014 at 14:14:08,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{0500F527-FC8E-45BF-B6FE-AE2E620312A7}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{07750839-FB2F-4291-AFB5-D9739CFEECEB}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{2BA4E685-BED8-4E1F-9785-71C588FCE751}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{39691AC1-C3E9-4E3C-81E2-FC952461B62B}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{490ECB34-ED0C-49C6-93FB-CD5EC044717E}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{58EAD726-6B78-480D-AF11-E79FEDF8142B}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{5DA03368-DA72-49C0-A4C1-AF90FBC9EA54}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{636E5A9E-AD24-442F-BDC3-8F4BD43189AC}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{63D1F461-FCAF-46B0-BCBB-72A15984B3AB}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{6A687B26-D6EC-401D-A1A0-BC193D267A85}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{6D29067A-3AAD-49A8-ABA5-B70396F48CCF}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{71C6A10E-C28F-44B5-A4BB-430853358BA3}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{81ED2D19-DB5D-473D-A05D-211B6A71F6EA}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{A43E2820-610A-4496-878A-EE7E1ACBDBAA}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{A83C81DF-4EBD-476A-939E-5BC1A07DE207}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{BEE5FBCE-04CA-47C8-A80D-C44AD641E1E3}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{CC9DAACC-5ADA-4DF1-A82B-42F6E2D169B8}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{DF68F5CD-FC4D-48AD-A19A-FA81D07130B5}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{E318CF76-FEC8-4D09-B9CF-7F30864EC35B}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{FD9533C8-2920-45F0-AA6B-0C205B13816C}
Successfully deleted: [Empty Folder] C:\Users\reifertlutz\appdata\local\{FEF4F23E-BAA7-49C1-B339-2E993CD011B0}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\reifertlutz\AppData\Roaming\mozilla\firefox\profiles\r8zr0jye.default\searchplugins\avira-safesearch.xml
Successfully deleted the following from C:\Users\reifertlutz\AppData\Roaming\mozilla\firefox\profiles\r8zr0jye.default\prefs.js

user_pref("avira.safe_search.search_was_active", "false");
Emptied folder: C:\Users\reifertlutz\AppData\Roaming\mozilla\firefox\profiles\r8zr0jye.default\minidumps [300 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.12.2014 at 14:17:59,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Neues FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by reifertlutz (administrator) on REIFERTLUTZPC on 27-12-2014 23:25:30
Running from C:\Users\reifertlutz\Desktop\Virenbehandlung
Loaded Profiles: UpdatusUser & reifertlutz (Available profiles: UpdatusUser & reifertlutz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ScanSoft, Inc) C:\Program Files (x86)\ScanSoft\OmniPageSE\opware32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Omnipage] => C:\Program Files (x86)\ScanSoft\OmniPageSE\opware32.exe [49152 2002-06-03] (ScanSoft, Inc)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [451656 2013-01-07] (TomTom)
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1723013525-2470266197-251947448-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55362;https=127.0.0.1:55362
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1723013525-2470266197-251947448-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: couponpeak -> {60cb15be-fce5-4a1e-9e14-1cc0c1d0e0ec} -> C:\ProgramData\couponpeak\GjVEn08npnXlKh.x64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-08]

Chrome:
=======
CHR Profile: C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-12]
CHR Extension: (Google Drive) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-12]
CHR Extension: (YouTube) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-12]
CHR Extension: (Google Search) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-12]
CHR Extension: (Google Wallet) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-12]
CHR Extension: (Gmail) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-12]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 14:25 - 2014-12-27 14:25 - 01707646 _____ (Thisisu) C:\Windows\JRT64.exe
2014-12-27 14:17 - 2014-12-27 14:17 - 00003500 _____ () C:\Users\reifertlutz\Desktop\JRT.txt
2014-12-27 14:13 - 2014-12-27 14:13 - 00000000 ____D () C:\Windows\ERUNT
2014-12-27 14:11 - 2014-12-27 14:11 - 01707646 _____ (Thisisu) C:\Users\reifertlutz\Desktop\JRT64.exe
2014-12-27 14:02 - 2014-12-27 14:03 - 00010701 _____ () C:\Users\reifertlutz\Desktop\AdwCleaner[S0].txt
2014-12-27 13:39 - 2014-12-27 20:09 - 00000000 ____D () C:\AdwCleaner
2014-12-27 13:26 - 2014-12-27 13:28 - 00031426 _____ () C:\Users\reifertlutz\Desktop\mbam.txt
2014-12-27 12:25 - 2014-12-27 20:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-27 12:25 - 2014-12-27 12:25 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-27 12:25 - 2014-12-27 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-27 12:25 - 2014-12-27 12:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-27 12:25 - 2014-12-27 12:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-27 12:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-27 12:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-27 12:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-27 00:34 - 2014-12-27 00:34 - 00009616 _____ () C:\Users\reifertlutz\Documents\nero.txt
2014-12-26 19:26 - 2014-12-26 21:39 - 00003758 _____ () C:\Windows\System32\Tasks\reifertlutz 12 0
2014-12-26 19:24 - 2014-12-26 19:24 - 00000000 ____D () C:\Users\reifertlutz\AppData\Local\Nero
2014-12-26 15:56 - 2014-12-26 15:56 - 00000000 ____D () C:\Users\reifertlutz\AppData\Local\Nero_AG
2014-12-26 15:56 - 2011-12-01 11:42 - 00072240 _____ (Nero AG) C:\Windows\system32\Drivers\NBVol.sys
2014-12-26 15:56 - 2011-12-01 11:42 - 00015920 _____ (Nero AG) C:\Windows\system32\Drivers\NBVolUp.sys
2014-12-26 15:52 - 2014-12-26 15:52 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 15:52 - 2014-12-26 15:52 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\Nero
2014-12-26 15:32 - 2014-12-26 15:56 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-12-26 15:32 - 2014-12-26 15:42 - 00000000 ____D () C:\ProgramData\Nero
2014-12-26 15:32 - 2014-12-26 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-12-25 14:06 - 2014-12-27 23:25 - 00000000 ____D () C:\Users\reifertlutz\Desktop\Virenbehandlung
2014-12-25 12:20 - 2014-12-25 12:20 - 00031230 _____ () C:\ComboFix.txt
2014-12-25 11:11 - 2014-12-25 12:20 - 00000000 ____D () C:\Qoobox
2014-12-25 11:11 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-25 11:11 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-25 11:11 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-25 11:10 - 2014-12-25 12:16 - 00000000 ____D () C:\Windows\erdnt
2014-12-25 11:08 - 2014-12-25 11:08 - 05603465 ____R (Swearware) C:\Users\reifertlutz\Desktop\ComboFix.exe
2014-12-25 10:45 - 2014-12-25 10:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-24 17:57 - 2014-12-24 17:58 - 00262144 _____ () C:\Windows\Minidump\122414-24304-01.dmp
2014-12-24 17:57 - 2014-12-24 17:57 - 576761415 _____ () C:\Windows\MEMORY.DMP
2014-12-24 17:57 - 2014-12-24 17:57 - 00000000 ____D () C:\Windows\Minidump
2014-12-24 17:01 - 2014-12-27 23:25 - 00000000 ____D () C:\FRST
2014-12-24 16:54 - 2014-12-24 16:54 - 00000000 _____ () C:\Users\reifertlutz\defogger_reenable
2014-12-24 00:22 - 2014-12-24 00:22 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-24 00:22 - 2014-12-24 00:22 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-24 00:22 - 2014-12-24 00:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-23 22:08 - 2014-12-23 22:08 - 00000000 _____ () C:\autoexec.bat
2014-12-23 22:05 - 2014-12-23 22:05 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\reifertlutz\Downloads\sh-remover.exe
2014-12-22 23:36 - 2014-12-22 23:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-19 20:06 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-19 20:06 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-14 13:51 - 2014-12-14 13:51 - 00000162 ____H () C:\Users\reifertlutz\Documents\~$vent hat es mit Unterwegssein zu tun.odt
2014-12-13 13:19 - 2014-12-13 13:19 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 12:18 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 12:18 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-12 12:18 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-12 12:18 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-12 12:18 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-12 12:18 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-12 12:18 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-12 12:18 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-12 12:18 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-12 12:18 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-11 08:00 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 08:00 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 08:00 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 08:00 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 08:00 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 08:00 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 08:00 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 08:00 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 08:00 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 08:00 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 08:00 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 08:00 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 08:00 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 08:00 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 08:00 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 08:00 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 08:00 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 08:00 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 08:00 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 08:00 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 08:00 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 08:00 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 08:00 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 08:00 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 08:00 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 08:00 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 08:00 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 08:00 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 08:00 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 08:00 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 08:00 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 08:00 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 08:00 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 08:00 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 08:00 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 08:00 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 08:00 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 08:00 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 08:00 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 08:00 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 08:00 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 08:00 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 08:00 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 08:00 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 08:00 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 07:59 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 07:59 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 07:59 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 07:59 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 07:59 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 07:59 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 07:59 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 07:59 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 07:59 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 07:59 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 07:59 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 07:59 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 07:59 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 07:59 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 07:59 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 07:59 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 07:59 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 07:59 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 07:59 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 07:59 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 07:58 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 07:58 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 07:58 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 07:58 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 07:58 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 07:58 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 07:58 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 07:58 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 07:58 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 07:58 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 07:58 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 07:58 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 07:58 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 07:58 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 14:57 - 2014-12-08 14:57 - 00000291 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-12-08 14:56 - 2014-12-08 14:56 - 00001425 _____ () C:\Users\reifertlutz\Desktop\Internet Explorer.lnk
2014-12-08 14:31 - 2014-12-24 00:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-08 13:20 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141208-132030.backup
2014-12-08 12:19 - 2014-12-08 12:19 - 00000000 ____D () C:\Users\reifertlutz\Documents\ProcAlyzer Dumps
2014-12-08 12:13 - 2014-12-08 12:13 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-08 12:12 - 2014-12-25 11:14 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-08 12:12 - 2014-12-25 11:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-03 10:00 - 2014-12-03 10:00 - 00011453 _____ () C:\Users\reifertlutz\Documents\Advent hat es mit Unterwegssein zu tun.odt
2014-11-30 19:41 - 2014-12-08 12:08 - 00000000 ____D () C:\Program Files (x86)\KnockOffCoupons
2014-11-30 09:57 - 2014-11-30 09:57 - 00000000 __SHD () C:\Users\reifertlutz\AppData\Local\EmieUserList
2014-11-30 09:57 - 2014-11-30 09:57 - 00000000 __SHD () C:\Users\reifertlutz\AppData\Local\EmieSiteList
2014-11-30 09:57 - 2014-11-30 09:57 - 00000000 __SHD () C:\Users\reifertlutz\AppData\Local\EmieBrowserModeList
2014-11-30 09:31 - 2014-11-30 09:31 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\QuickScan

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 23:20 - 2012-09-19 21:14 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\Skype
2014-12-27 23:20 - 2012-03-20 16:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-27 20:10 - 2012-05-12 01:02 - 01651140 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 14:13 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-27 14:13 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-27 14:04 - 2010-11-21 04:47 - 00269874 _____ () C:\Windows\PFRO.log
2014-12-27 14:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-27 14:04 - 2009-07-14 05:51 - 00091668 _____ () C:\Windows\setupact.log
2014-12-27 14:02 - 2014-10-16 20:59 - 00001043 _____ () C:\Users\reifertlutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-12-27 12:56 - 2012-03-20 16:08 - 00000000 ____D () C:\Windows\es
2014-12-27 12:55 - 2012-09-11 16:03 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\SoftGrid Client
2014-12-27 12:14 - 2012-05-12 10:49 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-12-27 12:14 - 2012-05-12 10:49 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-12-27 12:14 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-26 15:46 - 2014-08-14 16:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-25 12:20 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-25 12:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-25 12:03 - 2012-09-09 13:30 - 00000000 ____D () C:\Users\reifertlutz
2014-12-23 21:57 - 2014-07-12 06:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-22 23:36 - 2014-03-20 10:49 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-22 23:35 - 2014-11-17 12:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-22 23:35 - 2014-11-17 12:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-22 23:35 - 2014-03-19 22:28 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-22 23:28 - 2014-06-23 20:37 - 00000000 ____D () C:\Users\reifertlutz\AppData\Local\Adobe
2014-12-22 23:28 - 2012-03-20 16:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-22 23:28 - 2012-03-20 16:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-22 23:28 - 2012-03-20 16:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-22 19:21 - 2014-09-22 07:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-22 19:21 - 2012-03-20 15:51 - 00000000 ____D () C:\ProgramData\Skype
2014-12-22 19:18 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-21 19:41 - 2012-12-09 12:17 - 00000000 ____D () C:\Users\reifertlutz\Documents\Meine PSP-Dateien
2014-12-16 17:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 13:29 - 2012-03-20 16:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-13 13:19 - 2014-05-07 05:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-13 13:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-13 13:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 12:24 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 12:19 - 2012-09-21 20:32 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-08 14:57 - 2014-03-19 22:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-08 14:30 - 2014-07-12 08:05 - 00000600 _____ () C:\Users\reifertlutz\AppData\Roaming\winscp.rnd

Some content of TEMP:
====================
C:\Users\reifertlutz\AppData\Local\Temp\AskSLib.dll
C:\Users\reifertlutz\AppData\Local\Temp\avgnt.exe
C:\Users\reifertlutz\AppData\Local\Temp\Quarantine.exe
C:\Users\reifertlutz\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 11:45

==================== End Of Log ============================
--- --- ---

schrauber 28.12.2014 19:37

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Dan512 30.12.2014 14:36
Neue Protokolle
 
Hallo Schrauber,
vielen Dank für Deine Anleitungen! Hier kommen wieder neue Logfiles:

ESET:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 30.12.2014
Suchlauf-Zeit: 04:59:59
Logdatei: Verlaufsprotokoll Eset.txt
Administrator: Ja

Version: 0.00.0.0000
Malware Datenbank: v2014.12.30.02
Rootkit Datenbank: v2014.12.29.02
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: reifertlutz

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 385399
Verstrichene Zeit: 6 Std, 57 Min, 8 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Checkup:

Code:
Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71 
 Java 7 Update 9 
  Adobe Flash Player 15.0.0.246 Flash Player out of Date! 
 Adobe Reader 10.1.13 Adobe Reader out of Date! 
 Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by reifertlutz (administrator) on REIFERTLUTZPC on 30-12-2014 07:51:56
Running from C:\Users\reifertlutz\Desktop\Virenbehandlung
Loaded Profiles: UpdatusUser & reifertlutz (Available profiles: UpdatusUser & reifertlutz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ScanSoft, Inc) C:\Program Files (x86)\ScanSoft\OmniPageSE\opware32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\32788R22FWJFW\cmd.3XE
(NirSoft) C:\32788R22FWJFW\NirCmd.3XE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Omnipage] => C:\Program Files (x86)\ScanSoft\OmniPageSE\opware32.exe [49152 2002-06-03] (ScanSoft, Inc)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [451656 2013-01-07] (TomTom)
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1723013525-2470266197-251947448-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55362;https=127.0.0.1:55362
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1723013525-2470266197-251947448-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1723013525-2470266197-251947448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: couponpeak -> {60cb15be-fce5-4a1e-9e14-1cc0c1d0e0ec} -> C:\ProgramData\couponpeak\GjVEn08npnXlKh.x64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-08]

Chrome:
=======
CHR Profile: C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-12]
CHR Extension: (Google Drive) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-12]
CHR Extension: (YouTube) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-12]
CHR Extension: (Google Search) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-12]
CHR Extension: (Google Wallet) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-12]
CHR Extension: (Gmail) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-12]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 07:48 - 2014-12-30 07:50 - 00000000 ___SD () C:\32788R22FWJFW
2014-12-30 07:47 - 2014-12-30 07:47 - 00000987 _____ () C:\Users\reifertlutz\Desktop\checkup.txt
2014-12-30 07:38 - 2014-12-30 07:38 - 00852505 _____ () C:\Users\reifertlutz\Desktop\SecurityCheck.exe
2014-12-30 07:28 - 2014-12-30 07:28 - 00001231 _____ () C:\Verlaufsprotokoll Eset.txt
2014-12-29 21:28 - 2014-12-29 21:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-29 21:23 - 2014-12-29 21:25 - 154051656 _____ () C:\Windows\avira_free_antivirus_de.exe
2014-12-29 21:12 - 2014-12-29 21:12 - 04549888 _____ (Avira Operations & Co. KG) C:\Windows\avira_de_av___ws.exe
2014-12-29 15:15 - 2014-12-29 15:15 - 02347384 _____ (ESET) C:\Windows\esetsmartinstaller_deu.exe
2014-12-27 23:28 - 2014-12-27 23:28 - 00037698 _____ () C:\Users\reifertlutz\Desktop\FRSTEnde.txt
2014-12-27 14:25 - 2014-12-27 14:25 - 01707646 _____ (Thisisu) C:\Windows\JRT64.exe
2014-12-27 14:17 - 2014-12-27 14:17 - 00003500 _____ () C:\Users\reifertlutz\Desktop\JRT.txt
2014-12-27 14:13 - 2014-12-27 14:13 - 00000000 ____D () C:\Windows\ERUNT
2014-12-27 14:11 - 2014-12-27 14:11 - 01707646 _____ (Thisisu) C:\Users\reifertlutz\Desktop\JRT64.exe
2014-12-27 14:02 - 2014-12-27 14:03 - 00010701 _____ () C:\Users\reifertlutz\Desktop\AdwCleaner[S0].txt
2014-12-27 13:39 - 2014-12-27 20:09 - 00000000 ____D () C:\AdwCleaner
2014-12-27 13:26 - 2014-12-27 13:28 - 00031426 _____ () C:\Users\reifertlutz\Desktop\mbam.txt
2014-12-27 12:25 - 2014-12-30 04:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-27 12:25 - 2014-12-27 12:25 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-27 12:25 - 2014-12-27 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-27 12:25 - 2014-12-27 12:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-27 12:25 - 2014-12-27 12:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-27 12:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-27 12:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-27 12:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-27 00:34 - 2014-12-27 00:34 - 00009616 _____ () C:\Users\reifertlutz\Documents\nero.txt
2014-12-26 19:26 - 2014-12-26 21:39 - 00003758 _____ () C:\Windows\System32\Tasks\reifertlutz 12 0
2014-12-26 19:24 - 2014-12-26 19:24 - 00000000 ____D () C:\Users\reifertlutz\AppData\Local\Nero
2014-12-26 15:56 - 2014-12-26 15:56 - 00000000 ____D () C:\Users\reifertlutz\AppData\Local\Nero_AG
2014-12-26 15:56 - 2011-12-01 11:42 - 00072240 _____ (Nero AG) C:\Windows\system32\Drivers\NBVol.sys
2014-12-26 15:56 - 2011-12-01 11:42 - 00015920 _____ (Nero AG) C:\Windows\system32\Drivers\NBVolUp.sys
2014-12-26 15:52 - 2014-12-26 15:52 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 15:52 - 2014-12-26 15:52 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\Nero
2014-12-26 15:32 - 2014-12-26 15:56 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-12-26 15:32 - 2014-12-26 15:42 - 00000000 ____D () C:\ProgramData\Nero
2014-12-26 15:32 - 2014-12-26 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-12-25 14:06 - 2014-12-30 07:51 - 00000000 ____D () C:\Users\reifertlutz\Desktop\Virenbehandlung
2014-12-25 12:20 - 2014-12-25 12:20 - 00031230 _____ () C:\ComboFix.txt
2014-12-25 11:11 - 2014-12-25 12:20 - 00000000 ____D () C:\Qoobox
2014-12-25 11:11 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-25 11:11 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-25 11:11 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-25 11:10 - 2014-12-25 12:16 - 00000000 ____D () C:\Windows\erdnt
2014-12-25 11:08 - 2014-12-25 11:08 - 05603465 ____R (Swearware) C:\Users\reifertlutz\Desktop\ComboFix.exe
2014-12-25 10:45 - 2014-12-25 10:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-24 17:57 - 2014-12-24 17:58 - 00262144 _____ () C:\Windows\Minidump\122414-24304-01.dmp
2014-12-24 17:57 - 2014-12-24 17:57 - 576761415 _____ () C:\Windows\MEMORY.DMP
2014-12-24 17:57 - 2014-12-24 17:57 - 00000000 ____D () C:\Windows\Minidump
2014-12-24 17:01 - 2014-12-30 07:52 - 00000000 ____D () C:\FRST
2014-12-24 16:54 - 2014-12-24 16:54 - 00000000 _____ () C:\Users\reifertlutz\defogger_reenable
2014-12-24 00:22 - 2014-12-24 00:22 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-24 00:22 - 2014-12-24 00:22 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-24 00:22 - 2014-12-24 00:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-23 22:08 - 2014-12-23 22:08 - 00000000 _____ () C:\autoexec.bat
2014-12-23 22:05 - 2014-12-23 22:05 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\reifertlutz\Downloads\sh-remover.exe
2014-12-22 23:36 - 2014-12-22 23:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-19 20:06 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-19 20:06 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-14 13:51 - 2014-12-14 13:51 - 00000162 ____H () C:\Users\reifertlutz\Documents\~$vent hat es mit Unterwegssein zu tun.odt
2014-12-13 13:19 - 2014-12-13 13:19 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 12:18 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 12:18 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-12 12:18 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-12 12:18 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-12 12:18 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-12 12:18 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-12 12:18 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-12 12:18 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-12 12:18 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-12 12:18 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-11 08:00 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 08:00 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 08:00 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 08:00 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 08:00 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 08:00 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 08:00 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 08:00 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 08:00 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 08:00 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 08:00 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 08:00 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 08:00 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 08:00 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 08:00 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 08:00 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 08:00 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 08:00 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 08:00 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 08:00 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 08:00 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 08:00 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 08:00 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 08:00 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 08:00 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 08:00 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 08:00 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 08:00 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 08:00 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 08:00 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 08:00 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 08:00 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 08:00 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 08:00 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 08:00 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 08:00 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 08:00 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 08:00 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 08:00 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 08:00 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 08:00 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 08:00 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 08:00 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 08:00 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 08:00 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 07:59 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 07:59 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 07:59 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 07:59 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 07:59 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 07:59 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 07:59 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 07:59 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 07:59 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 07:59 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 07:59 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 07:59 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 07:59 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 07:59 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 07:59 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 07:59 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 07:59 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 07:59 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 07:59 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 07:59 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 07:58 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 07:58 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 07:58 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 07:58 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 07:58 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 07:58 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 07:58 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 07:58 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 07:58 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 07:58 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 07:58 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 07:58 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 07:58 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 07:58 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 14:57 - 2014-12-08 14:57 - 00000291 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-12-08 14:56 - 2014-12-08 14:56 - 00001425 _____ () C:\Users\reifertlutz\Desktop\Internet Explorer.lnk
2014-12-08 14:31 - 2014-12-24 00:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-08 13:20 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141208-132030.backup
2014-12-08 12:19 - 2014-12-08 12:19 - 00000000 ____D () C:\Users\reifertlutz\Documents\ProcAlyzer Dumps
2014-12-08 12:13 - 2014-12-08 12:13 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-08 12:12 - 2014-12-25 11:14 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-08 12:12 - 2014-12-25 11:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-03 10:00 - 2014-12-03 10:00 - 00011453 _____ () C:\Users\reifertlutz\Documents\Advent hat es mit Unterwegssein zu tun.odt
2014-11-30 19:41 - 2014-12-08 12:08 - 00000000 ____D () C:\Program Files (x86)\KnockOffCoupons
2014-11-30 09:57 - 2014-11-30 09:57 - 00000000 __SHD () C:\Users\reifertlutz\AppData\Local\EmieUserList
2014-11-30 09:57 - 2014-11-30 09:57 - 00000000 __SHD () C:\Users\reifertlutz\AppData\Local\EmieSiteList
2014-11-30 09:57 - 2014-11-30 09:57 - 00000000 __SHD () C:\Users\reifertlutz\AppData\Local\EmieBrowserModeList
2014-11-30 09:31 - 2014-11-30 09:31 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\QuickScan

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 07:33 - 2012-03-20 16:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-30 07:25 - 2012-09-19 21:14 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\Skype
2014-12-30 07:21 - 2012-05-12 01:02 - 01701038 _____ () C:\Windows\WindowsUpdate.log
2014-12-30 05:11 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-30 05:11 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 21:13 - 2014-08-14 16:17 - 00001101 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-29 21:13 - 2014-08-14 16:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-29 21:13 - 2013-02-23 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-29 21:13 - 2013-02-23 14:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-29 15:14 - 2012-05-12 10:49 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-12-29 15:14 - 2012-05-12 10:49 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-12-29 15:14 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-28 11:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-28 11:23 - 2009-07-14 05:51 - 00091724 _____ () C:\Windows\setupact.log
2014-12-27 14:04 - 2010-11-21 04:47 - 00269874 _____ () C:\Windows\PFRO.log
2014-12-27 14:02 - 2014-10-16 20:59 - 00001043 _____ () C:\Users\reifertlutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-12-27 12:56 - 2012-03-20 16:08 - 00000000 ____D () C:\Windows\es
2014-12-27 12:55 - 2012-09-11 16:03 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\SoftGrid Client
2014-12-25 12:20 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-25 12:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-25 12:03 - 2012-09-09 13:30 - 00000000 ____D () C:\Users\reifertlutz
2014-12-23 21:57 - 2014-07-12 06:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-22 23:36 - 2014-03-20 10:49 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-22 23:35 - 2014-11-17 12:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-22 23:35 - 2014-11-17 12:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-22 23:35 - 2014-03-19 22:28 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-22 23:28 - 2014-06-23 20:37 - 00000000 ____D () C:\Users\reifertlutz\AppData\Local\Adobe
2014-12-22 23:28 - 2012-03-20 16:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-22 23:28 - 2012-03-20 16:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-22 23:28 - 2012-03-20 16:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-22 19:21 - 2014-09-22 07:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-22 19:21 - 2012-03-20 15:51 - 00000000 ____D () C:\ProgramData\Skype
2014-12-22 19:18 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-21 19:41 - 2012-12-09 12:17 - 00000000 ____D () C:\Users\reifertlutz\Documents\Meine PSP-Dateien
2014-12-16 17:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 13:29 - 2012-03-20 16:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-13 13:19 - 2014-05-07 05:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-13 13:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-13 13:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 12:24 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 12:19 - 2012-09-21 20:32 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-08 14:57 - 2014-03-19 22:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-08 14:30 - 2014-07-12 08:05 - 00000600 _____ () C:\Users\reifertlutz\AppData\Roaming\winscp.rnd

Some content of TEMP:
====================
C:\Users\reifertlutz\AppData\Local\Temp\AskSLib.dll
C:\Users\reifertlutz\AppData\Local\Temp\avgnt.exe
C:\Users\reifertlutz\AppData\Local\Temp\Quarantine.exe
C:\Users\reifertlutz\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 11:45

==================== End Of Log ============================
--- --- ---

--- --- ---

Merkliche Probleme gibt es eigentlich nicht mehr bei der Benutzung des Laptops.

schrauber 31.12.2014 14:47
Du hast ein MBAM log gepostet anstatt das ESET Log :)

Dan512 03.01.2015 21:54
ESET logfile
 
Hallo Schrauber,
hier nun hoffentlich das richtige Logfile:

Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a3cd1efe5e118b4a81296671a161adea
# engine=21800
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-03 12:25:45
# local_time=2015-01-03 01:25:45 (+0100, Mitteleurop‰ische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 13676 164840123 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 46643568 171917795 0 0
# scanned=178093
# found=0
# cleaned=0
# scan_time=4841
Meinst Du jetzt ist alles ok mit dem Laptop?

schrauber 04.01.2015 11:09
Flash und Adobe updaten.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55362;https=127.0.0.1:55362
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST Log bitte.

Dan512 11.01.2015 21:29
Weiter geht's mit Logfiles
 
Hallo Schrauber,

weiter geht es. Hoffe, alles ist richtig so.

Fixlist
Code:
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55362;https=127.0.0.1:55362
Emptytemp:
Neues FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015
Ran by reifertlutz (administrator) on REIFERTLUTZPC on 11-01-2015 12:04:00
Running from C:\Users\reifertlutz\Desktop\Virenbehandlung
Loaded Profiles: UpdatusUser & reifertlutz (Available profiles: UpdatusUser & reifertlutz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ScanSoft, Inc) C:\Program Files (x86)\ScanSoft\OmniPageSE\opware32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Omnipage] => C:\Program Files (x86)\ScanSoft\OmniPageSE\opware32.exe [49152 2002-06-03] (ScanSoft, Inc)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [451656 2013-01-07] (TomTom)
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1723013525-2470266197-251947448-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55362;https=127.0.0.1:55362
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1723013525-2470266197-251947448-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: couponpeak -> {60cb15be-fce5-4a1e-9e14-1cc0c1d0e0ec} -> C:\ProgramData\couponpeak\GjVEn08npnXlKh.x64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-08]

Chrome:
=======
CHR Profile: C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-12]
CHR Extension: (Google Drive) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-12]
CHR Extension: (YouTube) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-12]
CHR Extension: (Google Search) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-12]
CHR Extension: (Google Wallet) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-12]
CHR Extension: (Gmail) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-12]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-10] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 12:02 - 2015-01-11 12:02 - 00000569 _____ () C:\Users\reifertlutz\Desktop\Fixlist.txt
2015-01-11 11:42 - 2015-01-11 11:42 - 00002130 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-01-11 11:42 - 2015-01-11 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-01-11 11:42 - 2015-01-11 11:42 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-01-11 11:42 - 2015-01-11 11:42 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-12-30 07:54 - 2014-12-30 07:54 - 00000000 ___SD () C:\ComboFix
2014-12-30 07:38 - 2014-12-30 07:38 - 00852505 _____ () C:\Users\reifertlutz\Desktop\SecurityCheck.exe
2014-12-29 21:28 - 2014-12-29 21:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-29 21:23 - 2014-12-29 21:25 - 154051656 _____ () C:\Windows\avira_free_antivirus_de.exe
2014-12-29 21:12 - 2014-12-29 21:12 - 04549888 _____ (Avira Operations & Co. KG) C:\Windows\avira_de_av___ws.exe
2014-12-29 15:15 - 2015-01-03 11:53 - 02347384 _____ (ESET) C:\Windows\esetsmartinstaller_deu.exe
2014-12-27 14:25 - 2014-12-27 14:25 - 01707646 _____ (Thisisu) C:\Windows\JRT64.exe
2014-12-27 14:13 - 2014-12-27 14:13 - 00000000 ____D () C:\Windows\ERUNT
2014-12-27 14:11 - 2014-12-27 14:11 - 01707646 _____ (Thisisu) C:\Users\reifertlutz\Desktop\JRT64.exe
2014-12-27 13:39 - 2014-12-27 20:09 - 00000000 ____D () C:\AdwCleaner
2014-12-27 12:25 - 2015-01-10 11:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-27 12:25 - 2014-12-27 12:25 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-27 12:25 - 2014-12-27 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-27 12:25 - 2014-12-27 12:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-27 12:25 - 2014-12-27 12:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-27 12:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-27 12:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-27 12:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-27 00:34 - 2014-12-27 00:34 - 00009616 _____ () C:\Users\reifertlutz\Documents\nero.txt
2014-12-26 19:26 - 2014-12-26 21:39 - 00003758 _____ () C:\Windows\System32\Tasks\reifertlutz 12 0
2014-12-26 19:24 - 2014-12-26 19:24 - 00000000 ____D () C:\Users\reifertlutz\AppData\Local\Nero
2014-12-26 15:56 - 2014-12-26 15:56 - 00000000 ____D () C:\Users\reifertlutz\AppData\Local\Nero_AG
2014-12-26 15:56 - 2011-12-01 11:42 - 00072240 _____ (Nero AG) C:\Windows\system32\Drivers\NBVol.sys
2014-12-26 15:56 - 2011-12-01 11:42 - 00015920 _____ (Nero AG) C:\Windows\system32\Drivers\NBVolUp.sys
2014-12-26 15:52 - 2014-12-26 15:52 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 15:52 - 2014-12-26 15:52 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\Nero
2014-12-26 15:32 - 2014-12-26 15:56 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-12-26 15:32 - 2014-12-26 15:42 - 00000000 ____D () C:\ProgramData\Nero
2014-12-26 15:32 - 2014-12-26 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-12-25 14:06 - 2015-01-11 12:04 - 00000000 ____D () C:\Users\reifertlutz\Desktop\Virenbehandlung
2014-12-25 12:20 - 2014-12-25 12:20 - 00031230 _____ () C:\ComboFix.txt
2014-12-25 11:11 - 2014-12-30 07:54 - 00000000 ____D () C:\Qoobox
2014-12-25 11:11 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-25 11:11 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-25 11:11 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-25 11:10 - 2014-12-25 12:16 - 00000000 ____D () C:\Windows\erdnt
2014-12-25 11:08 - 2014-12-25 11:08 - 05603465 ____R (Swearware) C:\Users\reifertlutz\Desktop\ComboFix.exe
2014-12-25 10:45 - 2014-12-25 10:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-24 17:57 - 2014-12-24 17:58 - 00262144 _____ () C:\Windows\Minidump\122414-24304-01.dmp
2014-12-24 17:57 - 2014-12-24 17:57 - 576761415 _____ () C:\Windows\MEMORY.DMP
2014-12-24 17:57 - 2014-12-24 17:57 - 00000000 ____D () C:\Windows\Minidump
2014-12-24 17:01 - 2015-01-11 12:04 - 00000000 ____D () C:\FRST
2014-12-24 16:54 - 2014-12-24 16:54 - 00000000 _____ () C:\Users\reifertlutz\defogger_reenable
2014-12-24 00:22 - 2014-12-24 00:22 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-24 00:22 - 2014-12-24 00:22 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-24 00:22 - 2014-12-24 00:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-23 22:08 - 2014-12-23 22:08 - 00000000 _____ () C:\autoexec.bat
2014-12-23 22:05 - 2014-12-23 22:05 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\reifertlutz\Downloads\sh-remover.exe
2014-12-22 23:36 - 2014-12-22 23:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-19 20:06 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-19 20:06 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-14 13:51 - 2014-12-14 13:51 - 00000162 ____H () C:\Users\reifertlutz\Documents\~$vent hat es mit Unterwegssein zu tun.odt
2014-12-13 13:19 - 2014-12-13 13:19 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 12:18 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 12:18 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-12 12:18 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-12 12:18 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-12 12:18 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-12 12:18 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-12 12:18 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-12 12:18 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-12 12:18 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-12 12:18 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 11:52 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 11:52 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 11:42 - 2012-03-20 16:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-11 11:42 - 2012-03-20 16:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-11 11:42 - 2012-03-20 16:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-11 11:42 - 2012-03-20 16:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 11:41 - 2014-06-23 20:37 - 00000000 ____D () C:\Users\reifertlutz\AppData\Local\Adobe
2015-01-11 11:38 - 2012-09-19 21:14 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\Skype
2015-01-11 10:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-11 10:23 - 2009-07-14 05:51 - 00092855 _____ () C:\Windows\setupact.log
2015-01-11 00:16 - 2012-05-12 01:02 - 01849543 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 20:22 - 2010-11-21 04:47 - 00270408 _____ () C:\Windows\PFRO.log
2015-01-04 11:12 - 2012-09-11 16:03 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\SoftGrid Client
2015-01-04 10:04 - 2012-05-12 10:49 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2015-01-04 10:04 - 2012-05-12 10:49 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2015-01-04 10:04 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-29 21:13 - 2014-08-14 16:17 - 00001101 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-29 21:13 - 2014-08-14 16:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-29 21:13 - 2013-02-23 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-29 21:13 - 2013-02-23 14:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-27 14:02 - 2014-10-16 20:59 - 00001043 _____ () C:\Users\reifertlutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-12-27 12:56 - 2012-03-20 16:08 - 00000000 ____D () C:\Windows\es
2014-12-25 12:20 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-25 12:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-25 12:03 - 2012-09-09 13:30 - 00000000 ____D () C:\Users\reifertlutz
2014-12-25 11:14 - 2014-12-08 12:12 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-25 11:13 - 2014-12-08 12:12 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-24 00:22 - 2014-12-08 14:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-23 21:57 - 2014-07-12 06:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-22 23:36 - 2014-03-20 10:49 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-22 23:35 - 2014-11-17 12:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-22 23:35 - 2014-11-17 12:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-22 23:35 - 2014-03-19 22:28 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-22 19:21 - 2014-09-22 07:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-22 19:21 - 2012-03-20 15:51 - 00000000 ____D () C:\ProgramData\Skype
2014-12-22 19:18 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-21 19:41 - 2012-12-09 12:17 - 00000000 ____D () C:\Users\reifertlutz\Documents\Meine PSP-Dateien
2014-12-16 17:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 13:29 - 2012-03-20 16:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-13 13:19 - 2014-05-07 05:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-13 13:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-13 13:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 12:24 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 12:19 - 2012-09-21 20:32 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\reifertlutz\AppData\Local\Temp\AskSLib.dll
C:\Users\reifertlutz\AppData\Local\Temp\avgnt.exe
C:\Users\reifertlutz\AppData\Local\Temp\Quarantine.exe
C:\Users\reifertlutz\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 11:45

==================== End Of Log ============================
--- --- ---

schrauber 12.01.2015 00:01
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55362;https=127.0.0.1:55362

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



und nochmal ein frisches FRST log bitte.

Dan512 19.01.2015 23:56
Und weiter
 
Ich hoffe, jetzt hat es geklappt. Danke für Deine Ausdauer!

Fixlog

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by reifertlutz (administrator) on REIFERTLUTZPC on 17-01-2015 21:46:18
Running from C:\Users\reifertlutz\Desktop\Virenbehandlung
Loaded Profiles: UpdatusUser & reifertlutz (Available profiles: UpdatusUser & reifertlutz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ScanSoft, Inc) C:\Program Files (x86)\ScanSoft\OmniPageSE\opware32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NANotify.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Omnipage] => C:\Program Files (x86)\ScanSoft\OmniPageSE\opware32.exe [49152 2002-06-03] (ScanSoft, Inc)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [451656 2013-01-07] (TomTom)
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1723013525-2470266197-251947448-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55362;https=127.0.0.1:55362
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1723013525-2470266197-251947448-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: couponpeak -> {60cb15be-fce5-4a1e-9e14-1cc0c1d0e0ec} -> C:\ProgramData\couponpeak\GjVEn08npnXlKh.x64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default
FF Homepage: hxxp://www.sueddeutsche.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-08]

Chrome:
=======
CHR Profile: C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-12]
CHR Extension: (Google Drive) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-12]
CHR Extension: (YouTube) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-12]
CHR Extension: (Google Search) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-12]
CHR Extension: (Google Wallet) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-12]
CHR Extension: (Gmail) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-12]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-10] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 20:04 - 2015-01-16 20:04 - 00000000 _____ () C:\Users\reifertlutz\AppData\Roaming\.NANotifyHere
2015-01-14 12:20 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:20 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:20 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:20 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:20 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:20 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:20 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:20 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:20 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:20 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:20 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:20 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:20 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 12:06 - 2015-01-11 12:06 - 00028722 _____ () C:\Users\reifertlutz\Desktop\FRST elfter erster.txt
2015-01-11 12:02 - 2015-01-17 21:37 - 00000269 _____ () C:\Users\reifertlutz\Desktop\Fixlist.txt
2015-01-11 11:42 - 2015-01-11 11:42 - 00002130 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-01-11 11:42 - 2015-01-11 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-01-11 11:42 - 2015-01-11 11:42 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-01-11 11:42 - 2015-01-11 11:42 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-12-30 07:54 - 2014-12-30 07:54 - 00000000 ___SD () C:\ComboFix
2014-12-30 07:38 - 2014-12-30 07:38 - 00852505 _____ () C:\Users\reifertlutz\Desktop\SecurityCheck.exe
2014-12-29 21:28 - 2014-12-29 21:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-29 21:23 - 2014-12-29 21:25 - 154051656 _____ () C:\Windows\avira_free_antivirus_de.exe
2014-12-29 21:12 - 2014-12-29 21:12 - 04549888 _____ (Avira Operations & Co. KG) C:\Windows\avira_de_av___ws.exe
2014-12-29 15:15 - 2015-01-03 11:53 - 02347384 _____ (ESET) C:\Windows\esetsmartinstaller_deu.exe
2014-12-27 14:25 - 2014-12-27 14:25 - 01707646 _____ (Thisisu) C:\Windows\JRT64.exe
2014-12-27 14:13 - 2014-12-27 14:13 - 00000000 ____D () C:\Windows\ERUNT
2014-12-27 14:11 - 2014-12-27 14:11 - 01707646 _____ (Thisisu) C:\Users\reifertlutz\Desktop\JRT64.exe
2014-12-27 13:39 - 2014-12-27 20:09 - 00000000 ____D () C:\AdwCleaner
2014-12-27 12:25 - 2015-01-10 11:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-27 12:25 - 2014-12-27 12:25 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-27 12:25 - 2014-12-27 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-27 12:25 - 2014-12-27 12:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-27 12:25 - 2014-12-27 12:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-27 12:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-27 12:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-27 12:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-27 00:34 - 2014-12-27 00:34 - 00009616 _____ () C:\Users\reifertlutz\Documents\nero.txt
2014-12-26 19:26 - 2014-12-26 21:39 - 00003758 _____ () C:\Windows\System32\Tasks\reifertlutz 12 0
2014-12-26 19:24 - 2014-12-26 19:24 - 00000000 ____D () C:\Users\reifertlutz\AppData\Local\Nero
2014-12-26 15:56 - 2014-12-26 15:56 - 00000000 ____D () C:\Users\reifertlutz\AppData\Local\Nero_AG
2014-12-26 15:56 - 2011-12-01 11:42 - 00072240 _____ (Nero AG) C:\Windows\system32\Drivers\NBVol.sys
2014-12-26 15:56 - 2011-12-01 11:42 - 00015920 _____ (Nero AG) C:\Windows\system32\Drivers\NBVolUp.sys
2014-12-26 15:52 - 2014-12-26 15:52 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 15:52 - 2014-12-26 15:52 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\Nero
2014-12-26 15:32 - 2014-12-26 15:56 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-12-26 15:32 - 2014-12-26 15:42 - 00000000 ____D () C:\ProgramData\Nero
2014-12-26 15:32 - 2014-12-26 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-12-25 14:06 - 2015-01-17 21:46 - 00000000 ____D () C:\Users\reifertlutz\Desktop\Virenbehandlung
2014-12-25 12:20 - 2014-12-25 12:20 - 00031230 _____ () C:\ComboFix.txt
2014-12-25 11:11 - 2014-12-30 07:54 - 00000000 ____D () C:\Qoobox
2014-12-25 11:11 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-25 11:11 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-25 11:11 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-25 11:10 - 2014-12-25 12:16 - 00000000 ____D () C:\Windows\erdnt
2014-12-25 11:08 - 2014-12-25 11:08 - 05603465 ____R (Swearware) C:\Users\reifertlutz\Desktop\ComboFix.exe
2014-12-25 10:45 - 2014-12-25 10:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-24 17:57 - 2014-12-24 17:58 - 00262144 _____ () C:\Windows\Minidump\122414-24304-01.dmp
2014-12-24 17:57 - 2014-12-24 17:57 - 576761415 _____ () C:\Windows\MEMORY.DMP
2014-12-24 17:57 - 2014-12-24 17:57 - 00000000 ____D () C:\Windows\Minidump
2014-12-24 17:01 - 2015-01-17 21:46 - 00000000 ____D () C:\FRST
2014-12-24 16:54 - 2014-12-24 16:54 - 00000000 _____ () C:\Users\reifertlutz\defogger_reenable
2014-12-24 00:22 - 2014-12-24 00:22 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-24 00:22 - 2014-12-24 00:22 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-24 00:22 - 2014-12-24 00:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-23 22:08 - 2014-12-23 22:08 - 00000000 _____ () C:\autoexec.bat
2014-12-23 22:05 - 2014-12-23 22:05 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\reifertlutz\Downloads\sh-remover.exe
2014-12-22 23:36 - 2014-12-22 23:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-19 20:06 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-19 20:06 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 21:39 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-17 21:39 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-17 21:33 - 2012-03-20 16:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-17 21:31 - 2012-09-19 21:14 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\Skype
2015-01-17 21:31 - 2012-05-12 01:02 - 01366013 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 20:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 20:01 - 2009-07-14 05:51 - 00093135 _____ () C:\Windows\setupact.log
2015-01-14 22:10 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 22:09 - 2012-09-21 20:32 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 13:33 - 2012-03-20 16:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 13:33 - 2012-03-20 16:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 13:33 - 2012-03-20 16:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 12:58 - 2012-05-12 10:49 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2015-01-13 12:58 - 2012-05-12 10:49 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2015-01-13 12:58 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 11:42 - 2014-06-23 20:37 - 00000000 ____D () C:\Users\reifertlutz\AppData\Local\Adobe
2015-01-08 20:22 - 2010-11-21 04:47 - 00270408 _____ () C:\Windows\PFRO.log
2015-01-04 11:12 - 2012-09-11 16:03 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\SoftGrid Client
2014-12-29 21:13 - 2014-08-14 16:17 - 00001101 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-29 21:13 - 2014-08-14 16:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-29 21:13 - 2013-02-23 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-29 21:13 - 2013-02-23 14:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-27 14:02 - 2014-10-16 20:59 - 00001043 _____ () C:\Users\reifertlutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-12-27 12:56 - 2012-03-20 16:08 - 00000000 ____D () C:\Windows\es
2014-12-25 12:20 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-25 12:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-25 12:03 - 2012-09-09 13:30 - 00000000 ____D () C:\Users\reifertlutz
2014-12-25 11:14 - 2014-12-08 12:12 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-25 11:13 - 2014-12-08 12:12 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-24 00:22 - 2014-12-08 14:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-23 21:57 - 2014-07-12 06:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-22 23:36 - 2014-03-20 10:49 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-22 23:35 - 2014-11-17 12:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-22 23:35 - 2014-11-17 12:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-22 23:35 - 2014-03-19 22:28 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-22 19:21 - 2014-09-22 07:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-22 19:21 - 2012-03-20 15:51 - 00000000 ____D () C:\ProgramData\Skype
2014-12-22 19:18 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-21 19:41 - 2012-12-09 12:17 - 00000000 ____D () C:\Users\reifertlutz\Documents\Meine PSP-Dateien

==================== Files in the root of some directories =======
2015-01-16 20:04 - 2015-01-16 20:04 - 0000000 _____ () C:\Users\reifertlutz\AppData\Roaming\.NANotifyHere
2014-07-12 08:05 - 2014-12-08 14:30 - 0000600 _____ () C:\Users\reifertlutz\AppData\Roaming\winscp.rnd
2012-05-12 01:15 - 2012-05-12 01:18 - 0015134 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-09-21 19:50 - 2012-09-21 19:52 - 0000032 _____ () C:\ProgramData\PS.log

Some content of TEMP:
====================
C:\Users\reifertlutz\AppData\Local\Temp\AskSLib.dll
C:\Users\reifertlutz\AppData\Local\Temp\avgnt.exe
C:\Users\reifertlutz\AppData\Local\Temp\Quarantine.exe
C:\Users\reifertlutz\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 18:48

==================== End Of Log ============================
--- --- ---


FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by reifertlutz (administrator) on REIFERTLUTZPC on 19-01-2015 18:51:06
Running from C:\Users\reifertlutz\Desktop\Virenbehandlung
Loaded Profiles: UpdatusUser & reifertlutz (Available profiles: UpdatusUser & reifertlutz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ScanSoft, Inc) C:\Program Files (x86)\ScanSoft\OmniPageSE\opware32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
() C:\Program Files (x86)\Mozilla Firefox\updated\firefox.exe
() C:\Program Files (x86)\Mozilla Firefox\updated\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Omnipage] => C:\Program Files (x86)\ScanSoft\OmniPageSE\opware32.exe [49152 2002-06-03] (ScanSoft, Inc)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [451656 2013-01-07] (TomTom)
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1723013525-2470266197-251947448-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55362;https=127.0.0.1:55362
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1723013525-2470266197-251947448-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: couponpeak -> {60cb15be-fce5-4a1e-9e14-1cc0c1d0e0ec} -> C:\ProgramData\couponpeak\GjVEn08npnXlKh.x64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default
FF Homepage: hxxp://www.sueddeutsche.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-17]
FF HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-12]
CHR Extension: (Google Drive) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-12]
CHR Extension: (YouTube) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-12]
CHR Extension: (Google Search) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-12]
CHR Extension: (Google Wallet) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-12]
CHR Extension: (Gmail) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-12]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-10] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 12:03 - 2015-01-18 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-01-18 12:03 - 2015-01-18 12:03 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-01-17 22:38 - 2015-01-17 22:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-17 22:02 - 2015-01-17 22:02 - 00025997 _____ () C:\Users\reifertlutz\Desktop\Addition 17.1..txt
2015-01-14 12:20 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:20 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:20 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:20 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:20 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:20 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:20 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:20 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:20 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:20 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:20 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:20 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:20 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 12:06 - 2015-01-11 12:06 - 00028722 _____ () C:\Users\reifertlutz\Desktop\FRST elfter erster.txt
2015-01-11 12:02 - 2015-01-17 21:37 - 00000269 _____ () C:\Users\reifertlutz\Desktop\Fixlist.txt
2015-01-11 11:42 - 2015-01-18 12:03 - 00001935 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-01-11 11:42 - 2015-01-18 12:03 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-30 07:54 - 2014-12-30 07:54 - 00000000 ___SD () C:\ComboFix
2014-12-30 07:38 - 2014-12-30 07:38 - 00852505 _____ () C:\Users\reifertlutz\Desktop\SecurityCheck.exe
2014-12-29 21:28 - 2014-12-29 21:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-29 21:23 - 2014-12-29 21:25 - 154051656 _____ () C:\Windows\avira_free_antivirus_de.exe
2014-12-29 21:12 - 2014-12-29 21:12 - 04549888 _____ (Avira Operations & Co. KG) C:\Windows\avira_de_av___ws.exe
2014-12-29 15:15 - 2015-01-03 11:53 - 02347384 _____ (ESET) C:\Windows\esetsmartinstaller_deu.exe
2014-12-27 14:25 - 2014-12-27 14:25 - 01707646 _____ (Thisisu) C:\Windows\JRT64.exe
2014-12-27 14:13 - 2014-12-27 14:13 - 00000000 ____D () C:\Windows\ERUNT
2014-12-27 14:11 - 2014-12-27 14:11 - 01707646 _____ (Thisisu) C:\Users\reifertlutz\Desktop\JRT64.exe
2014-12-27 13:39 - 2014-12-27 20:09 - 00000000 ____D () C:\AdwCleaner
2014-12-27 12:25 - 2015-01-10 11:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-27 12:25 - 2014-12-27 12:25 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-27 12:25 - 2014-12-27 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-27 12:25 - 2014-12-27 12:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-27 12:25 - 2014-12-27 12:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-27 12:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-27 12:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-27 12:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-27 00:34 - 2014-12-27 00:34 - 00009616 _____ () C:\Users\reifertlutz\Documents\nero.txt
2014-12-26 19:26 - 2014-12-26 21:39 - 00003758 _____ () C:\Windows\System32\Tasks\reifertlutz 12 0
2014-12-26 19:24 - 2014-12-26 19:24 - 00000000 ____D () C:\Users\reifertlutz\AppData\Local\Nero
2014-12-26 15:56 - 2014-12-26 15:56 - 00000000 ____D () C:\Users\reifertlutz\AppData\Local\Nero_AG
2014-12-26 15:56 - 2011-12-01 11:42 - 00072240 _____ (Nero AG) C:\Windows\system32\Drivers\NBVol.sys
2014-12-26 15:56 - 2011-12-01 11:42 - 00015920 _____ (Nero AG) C:\Windows\system32\Drivers\NBVolUp.sys
2014-12-26 15:52 - 2014-12-26 15:52 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-26 15:52 - 2014-12-26 15:52 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\Nero
2014-12-26 15:32 - 2014-12-26 15:56 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-12-26 15:32 - 2014-12-26 15:42 - 00000000 ____D () C:\ProgramData\Nero
2014-12-26 15:32 - 2014-12-26 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-12-25 14:06 - 2015-01-19 18:51 - 00000000 ____D () C:\Users\reifertlutz\Desktop\Virenbehandlung
2014-12-25 12:20 - 2014-12-25 12:20 - 00031230 _____ () C:\ComboFix.txt
2014-12-25 11:11 - 2014-12-30 07:54 - 00000000 ____D () C:\Qoobox
2014-12-25 11:11 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-25 11:11 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-25 11:11 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-25 11:11 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-25 11:10 - 2014-12-25 12:16 - 00000000 ____D () C:\Windows\erdnt
2014-12-25 11:08 - 2014-12-25 11:08 - 05603465 ____R (Swearware) C:\Users\reifertlutz\Desktop\ComboFix.exe
2014-12-25 10:45 - 2014-12-25 10:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-24 17:57 - 2014-12-24 17:58 - 00262144 _____ () C:\Windows\Minidump\122414-24304-01.dmp
2014-12-24 17:57 - 2014-12-24 17:57 - 576761415 _____ () C:\Windows\MEMORY.DMP
2014-12-24 17:57 - 2014-12-24 17:57 - 00000000 ____D () C:\Windows\Minidump
2014-12-24 17:01 - 2015-01-19 18:51 - 00000000 ____D () C:\FRST
2014-12-24 16:54 - 2014-12-24 16:54 - 00000000 _____ () C:\Users\reifertlutz\defogger_reenable
2014-12-24 00:22 - 2015-01-19 18:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-24 00:22 - 2014-12-24 00:22 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-24 00:22 - 2014-12-24 00:22 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-23 22:08 - 2014-12-23 22:08 - 00000000 _____ () C:\autoexec.bat
2014-12-23 22:05 - 2014-12-23 22:05 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\reifertlutz\Downloads\sh-remover.exe
2014-12-22 23:36 - 2014-12-22 23:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 18:34 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 18:34 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 18:33 - 2012-09-19 21:14 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\Skype
2015-01-19 18:33 - 2012-03-20 16:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 18:16 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 18:16 - 2009-07-14 05:51 - 00093191 _____ () C:\Windows\setupact.log
2015-01-18 21:54 - 2012-05-12 01:02 - 01410014 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 22:10 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 22:09 - 2012-09-21 20:32 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 13:33 - 2012-03-20 16:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 13:33 - 2012-03-20 16:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 13:33 - 2012-03-20 16:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 12:58 - 2012-05-12 10:49 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2015-01-13 12:58 - 2012-05-12 10:49 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2015-01-13 12:58 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 11:42 - 2014-06-23 20:37 - 00000000 ____D () C:\Users\reifertlutz\AppData\Local\Adobe
2015-01-08 20:22 - 2010-11-21 04:47 - 00270408 _____ () C:\Windows\PFRO.log
2015-01-04 11:12 - 2012-09-11 16:03 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\SoftGrid Client
2014-12-29 21:13 - 2014-08-14 16:17 - 00001101 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-29 21:13 - 2014-08-14 16:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-29 21:13 - 2013-02-23 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-29 21:13 - 2013-02-23 14:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-27 14:02 - 2014-10-16 20:59 - 00001043 _____ () C:\Users\reifertlutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-12-27 12:56 - 2012-03-20 16:08 - 00000000 ____D () C:\Windows\es
2014-12-25 12:20 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-25 12:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-25 12:03 - 2012-09-09 13:30 - 00000000 ____D () C:\Users\reifertlutz
2014-12-25 11:14 - 2014-12-08 12:12 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-25 11:13 - 2014-12-08 12:12 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-23 21:57 - 2014-07-12 06:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-22 23:36 - 2014-03-20 10:49 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-22 23:35 - 2014-11-17 12:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-22 23:35 - 2014-11-17 12:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-22 23:35 - 2014-03-19 22:28 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-22 19:21 - 2014-09-22 07:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-22 19:21 - 2012-03-20 15:51 - 00000000 ____D () C:\ProgramData\Skype
2014-12-22 19:18 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-21 19:41 - 2012-12-09 12:17 - 00000000 ____D () C:\Users\reifertlutz\Documents\Meine PSP-Dateien

==================== Files in the root of some directories =======
2014-07-12 08:05 - 2014-12-08 14:30 - 0000600 _____ () C:\Users\reifertlutz\AppData\Roaming\winscp.rnd
2012-05-12 01:15 - 2012-05-12 01:18 - 0015134 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-09-21 19:50 - 2012-09-21 19:52 - 0000032 _____ () C:\ProgramData\PS.log

Some content of TEMP:
====================
C:\Users\reifertlutz\AppData\Local\Temp\AskSLib.dll
C:\Users\reifertlutz\AppData\Local\Temp\avgnt.exe
C:\Users\reifertlutz\AppData\Local\Temp\Quarantine.exe
C:\Users\reifertlutz\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 18:48

==================== End Of Log ============================
--- --- ---

schrauber 20.01.2015 16:08
Das ganze Spiel noch einmal bitte :)

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55362;https=127.0.0.1:55362
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Dan512 08.02.2015 19:23
neues Fixlog
 
Hallo Schrauber,

hier das neue Fixlog:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by reifertlutz (administrator) on REIFERTLUTZPC on 05-02-2015 21:20:08
Running from C:\Users\reifertlutz\Desktop\Virenbehandlung
Loaded Profiles: UpdatusUser & reifertlutz (Available profiles: UpdatusUser & reifertlutz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ScanSoft, Inc) C:\Program Files (x86)\ScanSoft\OmniPageSE\opware32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Omnipage] => C:\Program Files (x86)\ScanSoft\OmniPageSE\opware32.exe [49152 2002-06-03] (ScanSoft, Inc)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [451656 2013-01-07] (TomTom)
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1723013525-2470266197-251947448-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55362;https=127.0.0.1:55362
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-1723013525-2470266197-251947448-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1723013525-2470266197-251947448-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: couponpeak -> {60cb15be-fce5-4a1e-9e14-1cc0c1d0e0ec} -> C:\ProgramData\couponpeak\GjVEn08npnXlKh.x64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\reifertlutz\AppData\Roaming\Mozilla\Firefox\Profiles\r8zr0jye.default
FF Homepage: hxxp://www.sueddeutsche.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-27]
FF HKU\S-1-5-21-1723013525-2470266197-251947448-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-12]
CHR Extension: (Google Drive) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-12]
CHR Extension: (YouTube) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-12]
CHR Extension: (Google Search) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-12]
CHR Extension: (Google Wallet) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-12]
CHR Extension: (Gmail) - C:\Users\reifertlutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-12]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-12] (Adobe Systems) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-10] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 10:21 - 2015-01-27 10:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-19 18:53 - 2015-01-19 18:53 - 00029456 _____ () C:\Users\reifertlutz\Desktop\FRST 3.txt
2015-01-18 12:03 - 2015-01-18 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-01-18 12:03 - 2015-01-18 12:03 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-01-17 22:02 - 2015-01-17 22:02 - 00025997 _____ () C:\Users\reifertlutz\Desktop\Addition 17.1..txt
2015-01-14 12:20 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:20 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:20 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:20 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:20 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:20 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:20 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:20 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:20 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:20 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:20 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:20 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:20 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 12:06 - 2015-01-11 12:06 - 00028722 _____ () C:\Users\reifertlutz\Desktop\FRST elfter erster.txt
2015-01-11 12:02 - 2015-02-05 21:18 - 00000506 _____ () C:\Users\reifertlutz\Desktop\Fixlist.txt
2015-01-11 11:42 - 2015-01-18 12:03 - 00001935 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-01-11 11:42 - 2015-01-18 12:03 - 00000000 ____D () C:\ProgramData\McAfee Security Scan

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 21:20 - 2014-12-25 14:06 - 00000000 ____D () C:\Users\reifertlutz\Desktop\Virenbehandlung
2015-02-05 21:20 - 2014-12-24 17:01 - 00000000 ____D () C:\FRST
2015-02-05 21:11 - 2012-09-19 21:14 - 00000000 ____D () C:\Users\reifertlutz\AppData\Roaming\Skype
2015-02-05 21:09 - 2012-05-12 01:02 - 01832308 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 20:48 - 2012-03-20 16:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 20:48 - 2012-03-20 16:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 20:48 - 2012-03-20 16:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 20:48 - 2012-03-20 16:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 12:06 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 12:06 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 09:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 09:52 - 2009-07-14 05:51 - 00093807 _____ () C:\Windows\setupact.log
2015-02-03 18:48 - 2014-12-24 00:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 10:07 - 2010-11-21 04:47 - 00270806 _____ () C:\Windows\PFRO.log
2015-01-14 22:10 - 2013-08-14 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 22:09 - 2012-09-21 20:32 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 12:58 - 2012-05-12 10:49 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2015-01-13 12:58 - 2012-05-12 10:49 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2015-01-13 12:58 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 11:42 - 2014-06-23 20:37 - 00000000 ____D () C:\Users\reifertlutz\AppData\Local\Adobe
2015-01-10 11:06 - 2014-12-27 12:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

==================== Files in the root of some directories =======

2014-07-12 08:05 - 2014-12-08 14:30 - 0000600 _____ () C:\Users\reifertlutz\AppData\Roaming\winscp.rnd
2012-05-12 01:15 - 2012-05-12 01:18 - 0015134 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-09-21 19:50 - 2012-09-21 19:52 - 0000032 _____ () C:\ProgramData\PS.log

Some content of TEMP:
====================
C:\Users\reifertlutz\AppData\Local\Temp\AskSLib.dll
C:\Users\reifertlutz\AppData\Local\Temp\avgnt.exe
C:\Users\reifertlutz\AppData\Local\Temp\Quarantine.exe
C:\Users\reifertlutz\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-05 11:59

==================== End Of Log ============================
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:38 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131