Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html

chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html


Log-Analyse und Auswertung: chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 04.02.2015, 11:06   #1
Lepakko
 
chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html - Standard

chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html


Hallo allerseits,
seit kurzem öffnet sich Chrome bei mir mit der o.g. genannten Seite. Ich habe mich ein wenig belesen und dabei festgestellt, daß das ein offenbar häufig auftretendes Phenomän ist. Da ich nicht sehr viel Ahnung vom Umgang mit PC´s habe, hoffe ich auf ein wenig Hilfe von Euch.

Alt 04.02.2015, 11:06   #2
schrauber
/// the machine
/// TB-Ausbilder
 
chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html - Standard

chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 04.02.2015, 11:15   #3
Lepakko
 
chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html - Standard

chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html


Hui, das ging ja schnell!

Hier die beiden Files: ich habe sie hintereinander kopiert, da ich nicht weiß, wie ich ein neues Fenster öffnen kann:




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Tyrion Lannister (administrator) on ARBEITSZIMMER on 04-02-2015 10:35:45
Running from C:\Users\Tyrion Lannister\Downloads
Loaded Profiles: Tyrion Lannister (Available profiles: Tyrion Lannister)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Users\Tyrion Lannister\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Arc] => C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe [416080 2015-01-08] (Perfect World Entertainment)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1453844191-4196955726-2398730128-1000\...\Run: [Amazon Music] => C:\Users\Tyrion Lannister\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-1453844191-4196955726-2398730128-1000\...\MountPoints2: {169ed424-a4d1-11e2-a32e-f46d049154d5} - F:\iLinker.exe
BootExecute: autocheck autochk * 愀甀琀漀挀栀攀挀欀 琀甀爀攀最漀瀀琀

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @gametap.com/npdd,version=1.0 -> C:\Program Files (x86)\Downloader\npdd.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1453844191-4196955726-2398730128-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\searchplugins\google-maps.xml
FF Extension: Avira Browser Safety - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\abs@avira.com [2014-11-21]
FF Extension: Avira SafeSearch - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\safesearch@avira.com [2014-09-30]
FF Extension: DownloadHelper - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Cliqz Beta - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\cliqz@cliqz.com.xpi [2014-09-18]
FF Extension: Ghostery - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\firefox@ghostery.com.xpi [2014-07-07]
FF Extension: Strict Pop-up Blocker - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2014-07-07]
FF Extension: NoScript - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-07]
FF Extension: Adblock Plus - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-07]
FF Extension: DownThemAll! - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-07-07]
FF HKU\S-1-5-21-1453844191-4196955726-2398730128-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\extensions\cliqz@cliqz.com
FF Extension: No Name - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\extensions\faststartff@gmail.com [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1422700771&from=cvs5&uid=395049983_1052499_A086D6BD
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1422700771&from=cvs5&uid=395049983_1052499_A086D6BD"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Slides) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-17]
CHR Extension: (Google Docs) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-17]
CHR Extension: (Google Drive) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-18]
CHR Extension: (YouTube) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17]
CHR Extension: (Google Search) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-17]
CHR Extension: (Google Sheets) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-17]
CHR Extension: (Avira Browser Safety) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-22]
CHR Extension: (Google Wallet) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-17]
CHR Extension: (Gmail) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-11-09] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-04] (Avira Operations GmbH & Co. KG)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2015-01-08] (Perfect World Entertainment Inc)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-10] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MSSQL$BWDATOOLSET; C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-25] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Asapi; C:\Windows\SysWow64\Drivers\Asapi.sys [8768 2000-05-12] (VOB Computersysteme GmbH) [File not signed]
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [29696 2014-11-09] (Huawei Tech. Co., Ltd.)
S3 Huawei; C:\Windows\SysWOW64\DRIVERS\ewdcsc.sys [29696 2014-11-09] (Huawei Tech. Co., Ltd.)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [115328 2008-07-24] (Huawei Technologies Co., Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 10:35 - 2015-02-04 10:36 - 00017175 _____ () C:\Users\Tyrion Lannister\Downloads\FRST.txt
2015-02-04 10:35 - 2015-02-04 10:35 - 02131456 _____ (Farbar) C:\Users\Tyrion Lannister\Downloads\FRST64.exe
2015-02-04 10:35 - 2015-02-04 10:35 - 00000000 ____D () C:\FRST
2015-02-04 10:30 - 2015-02-04 10:30 - 00011998 _____ () C:\Users\Tyrion Lannister\Desktop\AdwCleaner[S0].txt
2015-02-04 10:21 - 2015-02-04 10:28 - 00000000 ____D () C:\AdwCleaner
2015-02-04 10:20 - 2015-02-04 10:20 - 02194432 _____ () C:\Users\Tyrion Lannister\Downloads\AdwCleaner_4.109.exe
2015-02-03 13:03 - 2015-02-03 13:03 - 00001115 _____ () C:\Users\Tyrion Lannister\Desktop\Driver Genius Professional Edition.lnk
2015-02-03 13:03 - 2015-02-03 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
2015-02-03 01:46 - 2015-02-03 01:46 - 16032147 _____ (Written by Alexander Herzog) C:\Users\Tyrion Lannister\Desktop\D-Fend-Reloaded-1.4.1-Setup.exe
2015-02-01 11:34 - 2015-02-01 11:34 - 00032151 _____ () C:\Users\Tyrion Lannister\Desktop\a_charming_font.zip
2015-02-01 11:34 - 2015-02-01 11:34 - 00000000 ____D () C:\Users\Tyrion Lannister\AppData\Roaming\dlg
2015-01-31 11:40 - 2015-01-31 22:48 - 00000000 ____D () C:\ProgramData\FlashBeat
2015-01-31 11:40 - 2015-01-31 22:43 - 00005328 _____ () C:\Windows\SysWOW64\ColorMedia.ini
2015-01-31 11:40 - 2015-01-31 22:43 - 00002928 _____ () C:\Windows\SysWOW64\ColorMediaOff.ini
2015-01-31 11:40 - 2015-01-31 22:43 - 00002928 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-01-31 11:40 - 2015-01-31 11:40 - 00000000 ____D () C:\ProgramData\FlashBeatData
2015-01-31 11:40 - 2015-01-27 17:31 - 00344440 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-31 11:40 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-31 11:38 - 2015-01-31 11:38 - 00432280 _____ () C:\Users\Tyrion Lannister\Desktop\ACharmingFont_downloader-Q6Sb7gh66.exe
2015-01-31 11:37 - 2015-01-31 11:37 - 00432280 _____ () C:\Users\Tyrion Lannister\Downloads\ACharmingFont_downloader-Q8Mkp4mzD.exe
2015-01-29 23:01 - 2015-01-29 23:01 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-28 10:26 - 2015-01-29 08:26 - 00000000 ____D () C:\Users\Public\Documents\Arc
2015-01-27 00:23 - 2015-01-27 00:23 - 00014464 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64.sys
2015-01-26 12:55 - 2015-01-26 12:56 - 00000000 ____D () C:\Users\Tyrion Lannister\Desktop\SEK Berlin
2015-01-14 09:45 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:45 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:45 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:45 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 09:45 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 09:45 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 09:45 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 09:45 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 09:45 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 09:45 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:45 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 09:45 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 09:45 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-06 00:53 - 2015-01-06 01:05 - 88539427 _____ () C:\Users\Tyrion Lannister\Downloads\480P_600k_23563471.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 10:33 - 2011-12-30 15:59 - 01552903 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 10:30 - 2012-10-31 15:41 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-04 10:29 - 2014-09-17 15:40 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 10:29 - 2013-02-09 08:40 - 00343956 _____ () C:\Windows\PFRO.log
2015-02-04 10:29 - 2013-02-09 08:40 - 00072094 _____ () C:\Windows\setupact.log
2015-02-04 10:29 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 10:28 - 2014-09-17 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-04 10:28 - 2014-07-07 10:38 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-04 10:28 - 2012-10-24 19:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 10:28 - 2011-12-30 16:10 - 00001017 _____ () C:\Users\Tyrion Lannister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-04 09:56 - 2009-07-14 05:45 - 00026464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 09:56 - 2009-07-14 05:45 - 00026464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 20:48 - 2014-09-17 15:40 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 16:21 - 2012-12-05 15:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-03 11:07 - 2009-07-14 18:58 - 02799576 _____ () C:\Windows\system32\perfh007.dat
2015-02-03 11:07 - 2009-07-14 18:58 - 00806998 _____ () C:\Windows\system32\perfc007.dat
2015-02-03 11:07 - 2009-07-14 06:13 - 00006472 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 00:02 - 2012-10-20 20:37 - 00000000 ____D () C:\Users\Tyrion Lannister\AppData\Roaming\vlc
2015-02-01 22:48 - 2014-12-30 09:12 - 00067728 _____ () C:\Users\Tyrion Lannister\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-01 22:48 - 2014-12-30 09:01 - 00298008 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-31 22:48 - 2014-04-15 15:08 - 00000776 _____ () C:\Windows\system32\.crusader
2015-01-29 23:01 - 2014-05-16 11:03 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-29 23:01 - 2013-08-05 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-29 23:01 - 2013-08-05 09:41 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-26 02:59 - 2014-10-13 13:20 - 00001250 _____ () C:\Users\Tyrion Lannister\Desktop\Amazon Music.lnk
2015-01-25 03:28 - 2012-10-24 19:58 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 03:28 - 2012-10-24 19:58 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 03:28 - 2011-12-30 17:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-20 08:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-15 01:24 - 2013-08-16 00:39 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 01:16 - 2011-12-30 19:02 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-06 04:36 - 2011-12-30 16:49 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2013-08-17 11:13 - 2013-08-17 11:13 - 0003584 _____ () C:\Users\Tyrion Lannister\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-01 11:15 - 2015-01-03 17:41 - 0007606 _____ () C:\Users\Tyrion Lannister\AppData\Local\Resmon.ResmonCfg
2013-08-12 18:24 - 2013-08-12 18:24 - 0005033 _____ () C:\ProgramData\mtbjfghn.xbe

Some content of TEMP:
====================
C:\Users\Tyrion Lannister\AppData\Local\Temp\avgnt.exe
C:\Users\Tyrion Lannister\AppData\Local\Temp\Quarantine.exe
C:\Users\Tyrion Lannister\AppData\Local\Temp\Setup.exe
C:\Users\Tyrion Lannister\AppData\Local\Temp\somoto_A Charming Font_1.0.exe
C:\Users\Tyrion Lannister\AppData\Local\Temp\SpOrder.dll
C:\Users\Tyrion Lannister\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-26 13:30

==================== End Of Log ============================
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Tyrion Lannister at 2015-02-04 10:36:50
Running from C:\Users\Tyrion Lannister\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A Game of Thrones - Genesis (HKLM-x32\...\Steam App 58550) (Version:  - Cyanide Studios)
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-1453844191-4196955726-2398730128-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{0BD776F3-057D-4C11-020C-4FA9B13D04F9}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Baldur's Gate (HKLM-x32\...\Baldur's Gate) (Version:  - )
Baldurs Gate(TM) II - Thron des Bhaal (TM) (HKLM-x32\...\{5B09F344-4406-11D5-96E8-0050BA84F5F7}) (Version:  - )
Battle Isle - Der Andosia Konflikt (HKLM-x32\...\Battle Isle - Der Andosia Konflikt) (Version:  - )
Battlecraft 1942 (HKLM-x32\...\Battlecraft 19422.1) (Version:  - )
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version:  - )
Battlefield 1942: Secret Weapons of WWII (HKLM-x32\...\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}) (Version:  - )
Battlefield 1942: The Road To Rome (HKLM-x32\...\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}) (Version:  - )
Battlefield Mod Development Toolkit 2.0 Beta (HKLM-x32\...\MDT) (Version:  - )
Call of Duty(R) - World at War(TM) (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
Call of Duty(R) - World at War(TM) (x32 Version: 1.0 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward - Sledgehammer Games)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Cloanto Amiga Explorer (HKLM-x32\...\Cloanto Amiga Explorer) (Version:  - )
Cloanto Amiga Forever (HKLM-x32\...\Cloanto Amiga Forever) (Version:  - )
Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes (HKLM-x32\...\Company of Heroes) (Version: 2.602.0 - THQ Inc.)
CrystalDiskInfo 6.2.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.2.1 - Crystal Dew World)
Demonicon (HKLM-x32\...\Steam App 215630) (Version:  - Noumena Studios)
Divinity II - Ego Draconis (HKLM-x32\...\Divinity II - Ego Draconis_is1) (Version:  - dtp)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05 - Electronic Arts, Inc.)
Dragon Age: Origins Character Creator (HKLM-x32\...\{D8B5B7C3-47B1-40FA-8251-59C74A543880}) (Version: 1.00 - Electronic Arts, Inc.)
Drakensang (HKLM-x32\...\Drakensang_is1) (Version:  - dtp)
EVE Online (nur entfernen) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
FlashBeat (HKLM-x32\...\FlashBeat) (Version: 1.0.0.2164 - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.2.413 - Foxit Corporation)
Free YouTube Download version 3.2.41.623 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.41.623 - DVDVideoSoft Ltd.)
Game of Thrones - DLC Weapons - Extract Version 1.0.0.0 (HKLM-x32\...\AGOT-DLC-Extractor_is1) (Version: 1.0.0.0 - Cyanide)
Game of Thrones Version 1.6.0.0 (HKLM-x32\...\AGOT_is1) (Version: 1.6.0.0 - Cyanide)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
IBot 4.30 (HKLM-x32\...\{FFCE3D78-ABFC-4091-A778-441204FCA81A}}_is1) (Version: 4.30 - Profibot)
Icewind Dale - Herz des Winters (HKLM-x32\...\{433BF933-81D6-4646-A318-3DE5DB6108F2}) (Version:  - )
Icewind Dale (HKLM-x32\...\Icewind Dale) (Version:  - )
Icewind Dale II (HKLM-x32\...\{588C135F-0B15-4A02-8F2D-04697BE2904E}) (Version: 1.00.000 - Black Isle)
Java 2 Runtime Environment Standard Edition v1.3 (HKLM-x32\...\JRE 1.3) (Version:  - )
Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java(TM) 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual Basic 6.0 Ablaufmodell Edition (Deutsch) (HKLM-x32\...\Microsoft Visual Basic 6.0 Ablaufmodell Edition (deu)) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version:  - )
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSI Afterburner 2.0.0 (HKLM-x32\...\Afterburner) (Version: 2.0.0 - MSI Co., LTD)
My MP3 (HKLM-x32\...\My MP3) (Version:  - )
Neverwinter (HKLM-x32\...\Neverwinter) (Version:  - Cryptic Studios)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
Neverwinter Nights (HKLM-x32\...\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}) (Version:  - )
Neverwinter Nights 2 (HKLM-x32\...\{F20C1251-1D0A-4944-B2AE-678581B33B19}) (Version: 1.00.0000 - Obsidian)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
Project IGI (HKLM-x32\...\Project IGI) (Version:  - )
PunkBuster für Battlefield 1942 (HKLM-x32\...\{127B684B-A002-44C8-99A7-6CF8F1E26873}) (Version:  - )
Ralink Wireless LAN (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.00.0000 - RaLink)
Realms of Arkania: Blade of Destiny (HKLM-x32\...\Steam App 237550) (Version:  - Crafty Studios)
Sacred (HKLM-x32\...\Sacred_is1) (Version:  - Ascaron Entertainment GmbH)
SpeedBall 2 (HKLM-x32\...\SpeedBall 2) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Dark Eye: Chains of Satinav (HKLM-x32\...\Steam App 203830) (Version:  - Daedalic Entertainment)
Tom Clancy's Rainbow Six Vegas (HKLM-x32\...\{5731C0A8-B266-451A-8D3F-8066AA21836F}) (Version: 1.06.000 - Ubisoft)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.151 - TuneUp Software) Hidden
Ulead PhotoImpact 4.2 (HKLM-x32\...\Ulead PhotoImpact 4.2) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Verbindungsassistent (HKLM-x32\...\Verbindungsassistent) (Version: 2.1 - Verbindungsassistent) <==== ATTENTION!
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinUAE (HKLM-x32\...\{FB9A1D65-250C-4B57-9B2A-E9710AC08FDB}) (Version: 2.7.0.0 - Arabuusimiehet)
WinUAE 1.6.0 (HKLM-x32\...\WinUAE) (Version: 1.6.0 - Arabuusimiehet)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.3.0.16992 - Blizzard Entertainment)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2DF8BCCB-84FA-481E-B826-B4DD219326BE} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {2F4595D9-2602-4EFD-B95D-ADA6D4305432} - System32\Tasks\{7EABF3C1-6647-4EF9-ABE0-9F0207728DFA} => pcalua.exe -a "C:\Users\Tyrion Lannister\AppData\Roaming\webssearches\UninstallManager.exe" -c -ptid=tugs -simple=0 <==== ATTENTION
Task: {2FA36117-7F84-4FE3-9CED-D5DCF7A4A803} - System32\Tasks\{52AA8DF9-F90D-4FC2-AFB3-5C38BA84E9A4} => pcalua.exe -a D:\Driver\8.771\Win7_Vista\Setup_Afterburner.exe -d D:\Driver\8.771\Win7_Vista
Task: {3AF0FE0B-F62F-4CC3-98BE-466E21E27939} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
Task: {3F53889B-979D-47B4-ADE8-1A1F3AF396C3} - System32\Tasks\{89A491DC-93B1-4075-AD36-9D5208892CDE} => pcalua.exe -a D:\CriticalRebuild.exe -d D:\
Task: {425531DC-6495-407F-9A1F-DE8E6F63E23D} - System32\Tasks\{0F6BC8EE-D283-4A8C-8DA2-D3F881BD55CF} => pcalua.exe -a "C:\Users\Tyrion Lannister\Desktop\zusatz für win98\ePC Treiberdateien englisch\bdf736en.exe" -d "C:\Users\Tyrion Lannister\Desktop\zusatz für win98\ePC Treiberdateien englisch"
Task: {44B364F6-185E-473D-839A-F0FCEF023A67} - System32\Tasks\{F93EB439-B3B6-40C9-9B49-4E9F8EEB64FF} => pcalua.exe -a "C:\Users\Tyrion Lannister\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=adks -simple=0 <==== ATTENTION
Task: {44D3AB08-314C-48D9-BFBC-269D843FFCE8} - System32\Tasks\{1CDA611D-208D-4108-A9FB-6B58F9C2A1E9} => pcalua.exe -a "C:\Program Files (x86)\video MediaPlay-Air\Uninstall.exe" -d "C:\Program Files (x86)\TuneUp Utilities 2014" -c /fcp=1
Task: {4B33977C-DB21-494B-BA90-C8216AB24254} - \PLDEIXQTO No Task File <==== ATTENTION
Task: {8B1C607D-A6AB-40CC-B822-F82E61CB8D5F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-17] (Google Inc.)
Task: {9BB79AD3-1388-4E14-9637-A2C5102294F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-17] (Google Inc.)
Task: {B725C816-BDC9-42A5-AB00-418B07740A02} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D45221D0-A9B0-4528-A92A-C9842C286905} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.)
Task: {DC3AB5D0-0D44-41CC-BB32-301D875A471B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {F4B25EFD-3996-4421-8B10-6969F2D28DD0} - System32\Tasks\{7AC4C2E6-1708-4377-9CA2-9DC3791447E8} => pcalua.exe -a "C:\Users\Tyrion Lannister\Desktop\zusatz für win98\ePC Treiberdateien englisch\bdf736en.exe" -d "C:\Users\Tyrion Lannister\Desktop\zusatz für win98\ePC Treiberdateien englisch"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-11-09 22:09 - 2011-11-09 22:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-07-16 09:24 - 2014-07-16 09:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-11-09 23:10 - 2009-03-03 12:45 - 00296400 ____N () C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
2014-10-13 13:20 - 2014-12-08 07:27 - 06277952 _____ () C:\Users\Tyrion Lannister\AppData\Local\Amazon Music\Amazon Music Helper.exe
2011-12-30 16:17 - 2010-01-21 01:53 - 00496232 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2011-12-30 16:17 - 2010-01-21 01:52 - 00076392 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2011-12-30 16:17 - 2010-01-21 01:53 - 00731752 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2011-12-30 16:17 - 2010-01-21 01:53 - 00209000 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2015-02-01 10:49 - 2015-01-27 04:27 - 01450312 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-02-01 10:49 - 2015-01-27 04:27 - 00205128 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-02-01 10:49 - 2015-01-27 04:27 - 10864456 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1453844191-4196955726-2398730128-500 - Administrator - Disabled)
Gast (S-1-5-21-1453844191-4196955726-2398730128-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1453844191-4196955726-2398730128-1006 - Limited - Enabled)
Tyrion Lannister (S-1-5-21-1453844191-4196955726-2398730128-1000 - Administrator - Enabled) => C:\Users\Tyrion Lannister

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2015 10:36:52 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (02/04/2015 10:36:52 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (02/04/2015 09:56:42 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 16
   Snapshotkontext: 16
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (02/04/2015 09:56:42 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 16
   Snapshotkontext: 16
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (02/04/2015 09:54:12 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80042302).

Error: (02/04/2015 09:54:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "GetProviderMgmtInterface" ist ein unerwarteter Fehler aufgetreten. hr = 0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
.

Error: (02/04/2015 09:54:12 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (02/04/2015 09:54:12 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (02/03/2015 11:07:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (02/03/2015 11:07:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (02/04/2015 10:30:26 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (02/04/2015 10:30:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/04/2015 10:30:01 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.2.101192.168.137.0255.255.255.0

Error: (02/04/2015 10:30:01 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 

Error: (02/04/2015 10:29:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/04/2015 10:29:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Asapi" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (02/04/2015 10:29:26 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\Asapi.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (02/04/2015 10:28:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Gatewaydienst auf Anwendungsebene" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/04/2015 10:28:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ForceWare IP service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/04/2015 10:28:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ForceWare Intelligent Application Manager (IAM)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (02/04/2015 10:36:52 AM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (02/04/2015 10:36:52 AM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (02/04/2015 09:56:42 AM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 16
   Snapshotkontext: 16
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (02/04/2015 09:56:42 AM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Überprüfen, ob das Volume vom Anbieter unterstützt wird
   Volume einem Schattenkopiesatz hinzufügen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 16
   Snapshotkontext: 16
   Ausführungskontext: Coordinator
   Anbieter-ID: {00000000-0000-0000-0000-000000000000}
   Volumename: C:\
   Ausführungskontext: Coordinator

Error: (02/04/2015 09:54:12 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80042302

Error: (02/04/2015 09:54:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: GetProviderMgmtInterface0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.

Error: (02/04/2015 09:54:12 AM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (02/04/2015 09:54:12 AM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (02/03/2015 11:07:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (02/03/2015 11:07:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 840 Processor
Percentage of memory in use: 31%
Total physical RAM: 8191.23 MB
Available physical RAM: 5626.45 MB
Total Pagefile: 16380.64 MB
Available Pagefile: 13671.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:196.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (XP Pro 64bit) (Fixed) (Total:465.76 GB) (Free:454.02 GB) NTFS
Drive f: (Verbatim) (Fixed) (Total:298.02 GB) (Free:245.25 GB) FAT32
Drive h: (Datensicherung) (Fixed) (Total:465.75 GB) (Free:414.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: A1CE9807)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 98F9331A)
Partition 1: (Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 298.1 GB) (Disk ID: F91A9EE0)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=0C)

==================== End Of Log ============================
__________________
Alt 04.02.2015, 19:04   #4
schrauber
/// the machine
/// TB-Ausbilder
 
chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html - Standard

chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html


Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Verbindungsassistent


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.02.2015, 01:11   #5
Lepakko
 
chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html - Standard

chrome extension


So ist es geschehen. Avira hat mitgeteilt, daß es den Zugriff auf die Registry blockiert habe, als ich VomboFix gestartet habe. ComboFix selbst hat nix vermeldet.

Hier das Ergebnis:



Code:
ATTFilter
ComboFix 15-02-02.01 - Tyrion Lannister 05.02.2015   0:32.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8191.6188 [GMT 1:00]
ausgeführt von:: c:\users\Tyrion Lannister\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_locales\de\messages.json
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_locales\en\messages.json
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_locales\en_US\messages-sim.json
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_locales\en_US\messages.json
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_locales\es\messages.json
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_locales\fr\messages.json
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_locales\it\messages.json
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_locales\pt_BR\messages.json
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_metadata\computed_hashes.json
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_metadata\verified_contents.json
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\api-rules.json
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\app.css
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\blocked.css
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\content\base\search.css
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\content\content.css
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\content\engines\ask.css
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\content\engines\duckduckgo.css
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\content\engines\google.css
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\content\search.css
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\fonts\KievitWebPro-Bold.eot
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\fonts\KievitWebPro-Bold.woff
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\fonts\KievitWebPro-Light.eot
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\fonts\KievitWebPro-Light.woff
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\fonts\KievitWebPro.eot
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\fonts\KievitWebPro.woff
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\animated-overlay.gif
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-bg_diagonals-thick_18_b81900_40x40.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-bg_diagonals-thick_20_666666_40x40.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-bg_flat_10_000000_40x100.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-bg_glass_100_f6f6f6_1x400.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-bg_glass_100_fdf5ce_1x400.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-bg_glass_65_ffffff_1x400.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-bg_gloss-wave_35_f6a828_500x100.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-bg_highlight-soft_100_eeeeee_1x100.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-bg_highlight-soft_75_ffe45c_1x100.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-icons_222222_256x240.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-icons_228ef1_256x240.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-icons_ef8c08_256x240.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-icons_ffd27a_256x240.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-icons_ffffff_256x240.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\data\effective_tld_names.dat.txt
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\html\app.html
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\html\blocked.html
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\html\locale.html
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\html\templates\indexed.json
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\html\top.html
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\i18n\de-DE.json
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\i18n\en-US.json
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\i18n\es-ES.json
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\i18n\fr-FR.json
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\i18n\it-IT.json
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\i18n\pt-BR.json
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\abs_avira_umbrella_white.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\absb-attention.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\absb-checks.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\absb-close.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\avira_icon128.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\avira_icon16.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\avira_icon24.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\avira_icon32.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\avira_icon48.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\avira_logo.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\avira_logo.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\classification_safe.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\classification_safe_lg.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\classification_unsafe.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\classification_unsafe_lg.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\close-offers-bar.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\close.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\dash_close.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\dash_close_white.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\dash_feedback.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\dash_search_dark.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\dash_search_dark.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\dash_search_light.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\dash_search_light.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\dash_search_normal.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\expand-arrow.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\info_empty.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\info_full.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\offers-rating.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\question-mark.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\scroll-down.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\serp_info_safe.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\serp_info_unsafe.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\settings-24.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\switch-on.png
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\trackers_icon.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\trackers_icon_nb.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\white_check.svg
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\js\bunches\app.js
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\js\bunches\background.js
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\js\bunches\blocked.js
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\js\bunches\content.js
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\js\bunches\content_start.js
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\js\bunches\locale.js
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\js\bunches\search.js
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\manifest.json
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\000090.ldb
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\000092.ldb
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\000095.ldb
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\000096.log
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\CURRENT
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\LOCK
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\LOG
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\LOG.old
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\MANIFEST-000094
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_flliilndjeohchalpbbcdekjklbdgfkk_0.localstorage-journal
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_flliilndjeohchalpbbcdekjklbdgfkk_0.localstorage
c:\users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Tyrion Lannister\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Tyrion Lannister\AppData\Local\TempDIR
c:\users\Tyrion Lannister\AppData\Local\TempDIR\Offercast2810_NDV_.exe
c:\users\TYRION~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Asapi
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-01-05 bis 2015-02-05  ))))))))))))))))))))))))))))))
.
.
2015-02-04 23:10 . 2015-02-04 23:10	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-02-04 09:35 . 2015-02-04 09:37	--------	d-----w-	C:\FRST
2015-02-04 09:21 . 2015-02-04 09:28	--------	d-----w-	C:\AdwCleaner
2015-02-04 08:54 . 2014-12-02 10:26	11870360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{24D69ADE-1ADD-46A8-B2EB-497783929F0F}\mpengine.dll
2015-02-01 10:34 . 2015-02-01 10:34	--------	d-----w-	c:\users\Tyrion Lannister\AppData\Roaming\dlg
2015-01-31 10:40 . 2015-01-27 16:31	301168	----a-w-	c:\windows\SysWow64\ColorMedia.dll
2015-01-31 10:40 . 2015-01-27 16:31	344440	----a-w-	c:\windows\system32\ColorMedia64.dll
2015-01-31 10:40 . 2015-01-31 21:48	--------	d-----w-	c:\programdata\FlashBeat
2015-01-26 23:23 . 2015-01-26 23:23	14464	----a-w-	c:\windows\system32\drivers\wdcsam64.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-25 02:28 . 2012-10-24 18:58	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-25 02:28 . 2011-12-30 16:00	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-15 00:16 . 2011-12-30 18:02	113365784	----a-w-	c:\windows\system32\MRT.exe
2015-01-06 03:36 . 2011-12-30 15:49	298120	------w-	c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-18 07:08	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 07:08	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-09 22:26	413184	----a-w-	c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-09 22:26	741376	----a-w-	c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-09 22:26	396800	----a-w-	c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-09 22:26	830976	----a-w-	c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-09 22:26	192000	----a-w-	c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-09 22:26	227328	----a-w-	c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-09 22:26	1083392	----a-w-	c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-09 22:26	1232040	----a-w-	c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-09 23:02	389296	----a-w-	c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-09 23:02	25059840	----a-w-	c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-09 23:02	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-09 23:02	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-09 23:02	66560	----a-w-	c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-09 23:02	580096	----a-w-	c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-09 23:02	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-09 23:02	2885120	----a-w-	c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-09 23:02	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-09 23:02	54784	----a-w-	c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-09 23:02	34304	----a-w-	c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-09 23:02	633856	----a-w-	c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-09 23:02	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-09 23:02	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-09 23:02	6039552	----a-w-	c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-09 23:02	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-09 23:02	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-09 23:02	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-09 23:02	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-09 23:02	199680	----a-w-	c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-09 23:02	92160	----a-w-	c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-09 23:02	501248	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-09 23:02	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-09 23:02	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-09 23:02	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-09 23:02	316928	----a-w-	c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-09 23:02	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-09 23:02	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-09 23:02	800768	----a-w-	c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-09 23:02	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-09 23:02	2125312	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-09 23:02	14412800	----a-w-	c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-09 23:02	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-09 23:02	4299264	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-09 23:02	2358272	----a-w-	c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-09 23:02	2052096	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-09 23:02	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-09 23:02	1548288	----a-w-	c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-09 23:02	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-09 23:02	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2014-11-11 03:09 . 2014-12-09 22:20	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-18 18:16	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 18:16	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-09 22:20	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-18 18:16	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 18:16	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-09 22:19	119296	----a-w-	c:\windows\system32\drivers\tdx.sys
2014-11-09 22:10 . 2014-11-09 22:10	691712	----a-w-	c:\windows\SysWow64\drivers\mod7700.sys
2014-11-09 22:10 . 2014-11-09 22:10	29696	----a-w-	c:\windows\SysWow64\drivers\ewdcsc.sys
2014-11-09 22:10 . 2014-11-09 22:10	29696	----a-w-	c:\windows\system32\drivers\ewdcsc.sys
2014-11-09 22:10 . 2014-11-09 22:10	115328	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2014-11-08 03:16 . 2014-12-09 22:15	2048	----a-w-	c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-09 22:15	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Amazon Music"="c:\users\Tyrion Lannister\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-12-08 6277952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-04 702768]
"Arc"="c:\program files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe" [2015-01-08 416080]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-08-19 448856]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-12-31 126712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0????????? ????????
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"USSShReg"=c:\progra~2\ULEADS~1\ULEADP~1.2\SSaver\Ussshreg.exe /r
"DivXMediaServer"=c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe;c:\program files (x86)\Verbindungsassistent\WTGService.exe [x]
R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 netr28x;Ralink 802.11n-Drahtlostreiber für Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 02:28]
.
2015-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-17 14:40]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-17 14:40]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D8FC7DF3-C7A4-4DCB-B329-D0B625A91D11}: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D8FC7DF3-C7A4-4DCB-B329-D0B625A91D11}\75C414E4D2337323834373: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Baldur's Gate - c:\windows\IsUn0407.exe
AddRemove-Battle Isle - Der Andosia Konflikt - c:\windows\IsUn0407.exe
AddRemove-Battlecraft 19422.1 - c:\windows\iun6002.exe
AddRemove-MDT - c:\windows\iun6002.exe
AddRemove-Ulead PhotoImpact 4.2 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\TuneUp Utilities 2014\OneClickStarter.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-02-05  01:05:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-02-05 00:05
.
Vor Suchlauf: 22 Verzeichnis(se), 215.323.865.088 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 215.037.554.688 Bytes frei
.
- - End Of File - - 1C81A2092C4846AC0F6040CD8049051D
8F558EB6672622401DA993E1E865C861


Alt 05.02.2015, 10:26   #6
schrauber
/// the machine
/// TB-Ausbilder
 
chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html - Standard

chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html

Alt 05.02.2015, 11:45   #7
Lepakko
 
chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html - Standard

chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html


So, hier die Dateien. Übrigens: TOP - Hilfestellung, die Du gibst. Das kann selbst ein Laie wie ich leicht abarbeiten!

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 05.02.2015
Scan Time: 10:46:13
Logfile: malwareb.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.05.04
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Tyrion Lannister

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349405
Time Elapsed: 15 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 24
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FlashBeat, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B8D1E62C-5D04-4AB0-A09E-688FF75743EF}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B0071C9-831E-43DD-9EFE-722D8AEB9E2E}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5217E897-1728-4B11-BC9D-5405AD551BEF}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6073385E-A128-4464-9DFD-C7CF0F39A492}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{81E47395-D310-4064-B963-844C4088AB76}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{83E41C3D-190A-4052-A046-269722F3B4FD}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A62D52D9-1E41-4772-A794-71B9B92AA014}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D1C116A0-DC17-4257-9190-033AE10F90B9}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{ED5B55CA-994B-42B9-93B6-1FD306925967}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FB7F9DF6-2A66-444F-BA5D-2F221F1B1AC8}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1B0071C9-831E-43DD-9EFE-722D8AEB9E2E}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5217E897-1728-4B11-BC9D-5405AD551BEF}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6073385E-A128-4464-9DFD-C7CF0F39A492}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{81E47395-D310-4064-B963-844C4088AB76}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{83E41C3D-190A-4052-A046-269722F3B4FD}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A62D52D9-1E41-4772-A794-71B9B92AA014}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D1C116A0-DC17-4257-9190-033AE10F90B9}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{ED5B55CA-994B-42B9-93B6-1FD306925967}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FB7F9DF6-2A66-444F-BA5D-2F221F1B1AC8}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B8D1E62C-5D04-4AB0-A09E-688FF75743EF}, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.MediaPlayer.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\video MediaPlay-Air, Delete-on-Reboot, [5e7a1bffacde0d29e7fd03fe60a56f91], 
PUP.Optional.WebInternetSecurity, HKU\S-1-5-21-1453844191-4196955726-2398730128-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\webinternetsecurity, Delete-on-Reboot, [37a14bcf7d0d1b1b6330e2bdbc477888], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-1453844191-4196955726-2398730128-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WIntEnhance, Delete-on-Reboot, [e7f1ca500387dd5952cfc6be788b4db3], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 

Files: 27
PUP.Optional.Spigot, C:\Users\Tyrion Lannister\Downloads\YTDSetup481.exe, Quarantined, [b7218397177356e0a25f04bd8d744bb5], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\uninstall.exe, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\ColorMedia.dll, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\ColorMedia.exe, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\ColorMedia.tlb, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\ColorMedia64.dll, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\ColorMediaCrt.dll, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\freebl3.dll, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\libnspr4.dll, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\libplc4.dll, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\libplds4.dll, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\nss3.dll, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\nssckbi.dll, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\nssdbm3.dll, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\nssutil3.dll, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\RfndNSIS.dll, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\RgsBTMedia.exe, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\RgsBTMedia.ini, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\RgsBTMedia64.exe, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\smime3.dll, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\softokn3.dll, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\sqlite3.dll, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\ssl3.dll, Quarantined, [e4f4c357c4c6ae88455010731fe4d828], 
PUP.Optional.WebsSearches.A, C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Local Storage\http_istart.webssearches.com_0.localstorage, Delete-on-Reboot, [459381992664d1657fd5137202019b65], 
PUP.Optional.WebsSearches.A, C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Local Storage\http_istart.webssearches.com_0.localstorage-journal, Delete-on-Reboot, [45938b8f068455e165efff86e61d2cd4], 
PUP.Optional.ColorMedia.A, C:\Windows\SysWOW64\ColorMedia.ini, Quarantined, [d800e337444678be1efbaf584abbac54], 
PUP.Optional.ColorMedia.A, C:\Windows\System32\ColorMediaOff.ini, Quarantined, [0aceea304e3c40f650ca0205ee17f20e], 

Physical Sectors: 0
(No malicious items detected)


(end)
Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 05/02/2015 um 11:19:51
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-04.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Tyrion Lannister - ARBEITSZIMMER
# Gestartet von : C:\Users\Tyrion Lannister\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage
Datei Gelöscht : C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v32.0.3 (x86 de)


-\\ Google Chrome v40.0.2214.94

[C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1422700771&from=cvs5&uid=395049983_1052499_A086D6BD&q={searchTerms}
[C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1422700771&from=cvs5&uid=395049983_1052499_A086D6BD&q={searchTerms}
[C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1422700771&from=cvs5&uid=395049983_1052499_A086D6BD&q={searchTerms}
[C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1422700771&from=cvs5&uid=395049983_1052499_A086D6BD&q={searchTerms}

*************************

AdwCleaner[R0].txt - [12974 octets] - [04/02/2015 10:21:21]
AdwCleaner[R1].txt - [2191 octets] - [05/02/2015 11:18:29]
AdwCleaner[S0].txt - [11998 octets] - [04/02/2015 10:28:02]
AdwCleaner[S1].txt - [2112 octets] - [05/02/2015 11:19:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2172 octets] ##########
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Tyrion Lannister on 05.02.2015 at 11:26:41,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\Tyrion Lannister\appdata\local\google\chrome\user data\default\local storage\http_istart.webssearches.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Tyrion Lannister\appdata\local\google\chrome\user data\default\local storage\http_istart.webssearches.com_0.localstorage-journal"
Successfully deleted: [File] C:\Windows\prefetch\DRIVERGENIUS.EXE-386264C9.pf



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Tyrion Lannister\AppData\Roaming\mozilla\firefox\profiles\j1wx7dxm.default\searchplugins\avira-safesearch.xml
Successfully deleted: [Folder] C:\Users\Tyrion Lannister\AppData\Roaming\mozilla\firefox\profiles\j1wx7dxm.default\extensions\safesearch@avira.com
Successfully deleted the following from C:\Users\Tyrion Lannister\AppData\Roaming\mozilla\firefox\profiles\j1wx7dxm.default\prefs.js

user_pref("avira.safe_search.search_was_active", "false");
user_pref("extensions.bootstrappedAddons", "{\"jid1-P34HaABBBpOerQ@jetpack\":{\"version\":\"0.2\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Tyrion Lannister\\\\Ap
Emptied folder: C:\Users\Tyrion Lannister\AppData\Roaming\mozilla\firefox\profiles\j1wx7dxm.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.02.2015 at 11:31:06,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Tyrion Lannister (administrator) on ARBEITSZIMMER on 05-02-2015 11:33:52
Running from C:\Users\Tyrion Lannister\Desktop\Viren
Loaded Profiles: Tyrion Lannister (Available profiles: Tyrion Lannister)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Users\Tyrion Lannister\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Arc] => C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe [416080 2015-01-08] (Perfect World Entertainment)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1453844191-4196955726-2398730128-1000\...\Run: [Amazon Music] => C:\Users\Tyrion Lannister\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
BootExecute: autocheck autochk * ????????? ????????

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1453844191-4196955726-2398730128-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1453844191-4196955726-2398730128-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @gametap.com/npdd,version=1.0 -> C:\Program Files (x86)\Downloader\npdd.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1453844191-4196955726-2398730128-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\searchplugins\google-maps.xml
FF Extension: Avira Browser Safety - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\abs@avira.com [2014-11-21]
FF Extension: DownloadHelper - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Cliqz Beta - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\cliqz@cliqz.com.xpi [2014-09-18]
FF Extension: Ghostery - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\firefox@ghostery.com.xpi [2014-07-07]
FF Extension: Strict Pop-up Blocker - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2014-07-07]
FF Extension: NoScript - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-07]
FF Extension: Adblock Plus - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-07]
FF Extension: DownThemAll! - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-07-07]
FF HKU\S-1-5-21-1453844191-4196955726-2398730128-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\extensions\cliqz@cliqz.com
FF Extension: No Name - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\extensions\faststartff@gmail.com [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1422700771&from=cvs5&uid=395049983_1052499_A086D6BD
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1422700771&from=cvs5&uid=395049983_1052499_A086D6BD"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Slides) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-17]
CHR Extension: (Google Docs) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-17]
CHR Extension: (Google Drive) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-18]
CHR Extension: (YouTube) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17]
CHR Extension: (Google Search) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-17]
CHR Extension: (Google Sheets) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-17]
CHR Extension: (Avira Browser Safety) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-05]
CHR Extension: (Google Wallet) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-17]
CHR Extension: (Gmail) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-11-09] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-04] (Avira Operations GmbH & Co. KG)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2015-01-08] (Perfect World Entertainment Inc)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-10] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSSQL$BWDATOOLSET; C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-25] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WTGService; C:\Program Files (x86)\Verbindungsassistent\WTGService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [29696 2014-11-09] (Huawei Tech. Co., Ltd.)
S3 Huawei; C:\Windows\SysWOW64\DRIVERS\ewdcsc.sys [29696 2014-11-09] (Huawei Tech. Co., Ltd.)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [115328 2008-07-24] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 11:31 - 2015-02-05 11:31 - 00001861 _____ () C:\Users\Tyrion Lannister\Desktop\JRT.txt
2015-02-05 11:25 - 2015-02-05 11:25 - 01388274 _____ (Thisisu) C:\Users\Tyrion Lannister\Desktop\JRT.exe
2015-02-05 11:22 - 2015-02-05 11:22 - 00002252 _____ () C:\Users\Tyrion Lannister\Desktop\AdwCleaner[S1].txt
2015-02-05 11:16 - 2015-02-05 11:16 - 00008522 _____ () C:\Users\Tyrion Lannister\Desktop\mbam.txt
2015-02-05 11:02 - 2015-02-05 11:02 - 00008284 _____ () C:\Users\Tyrion Lannister\Desktop\malwareb.txt
2015-02-05 10:45 - 2015-02-05 11:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 10:45 - 2015-02-05 10:45 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-05 10:45 - 2015-02-05 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-05 10:45 - 2015-02-05 10:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-05 10:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-05 10:45 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-05 10:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-05 01:48 - 2015-02-05 01:48 - 00000000 ____D () C:\Users\Tyrion Lannister\Desktop\Colani
2015-02-05 01:05 - 2015-02-05 01:05 - 00038451 _____ () C:\ComboFix.txt
2015-02-05 00:30 - 2015-02-05 00:15 - 05611380 ____R (Swearware) C:\Users\Tyrion Lannister\Desktop\ComboFix.exe
2015-02-05 00:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-05 00:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-05 00:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-05 00:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-05 00:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-05 00:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-05 00:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-05 00:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-05 00:16 - 2015-02-05 01:05 - 00000000 ____D () C:\Qoobox
2015-02-05 00:16 - 2015-02-05 01:04 - 00000000 ____D () C:\Windows\erdnt
2015-02-05 00:10 - 2015-02-05 00:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-04 11:06 - 2015-02-05 11:33 - 00000000 ____D () C:\Users\Tyrion Lannister\Desktop\Viren
2015-02-04 10:35 - 2015-02-05 11:33 - 00000000 ____D () C:\FRST
2015-02-04 10:21 - 2015-02-05 11:19 - 00000000 ____D () C:\AdwCleaner
2015-02-04 10:20 - 2015-02-04 10:20 - 02194432 _____ () C:\Users\Tyrion Lannister\Desktop\AdwCleaner_4.109.exe
2015-02-03 13:03 - 2015-02-03 13:03 - 00001115 _____ () C:\Users\Tyrion Lannister\Desktop\Driver Genius Professional Edition.lnk
2015-02-03 13:03 - 2015-02-03 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
2015-02-03 01:46 - 2015-02-03 01:46 - 16032147 _____ (Written by Alexander Herzog) C:\Users\Tyrion Lannister\Desktop\D-Fend-Reloaded-1.4.1-Setup.exe
2015-02-01 11:34 - 2015-02-01 11:34 - 00032151 _____ () C:\Users\Tyrion Lannister\Desktop\a_charming_font.zip
2015-02-01 11:34 - 2015-02-01 11:34 - 00000000 ____D () C:\Users\Tyrion Lannister\AppData\Roaming\dlg
2015-01-31 11:40 - 2015-01-31 11:40 - 00000000 ____D () C:\ProgramData\FlashBeatData
2015-01-31 11:40 - 2015-01-27 17:31 - 00344440 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-31 11:40 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-31 11:38 - 2015-01-31 11:38 - 00432280 _____ () C:\Users\Tyrion Lannister\Desktop\ACharmingFont_downloader-Q6Sb7gh66.exe
2015-01-31 11:37 - 2015-01-31 11:37 - 00432280 _____ () C:\Users\Tyrion Lannister\Downloads\ACharmingFont_downloader-Q8Mkp4mzD.exe
2015-01-29 23:01 - 2015-01-29 23:01 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-28 10:26 - 2015-01-29 08:26 - 00000000 ____D () C:\Users\Public\Documents\Arc
2015-01-27 00:23 - 2015-01-27 00:23 - 00014464 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64.sys
2015-01-26 12:55 - 2015-01-26 12:56 - 00000000 ____D () C:\Users\Tyrion Lannister\Desktop\SEK Berlin
2015-01-14 09:45 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:45 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:45 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:45 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 09:45 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 09:45 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 09:45 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 09:45 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 09:45 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 09:45 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:45 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 09:45 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 09:45 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 11:30 - 2009-07-14 05:45 - 00026464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 11:30 - 2009-07-14 05:45 - 00026464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 11:28 - 2012-10-24 19:58 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 11:28 - 2012-10-24 19:58 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 11:28 - 2012-10-24 19:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 11:28 - 2011-12-30 17:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 11:23 - 2012-10-31 15:41 - 00000440 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-05 11:21 - 2014-09-17 15:40 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 11:21 - 2013-02-09 08:40 - 00352322 _____ () C:\Windows\PFRO.log
2015-02-05 11:21 - 2013-02-09 08:40 - 00072486 _____ () C:\Windows\setupact.log
2015-02-05 11:21 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 11:20 - 2011-12-30 15:59 - 01651557 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 10:53 - 2014-09-17 15:40 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 10:45 - 2013-08-15 21:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-05 09:48 - 2014-09-17 15:40 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 09:48 - 2014-09-17 15:40 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 01:05 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-05 01:00 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-05 00:14 - 2014-11-09 23:10 - 00000000 ____D () C:\Users\Tyrion Lannister\AppData\Roaming\Verbindungsassistent
2015-02-04 10:28 - 2014-09-17 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-04 10:28 - 2014-07-07 10:38 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-04 10:28 - 2011-12-30 16:10 - 00001017 _____ () C:\Users\Tyrion Lannister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-03 16:21 - 2012-12-05 15:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-03 11:07 - 2009-07-14 18:58 - 02799576 _____ () C:\Windows\system32\perfh007.dat
2015-02-03 11:07 - 2009-07-14 18:58 - 00806998 _____ () C:\Windows\system32\perfc007.dat
2015-02-03 11:07 - 2009-07-14 06:13 - 00006472 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 00:02 - 2012-10-20 20:37 - 00000000 ____D () C:\Users\Tyrion Lannister\AppData\Roaming\vlc
2015-02-01 22:48 - 2014-12-30 09:12 - 00067728 _____ () C:\Users\Tyrion Lannister\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-01 22:48 - 2014-12-30 09:01 - 00298008 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-31 22:48 - 2014-04-15 15:08 - 00000776 _____ () C:\Windows\system32\.crusader
2015-01-29 23:01 - 2014-05-16 11:03 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-29 23:01 - 2013-08-05 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-29 23:01 - 2013-08-05 09:41 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-26 02:59 - 2014-10-13 13:20 - 00001250 _____ () C:\Users\Tyrion Lannister\Desktop\Amazon Music.lnk
2015-01-20 08:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-15 01:24 - 2013-08-16 00:39 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 01:16 - 2011-12-30 19:02 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-06 04:36 - 2011-12-30 16:49 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2013-08-17 11:13 - 2013-08-17 11:13 - 0003584 _____ () C:\Users\Tyrion Lannister\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-01 11:15 - 2015-01-03 17:41 - 0007606 _____ () C:\Users\Tyrion Lannister\AppData\Local\Resmon.ResmonCfg
2013-08-12 18:24 - 2013-08-12 18:24 - 0005033 _____ () C:\ProgramData\mtbjfghn.xbe

Some content of TEMP:
====================
C:\Users\Tyrion Lannister\AppData\Local\Temp\avgnt.exe
C:\Users\Tyrion Lannister\AppData\Local\Temp\Quarantine.exe
C:\Users\Tyrion Lannister\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-05 09:39

==================== End Of Log ============================
--- --- ---



Hoffe, alles hat geklappt !

Alt 05.02.2015, 14:48   #8
schrauber
/// the machine
/// TB-Ausbilder
 
chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html - Standard

chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.02.2015, 22:47   #9
Lepakko
 
chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html - Standard

chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html


Der Scan lief 4 Stunden! WOW!

Es wurden knapp 50! Funde gemacht ... das hätte ich nicht gedacht ...

Da in den Voreinstellungen nichts von eliminieren stand, wurde das auch nicht gemacht. Ich hoffe, das war korrekt so.

Hier die drei Dateien, Bin gespannt, wie es jetzt weitergeht ...

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=917063ef99f35447b2e95120872ca8cd
# engine=22323
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-05 05:25:14
# local_time=2015-02-05 06:25:14 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 32964 167709292 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 64489 174786964 0 0
# scanned=354342
# found=15
# cleaned=0
# scan_time=10467
sh=09F7E118150A598AF5A5EE76C9F965714103D067 ft=1 fh=97113d41345b447d vn="Variante von Win32/Toolbar.Widgi.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ytd video downloader\ytd_installer.exe.vir"
sh=157DBB327A10FBDE8103DC73AED3F57AF5420744 ft=1 fh=036d549f0048f640 vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tyrion Lannister\AppData\Local\Temp\OptimizerPro.exe.vir"
sh=19D368106C282A58032907737B2DE92A5FBEE3C2 ft=1 fh=99a334a8429c2378 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\File System\000\t\00\00000000"
sh=19D368106C282A58032907737B2DE92A5FBEE3C2 ft=1 fh=99a334a8429c2378 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\File System\000\t\00\00000001"
sh=19D368106C282A58032907737B2DE92A5FBEE3C2 ft=1 fh=99a334a8429c2378 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Desktop\ACharmingFont_downloader-Q6Sb7gh66.exe"
sh=19D368106C282A58032907737B2DE92A5FBEE3C2 ft=1 fh=99a334a8429c2378 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Downloads\ACharmingFont_downloader-Q8Mkp4mzD.exe"
sh=91A7C4411CFDB4F1AC97F0FAF786027AE27BB84A ft=1 fh=6ff2e91813dee848 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Downloads\dffsetup-mss32.exe"
sh=8177BFD3FB603971710BAC5577476F7F6F938D24 ft=1 fh=cdff94947b8b9b03 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Downloads\Google Chrome 64 Bit - CHIP-Installer.exe"
sh=C9E4FDF62D72BC46671F92713639512A5091B5E2 ft=1 fh=04b53b4310d934bc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Downloads\HijackThis - CHIP-Downloader.exe"
sh=A06CA8D5FB5184CD37CAFDD82D6CABBAFB1813AA ft=1 fh=cb071347c12f9b9f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Downloads\Hitman Pro - CHIP-Downloader.exe"
sh=3B509A0E017981ACE33F73EC565E4EA6FD766C7C ft=1 fh=4f7e73f105435862 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Downloads\setup.exe"
sh=27C9BD6A05DA87C72B722534F115E411C53D2DC4 ft=1 fh=dd66c373406c8aae vn="Win32/Systweak.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Downloads\tamnsp_170902422295926460.exe"
sh=B3F8FE2ED9A7146AC23C31F91451D1E77BB294D0 ft=1 fh=8b04b0f87d138892 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Downloads\WinUAE - CHIP-Downloader.exe"
sh=9A27C2F7E1E6C7A7FD12BF462272F3B12A62987F ft=1 fh=c0673ebaa48749f6 vn="Win32/DomaIQ.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Downloads\9BF4tmp\jfilemanagersetup.exe"
sh=B0EDB40390FAF8395762FDDAD8D8829176DADCE0 ft=1 fh=8a8ff7b6a10d9f70 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Zusammenstellung\Cracks\FreeYouTubeDownload238.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=917063ef99f35447b2e95120872ca8cd
# engine=22326
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-05 05:36:24
# local_time=2015-02-05 06:36:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 12031 167709962 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 65159 174787634 0 0
# scanned=14498
# found=2
# cleaned=0
# scan_time=545
sh=09F7E118150A598AF5A5EE76C9F965714103D067 ft=1 fh=97113d41345b447d vn="Variante von Win32/Toolbar.Widgi.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ytd video downloader\ytd_installer.exe.vir"
sh=157DBB327A10FBDE8103DC73AED3F57AF5420744 ft=1 fh=036d549f0048f640 vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tyrion Lannister\AppData\Local\Temp\OptimizerPro.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=917063ef99f35447b2e95120872ca8cd
# engine=22326
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-05 05:41:23
# local_time=2015-02-05 06:41:23 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 12330 167710261 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 65458 174787933 0 0
# scanned=12122
# found=2
# cleaned=0
# scan_time=202
sh=09F7E118150A598AF5A5EE76C9F965714103D067 ft=1 fh=97113d41345b447d vn="Variante von Win32/Toolbar.Widgi.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ytd video downloader\ytd_installer.exe.vir"
sh=157DBB327A10FBDE8103DC73AED3F57AF5420744 ft=1 fh=036d549f0048f640 vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tyrion Lannister\AppData\Local\Temp\OptimizerPro.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=917063ef99f35447b2e95120872ca8cd
# engine=22326
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-05 09:31:56
# local_time=2015-02-05 10:31:56 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 29763 167724094 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 82891 174801766 0 0
# scanned=418724
# found=42
# cleaned=0
# scan_time=13744
sh=09F7E118150A598AF5A5EE76C9F965714103D067 ft=1 fh=97113d41345b447d vn="Variante von Win32/Toolbar.Widgi.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ytd video downloader\ytd_installer.exe.vir"
sh=157DBB327A10FBDE8103DC73AED3F57AF5420744 ft=1 fh=036d549f0048f640 vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tyrion Lannister\AppData\Local\Temp\OptimizerPro.exe.vir"
sh=19D368106C282A58032907737B2DE92A5FBEE3C2 ft=1 fh=99a334a8429c2378 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\File System\000\t\00\00000000"
sh=19D368106C282A58032907737B2DE92A5FBEE3C2 ft=1 fh=99a334a8429c2378 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\File System\000\t\00\00000001"
sh=19D368106C282A58032907737B2DE92A5FBEE3C2 ft=1 fh=99a334a8429c2378 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Desktop\ACharmingFont_downloader-Q6Sb7gh66.exe"
sh=19D368106C282A58032907737B2DE92A5FBEE3C2 ft=1 fh=99a334a8429c2378 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Downloads\ACharmingFont_downloader-Q8Mkp4mzD.exe"
sh=91A7C4411CFDB4F1AC97F0FAF786027AE27BB84A ft=1 fh=6ff2e91813dee848 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Downloads\dffsetup-mss32.exe"
sh=8177BFD3FB603971710BAC5577476F7F6F938D24 ft=1 fh=cdff94947b8b9b03 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Downloads\Google Chrome 64 Bit - CHIP-Installer.exe"
sh=C9E4FDF62D72BC46671F92713639512A5091B5E2 ft=1 fh=04b53b4310d934bc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Downloads\HijackThis - CHIP-Downloader.exe"
sh=A06CA8D5FB5184CD37CAFDD82D6CABBAFB1813AA ft=1 fh=cb071347c12f9b9f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Downloads\Hitman Pro - CHIP-Downloader.exe"
sh=3B509A0E017981ACE33F73EC565E4EA6FD766C7C ft=1 fh=4f7e73f105435862 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Downloads\setup.exe"
sh=27C9BD6A05DA87C72B722534F115E411C53D2DC4 ft=1 fh=dd66c373406c8aae vn="Win32/Systweak.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Downloads\tamnsp_170902422295926460.exe"
sh=B3F8FE2ED9A7146AC23C31F91451D1E77BB294D0 ft=1 fh=8b04b0f87d138892 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Downloads\WinUAE - CHIP-Downloader.exe"
sh=9A27C2F7E1E6C7A7FD12BF462272F3B12A62987F ft=1 fh=c0673ebaa48749f6 vn="Win32/DomaIQ.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tyrion Lannister\Downloads\9BF4tmp\jfilemanagersetup.exe"
sh=B0EDB40390FAF8395762FDDAD8D8829176DADCE0 ft=1 fh=8a8ff7b6a10d9f70 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Zusammenstellung\Cracks\FreeYouTubeDownload238.exe"
sh=C5388074F31DF07BE6C1DDEF0D762EC5A8819E77 ft=1 fh=fcf810b56806cfeb vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\01 keine Filme\FreeYouTubeToMp3Converter39.exe"
sh=64194A6AFB77530B9D8A0C62299904B96E7A192F ft=0 fh=0000000000000000 vn="Win32/Keylogger.HotKeysHook.A Virus" ac=I fn="G:\01 keine Filme\Baldurs Gate\Baldurs Gate\Throne of Bhaal\habg2tobtrainer.zip"
sh=64194A6AFB77530B9D8A0C62299904B96E7A192F ft=0 fh=0000000000000000 vn="Win32/Keylogger.HotKeysHook.A Virus" ac=I fn="G:\01 keine Filme\Baldurs Gate\BALDURS_GATE\THRONE_OF_BHAAL\HABG2TOBTRAINER.ZIP"
sh=0F937E1EEE7FDC0520891C43A4671B93D1CC1373 ft=1 fh=d3372b90102979c4 vn="Variante von Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="G:\01 keine Filme\Cracks\ps_radio2014.exe"
sh=64194A6AFB77530B9D8A0C62299904B96E7A192F ft=0 fh=0000000000000000 vn="Win32/Keylogger.HotKeysHook.A Virus" ac=I fn="G:\01 keine Filme\Cracks\Baldurs Gate\Baldurs Gate\Throne of Bhaal\habg2tobtrainer.zip"
sh=6EC9DACCC836CB59DD535B063889F24EF7760F7C ft=0 fh=0000000000000000 vn="Win32/Keylogger.HotKeysHook.A Virus" ac=I fn="G:\01 keine Filme\Cracks\Icewind Dale iesdp\idgertrn_gdm.zip"
sh=3D93502692DD329133FCC9B21F7E57FBB64425B4 ft=1 fh=3fa7790da5ec8d70 vn="Win32/Keylogger.HotKeysHook.A Virus" ac=I fn="G:\01 keine Filme\Cracks\Icewind Dale iesdp\Icewind Dale (v.ger 1.06) +01 Trainer\Icewind Dale (v.ger 1.06) +01 Trainer.exe"
sh=F42502B803A358D7F8B881F74FB3468B2ED68A63 ft=1 fh=a3574d28e369d4fe vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="G:\01 keine Filme\Cracks\Spiel\cracks\3dfallingleavesFree.exe"
sh=4BA2AEF0C7CEE3240C2649C3DF7D0FEFC9534F9E ft=1 fh=1bd42ddb9dc8d27d vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="G:\01 keine Filme\Cracks\Spiel\cracks\lightningstormFree.exe"
sh=2C048C0B8D5095B1BEE4BF62C7BFFB753AFB0001 ft=1 fh=ab160637da46873b vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="G:\01 keine Filme\Cracks\Spiel\cracks\marine2Free.exe"
sh=F85ACC6D44ED37D5C487581495CD52F644911B2B ft=1 fh=b11cb89f3457cf6c vn="Win32/Virut.NBP Virus" ac=I fn="G:\01 keine Filme\Cracks\Spiel\cracks\fallout3d\FalloutLauncher.exe"
sh=56CF3F22BFBD6F2AFE33780DDB4673BB0CB14A82 ft=0 fh=0000000000000000 vn="Win32/Virut.NBP Virus" ac=I fn="G:\01 keine Filme\Cracks\Spiel\Fallout 3\fallout3d.7z"
sh=F85ACC6D44ED37D5C487581495CD52F644911B2B ft=1 fh=b11cb89f3457cf6c vn="Win32/Virut.NBP Virus" ac=I fn="G:\01 keine Filme\Cracks\Spiel\Fallout 3\fallout3d\FalloutLauncher.exe"
sh=0F937E1EEE7FDC0520891C43A4671B93D1CC1373 ft=1 fh=d3372b90102979c4 vn="Variante von Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="H:\Programme\Programme\ps_radio2014.exe"
sh=BCEB518F8911E047E9DC5B0798B2C38B4260BFA3 ft=1 fh=28814f77d171d827 vn="MSIL/AdvancedSystemProtector.C evtl. unerwünschte Anwendung" ac=I fn="H:\Programme\Programme1\advancedfileoptimizersetup_DLL.exe"
sh=E441CAA5F2ACDCB307262B3C093698D8B0BDEEBF ft=1 fh=a7c3ffa22a32a3f2 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="H:\Programme\Programme1\dffsetup-msvcp100.exe"
sh=91A7C4411CFDB4F1AC97F0FAF786027AE27BB84A ft=1 fh=6ff2e91813dee848 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="H:\Programme\Programme1\dffsetup-msvcp110.exe"
sh=E441CAA5F2ACDCB307262B3C093698D8B0BDEEBF ft=1 fh=a7c3ffa22a32a3f2 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="H:\Programme\Programme1\dffsetup-msvcr100(1).exe"
sh=E441CAA5F2ACDCB307262B3C093698D8B0BDEEBF ft=1 fh=a7c3ffa22a32a3f2 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="H:\Programme\Programme1\dffsetup-msvcr100.exe"
sh=82190B4D6FA75122DE98B618B9AF4FA62387335A ft=1 fh=aa39f65fc0e592cf vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="H:\Programme\Programme1\driverupdater.exe"
sh=58FEE62F62989992D9253081F1E81E57E263A542 ft=1 fh=bee32825d80b0b84 vn="Variante von Win32/ExpressFiles.B evtl. unerwünschte Anwendung" ac=I fn="H:\Programme\Programme1\driver_genius_12_keygen_freedownload_downloader.exe"
sh=0CDDE2488B3ABD188887512E8D35A6B8423ECED9 ft=1 fh=4f114cfa0b083bda vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="H:\Programme\Programme1\FinalTorrent2012Setup.exe"
sh=A67FDB4F870C986FEDB416CFD4C81EF77BC68935 ft=1 fh=17a4c95e3f76eb37 vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="H:\Programme\Programme1\hamsterfreevideoconverter.exe"
sh=69E6E94FCF6140F26D35DBB0BE436CDE5CB8DD5B ft=1 fh=9c24b55202cadffe vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="H:\Programme\Programme1\rcpsetup_2005.exe"
sh=239EB0C5C33541261F142F9F65E393BFBA6823F4 ft=1 fh=a2b9d62d392608e9 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="H:\Programme\Programme1\setup.exe"
sh=8BE4C277A62F2400C3B0A20F39297D310774E2AC ft=1 fh=d69c639933d87dfe vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="H:\Programme\Programme1\Setup21_FreeConverter.exe"
sh=970F23BADC40DAD33CCC44F5DE61C96772D75243 ft=1 fh=c8e8069dc05679a3 vn="Variante von Win32/ExpressDownloader.H evtl. unerwünschte Anwendung" ac=I fn="H:\Programme\Programme1\Tuneup_Utilities_2014_downloader_de_252.exe"
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.95  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities 2014   
 TuneUp Utilities Language Pack (de-DE) 
 TuneUp Utilities 2014 (de-DE)  
 TuneUp Utilities 2014   
 Java 2 Runtime Environment Standard Edition v1.3 
 Java 7 Update 9  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox 32.0.3 Firefox out of Date!  
 Google Chrome (40.0.2214.93) 
 Google Chrome (40.0.2214.94) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Tyrion Lannister (administrator) on ARBEITSZIMMER on 05-02-2015 22:40:35
Running from C:\Users\Tyrion Lannister\Desktop\Viren
Loaded Profiles: Tyrion Lannister (Available profiles: Tyrion Lannister)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
() C:\Users\Tyrion Lannister\AppData\Local\Amazon Music\Amazon Music Helper.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Arc] => C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe [416080 2015-01-08] (Perfect World Entertainment)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1453844191-4196955726-2398730128-1000\...\Run: [Amazon Music] => C:\Users\Tyrion Lannister\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
BootExecute: autocheck autochk * ????????? ????????

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1453844191-4196955726-2398730128-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1453844191-4196955726-2398730128-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @gametap.com/npdd,version=1.0 -> C:\Program Files (x86)\Downloader\npdd.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1453844191-4196955726-2398730128-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\searchplugins\google-maps.xml
FF Extension: Avira Browser Safety - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\abs@avira.com [2014-11-21]
FF Extension: DownloadHelper - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Cliqz Beta - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\cliqz@cliqz.com.xpi [2014-09-18]
FF Extension: Ghostery - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\firefox@ghostery.com.xpi [2014-07-07]
FF Extension: Strict Pop-up Blocker - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2014-07-07]
FF Extension: NoScript - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-07]
FF Extension: Adblock Plus - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-07]
FF Extension: DownThemAll! - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-07-07]
FF HKU\S-1-5-21-1453844191-4196955726-2398730128-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\extensions\cliqz@cliqz.com
FF Extension: No Name - C:\Users\Tyrion Lannister\AppData\Roaming\Mozilla\Firefox\Profiles\j1wx7dxm.default\extensions\faststartff@gmail.com [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1422700771&from=cvs5&uid=395049983_1052499_A086D6BD
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1422700771&from=cvs5&uid=395049983_1052499_A086D6BD"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Google Slides) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-17]
CHR Extension: (Google Docs) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-17]
CHR Extension: (Google Drive) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-18]
CHR Extension: (YouTube) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17]
CHR Extension: (Google Search) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-17]
CHR Extension: (Google Sheets) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-17]
CHR Extension: (Avira Browser Safety) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-05]
CHR Extension: (Google Wallet) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-17]
CHR Extension: (Gmail) - C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-11-09] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-04] (Avira Operations GmbH & Co. KG)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2015-01-08] (Perfect World Entertainment Inc)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-10] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSSQL$BWDATOOLSET; C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-25] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WTGService; C:\Program Files (x86)\Verbindungsassistent\WTGService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [29696 2014-11-09] (Huawei Tech. Co., Ltd.)
S3 Huawei; C:\Windows\SysWOW64\DRIVERS\ewdcsc.sys [29696 2014-11-09] (Huawei Tech. Co., Ltd.)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [115328 2008-07-24] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 22:39 - 2015-02-05 22:39 - 00001304 _____ () C:\Users\Tyrion Lannister\Desktop\checkup.txt
2015-02-05 22:35 - 2015-02-05 22:35 - 00852573 _____ () C:\Users\Tyrion Lannister\Downloads\SecurityCheck.exe
2015-02-05 22:35 - 2015-02-05 22:35 - 00852573 _____ () C:\Users\Tyrion Lannister\Desktop\SecurityCheck.exe
2015-02-05 10:45 - 2015-02-05 22:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 10:45 - 2015-02-05 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-05 10:45 - 2015-02-05 10:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-05 10:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-05 10:45 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-05 10:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-05 01:48 - 2015-02-05 01:48 - 00000000 ____D () C:\Users\Tyrion Lannister\Desktop\Colani
2015-02-05 01:05 - 2015-02-05 01:05 - 00038451 _____ () C:\ComboFix.txt
2015-02-05 00:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-05 00:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-05 00:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-05 00:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-05 00:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-05 00:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-05 00:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-05 00:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-05 00:16 - 2015-02-05 01:05 - 00000000 ____D () C:\Qoobox
2015-02-05 00:16 - 2015-02-05 01:04 - 00000000 ____D () C:\Windows\erdnt
2015-02-05 00:10 - 2015-02-05 00:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-04 11:06 - 2015-02-05 22:40 - 00000000 ____D () C:\Users\Tyrion Lannister\Desktop\Viren
2015-02-04 10:35 - 2015-02-05 22:40 - 00000000 ____D () C:\FRST
2015-02-04 10:21 - 2015-02-05 11:19 - 00000000 ____D () C:\AdwCleaner
2015-02-03 13:03 - 2015-02-03 13:03 - 00001115 _____ () C:\Users\Tyrion Lannister\Desktop\Driver Genius Professional Edition.lnk
2015-02-03 13:03 - 2015-02-03 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
2015-02-03 01:46 - 2015-02-03 01:46 - 16032147 _____ (Written by Alexander Herzog) C:\Users\Tyrion Lannister\Desktop\D-Fend-Reloaded-1.4.1-Setup.exe
2015-02-01 11:34 - 2015-02-01 11:34 - 00032151 _____ () C:\Users\Tyrion Lannister\Desktop\a_charming_font.zip
2015-02-01 11:34 - 2015-02-01 11:34 - 00000000 ____D () C:\Users\Tyrion Lannister\AppData\Roaming\dlg
2015-01-31 11:40 - 2015-01-31 11:40 - 00000000 ____D () C:\ProgramData\FlashBeatData
2015-01-31 11:40 - 2015-01-27 17:31 - 00344440 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-31 11:40 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-31 11:38 - 2015-01-31 11:38 - 00432280 _____ () C:\Users\Tyrion Lannister\Desktop\ACharmingFont_downloader-Q6Sb7gh66.exe
2015-01-31 11:37 - 2015-01-31 11:37 - 00432280 _____ () C:\Users\Tyrion Lannister\Downloads\ACharmingFont_downloader-Q8Mkp4mzD.exe
2015-01-29 23:01 - 2015-01-29 23:01 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-28 10:26 - 2015-01-29 08:26 - 00000000 ____D () C:\Users\Public\Documents\Arc
2015-01-27 00:23 - 2015-01-27 00:23 - 00014464 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64.sys
2015-01-26 12:55 - 2015-01-26 12:56 - 00000000 ____D () C:\Users\Tyrion Lannister\Desktop\SEK Berlin
2015-01-14 09:45 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:45 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:45 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:45 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 09:45 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 09:45 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 09:45 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 09:45 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 09:45 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 09:45 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:45 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 09:45 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 09:45 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 22:28 - 2012-10-24 19:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 22:17 - 2011-12-30 15:59 - 01677726 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 21:53 - 2014-09-17 15:40 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 18:45 - 2009-07-14 18:58 - 02843202 _____ () C:\Windows\system32\perfh007.dat
2015-02-05 18:45 - 2009-07-14 18:58 - 00820552 _____ () C:\Windows\system32\perfc007.dat
2015-02-05 18:45 - 2009-07-14 06:13 - 00006472 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 18:19 - 2012-10-31 15:41 - 00000440 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-05 18:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-05 17:49 - 2012-10-20 20:37 - 00000000 ____D () C:\Users\Tyrion Lannister\AppData\Roaming\vlc
2015-02-05 13:09 - 2009-07-14 05:45 - 00026464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 13:09 - 2009-07-14 05:45 - 00026464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 13:00 - 2014-09-17 15:40 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 13:00 - 2013-02-09 08:40 - 00072542 _____ () C:\Windows\setupact.log
2015-02-05 13:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 12:28 - 2012-10-24 19:58 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 12:28 - 2012-10-24 19:58 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 12:28 - 2011-12-30 17:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 11:21 - 2013-02-09 08:40 - 00352322 _____ () C:\Windows\PFRO.log
2015-02-05 10:45 - 2013-08-15 21:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-05 09:48 - 2014-09-17 15:40 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 09:48 - 2014-09-17 15:40 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 01:05 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-05 01:00 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-05 00:14 - 2014-11-09 23:10 - 00000000 ____D () C:\Users\Tyrion Lannister\AppData\Roaming\Verbindungsassistent
2015-02-04 10:28 - 2014-09-17 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-04 10:28 - 2014-07-07 10:38 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-04 10:28 - 2011-12-30 16:10 - 00001017 _____ () C:\Users\Tyrion Lannister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-03 16:21 - 2012-12-05 15:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-01 22:48 - 2014-12-30 09:12 - 00067728 _____ () C:\Users\Tyrion Lannister\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-01 22:48 - 2014-12-30 09:01 - 00298008 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-31 22:48 - 2014-04-15 15:08 - 00000776 _____ () C:\Windows\system32\.crusader
2015-01-29 23:01 - 2014-05-16 11:03 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-29 23:01 - 2013-08-05 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-29 23:01 - 2013-08-05 09:41 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-26 02:59 - 2014-10-13 13:20 - 00001250 _____ () C:\Users\Tyrion Lannister\Desktop\Amazon Music.lnk
2015-01-15 01:24 - 2013-08-16 00:39 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 01:16 - 2011-12-30 19:02 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-06 04:36 - 2011-12-30 16:49 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2013-08-17 11:13 - 2013-08-17 11:13 - 0003584 _____ () C:\Users\Tyrion Lannister\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-01 11:15 - 2015-01-03 17:41 - 0007606 _____ () C:\Users\Tyrion Lannister\AppData\Local\Resmon.ResmonCfg
2013-08-12 18:24 - 2013-08-12 18:24 - 0005033 _____ () C:\ProgramData\mtbjfghn.xbe

Some content of TEMP:
====================
C:\Users\Tyrion Lannister\AppData\Local\Temp\avgnt.exe
C:\Users\Tyrion Lannister\AppData\Local\Temp\Quarantine.exe
C:\Users\Tyrion Lannister\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-05 09:39

==================== End Of Log ============================
--- --- ---
Alt 06.02.2015, 09:18   #10
schrauber
/// the machine
/// TB-Ausbilder
 
chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html - Standard

chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html


Java und Firefox updaten. Überrachen dich die 50 Funde wirklich? Bei dem ganzen Crack-Scheiss auf der Platte?


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\File System\000\t\00\00000000

C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\File System\000\t\00\00000001

C:\Users\Tyrion Lannister\Desktop\ACharmingFont_downloader-Q6Sb7gh66.exe

C:\Users\Tyrion Lannister\Downloads\ACharmingFont_downloader-Q8Mkp4mzD.exe

C:\Users\Tyrion Lannister\Downloads\dffsetup-mss32.exe

C:\Users\Tyrion Lannister\Downloads\Google Chrome 64 Bit - CHIP-Installer.exe

C:\Users\Tyrion Lannister\Downloads\HijackThis - CHIP-Downloader.exe

C:\Users\Tyrion Lannister\Downloads\Hitman Pro - CHIP-Downloader.exe

C:\Users\Tyrion Lannister\Downloads\setup.exe

C:\Users\Tyrion Lannister\Downloads\tamnsp_170902422295926460.exe

C:\Users\Tyrion Lannister\Downloads\WinUAE - CHIP-Downloader.exe

C:\Users\Tyrion Lannister\Downloads\9BF4tmp\jfilemanagersetup.exe

C:\Zusammenstellung\Cracks\FreeYouTubeDownload238.exe

G:\01 keine Filme\FreeYouTubeToMp3Converter39.exe

G:\01 keine Filme\Baldurs Gate\Baldurs Gate\Throne of Bhaal\habg2tobtrainer.zip

G:\01 keine Filme\Baldurs Gate\BALDURS_GATE\THRONE_OF_BHAAL\HABG2TOBTRAINER.ZIP

G:\01 keine Filme\Cracks\ps_radio2014.exe

G:\01 keine Filme\Cracks\Baldurs Gate\Baldurs Gate\Throne of Bhaal\habg2tobtrainer.zip

G:\01 keine Filme\Cracks\Icewind Dale iesdp\idgertrn_gdm.zip

G:\01 keine Filme\Cracks\Icewind Dale iesdp\Icewind Dale (v.ger 1.06) +01 Trainer\Icewind Dale (v.ger 1.06) +01 Trainer.exe

G:\01 keine Filme\Cracks\Spiel\cracks\3dfallingleavesFree.exe

G:\01 keine Filme\Cracks\Spiel\cracks\lightningstormFree.exe

G:\01 keine Filme\Cracks\Spiel\cracks\marine2Free.exe

G:\01 keine Filme\Cracks\Spiel\cracks\fallout3d\FalloutLauncher.exe

G:\01 keine Filme\Cracks\Spiel\Fallout 3\fallout3d.7z

G:\01 keine Filme\Cracks\Spiel\Fallout 3\fallout3d\FalloutLauncher.exe

H:\Programme\Programme\ps_radio2014.exe

H:\Programme\Programme1\advancedfileoptimizersetup_DLL.exe

H:\Programme\Programme1\dffsetup-msvcp100.exe

H:\Programme\Programme1\dffsetup-msvcp110.exe

H:\Programme\Programme1\dffsetup-msvcr100(1).exe

H:\Programme\Programme1\dffsetup-msvcr100.exe

H:\Programme\Programme1\driverupdater.exe

H:\Programme\Programme1\driver_genius_12_keygen_freedownload_downloader.exe

H:\Programme\Programme1\FinalTorrent2012Setup.exe

H:\Programme\Programme1\hamsterfreevideoconverter.exe

H:\Programme\Programme1\rcpsetup_2005.exe

H:\Programme\Programme1\setup.exe

H:\Programme\Programme1\Setup21_FreeConverter.exe

H:\Programme\Programme1\Tuneup_Utilities_2014_downloader_de_252.exe
BootExecute: autocheck autochk * ????????? ????????
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.02.2015, 10:28   #11
Lepakko
 
chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html - Standard

chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html


Tja, so ist das, wenn man einen gebrauchten PC von einem Twen kauft :-(

Die Deinstallation von Combofix konnte ich nicht umsetzen, "Programm nicht gefunden" kam als Abbruchgrund.

Hier die Logdatei:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01
Ran by Tyrion Lannister at 2015-02-06 10:18:04 Run:1
Running from C:\Users\Tyrion Lannister\Desktop\Viren
Loaded Profiles: Tyrion Lannister (Available profiles: Tyrion Lannister)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\File System\000\t\00\00000000

C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\File System\000\t\00\00000001

C:\Users\Tyrion Lannister\Desktop\ACharmingFont_downloader-Q6Sb7gh66.exe

C:\Users\Tyrion Lannister\Downloads\ACharmingFont_downloader-Q8Mkp4mzD.exe

C:\Users\Tyrion Lannister\Downloads\dffsetup-mss32.exe

C:\Users\Tyrion Lannister\Downloads\Google Chrome 64 Bit - CHIP-Installer.exe

C:\Users\Tyrion Lannister\Downloads\HijackThis - CHIP-Downloader.exe

C:\Users\Tyrion Lannister\Downloads\Hitman Pro - CHIP-Downloader.exe

C:\Users\Tyrion Lannister\Downloads\setup.exe

C:\Users\Tyrion Lannister\Downloads\tamnsp_170902422295926460.exe

C:\Users\Tyrion Lannister\Downloads\WinUAE - CHIP-Downloader.exe

C:\Users\Tyrion Lannister\Downloads\9BF4tmp\jfilemanagersetup.exe

C:\Zusammenstellung\Cracks\FreeYouTubeDownload238.exe

G:\01 keine Filme\FreeYouTubeToMp3Converter39.exe

G:\01 keine Filme\Baldurs Gate\Baldurs Gate\Throne of Bhaal\habg2tobtrainer.zip

G:\01 keine Filme\Baldurs Gate\BALDURS_GATE\THRONE_OF_BHAAL\HABG2TOBTRAINER.ZIP

G:\01 keine Filme\Cracks\ps_radio2014.exe

G:\01 keine Filme\Cracks\Baldurs Gate\Baldurs Gate\Throne of Bhaal\habg2tobtrainer.zip

G:\01 keine Filme\Cracks\Icewind Dale iesdp\idgertrn_gdm.zip

G:\01 keine Filme\Cracks\Icewind Dale iesdp\Icewind Dale (v.ger 1.06) +01 Trainer\Icewind Dale (v.ger 1.06) +01 Trainer.exe

G:\01 keine Filme\Cracks\Spiel\cracks\3dfallingleavesFree.exe

G:\01 keine Filme\Cracks\Spiel\cracks\lightningstormFree.exe

G:\01 keine Filme\Cracks\Spiel\cracks\marine2Free.exe

G:\01 keine Filme\Cracks\Spiel\cracks\fallout3d\FalloutLauncher.exe

G:\01 keine Filme\Cracks\Spiel\Fallout 3\fallout3d.7z

G:\01 keine Filme\Cracks\Spiel\Fallout 3\fallout3d\FalloutLauncher.exe

H:\Programme\Programme\ps_radio2014.exe

H:\Programme\Programme1\advancedfileoptimizersetup_DLL.exe

H:\Programme\Programme1\dffsetup-msvcp100.exe

H:\Programme\Programme1\dffsetup-msvcp110.exe

H:\Programme\Programme1\dffsetup-msvcr100(1).exe

H:\Programme\Programme1\dffsetup-msvcr100.exe

H:\Programme\Programme1\driverupdater.exe

H:\Programme\Programme1\driver_genius_12_keygen_freedownload_downloader.exe

H:\Programme\Programme1\FinalTorrent2012Setup.exe

H:\Programme\Programme1\hamsterfreevideoconverter.exe

H:\Programme\Programme1\rcpsetup_2005.exe

H:\Programme\Programme1\setup.exe

H:\Programme\Programme1\Setup21_FreeConverter.exe

H:\Programme\Programme1\Tuneup_Utilities_2014_downloader_de_252.exe
BootExecute: autocheck autochk * ????????? ????????
Emptytemp:
*****************

"C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\File System\000\t\00\00000000" => File/Directory not found.
"C:\Users\Tyrion Lannister\AppData\Local\Google\Chrome\User Data\default\File System\000\t\00\00000001" => File/Directory not found.
"C:\Users\Tyrion Lannister\Desktop\ACharmingFont_downloader-Q6Sb7gh66.exe" => File/Directory not found.
"C:\Users\Tyrion Lannister\Downloads\ACharmingFont_downloader-Q8Mkp4mzD.exe" => File/Directory not found.
"C:\Users\Tyrion Lannister\Downloads\dffsetup-mss32.exe" => File/Directory not found.
"C:\Users\Tyrion Lannister\Downloads\Google Chrome 64 Bit - CHIP-Installer.exe" => File/Directory not found.
"C:\Users\Tyrion Lannister\Downloads\HijackThis - CHIP-Downloader.exe" => File/Directory not found.
"C:\Users\Tyrion Lannister\Downloads\Hitman Pro - CHIP-Downloader.exe" => File/Directory not found.
"C:\Users\Tyrion Lannister\Downloads\setup.exe" => File/Directory not found.
"C:\Users\Tyrion Lannister\Downloads\tamnsp_170902422295926460.exe" => File/Directory not found.
"C:\Users\Tyrion Lannister\Downloads\WinUAE - CHIP-Downloader.exe" => File/Directory not found.
"C:\Users\Tyrion Lannister\Downloads\9BF4tmp\jfilemanagersetup.exe" => File/Directory not found.
"C:\Zusammenstellung\Cracks\FreeYouTubeDownload238.exe" => File/Directory not found.
"G:\01 keine Filme\FreeYouTubeToMp3Converter39.exe" => File/Directory not found.
"G:\01 keine Filme\Baldurs Gate\Baldurs Gate\Throne of Bhaal\habg2tobtrainer.zip" => File/Directory not found.
"G:\01 keine Filme\Baldurs Gate\BALDURS_GATE\THRONE_OF_BHAAL\HABG2TOBTRAINER.ZIP" => File/Directory not found.
"G:\01 keine Filme\Cracks\ps_radio2014.exe" => File/Directory not found.
"G:\01 keine Filme\Cracks\Baldurs Gate\Baldurs Gate\Throne of Bhaal\habg2tobtrainer.zip" => File/Directory not found.
"G:\01 keine Filme\Cracks\Icewind Dale iesdp\idgertrn_gdm.zip" => File/Directory not found.
"G:\01 keine Filme\Cracks\Icewind Dale iesdp\Icewind Dale (v.ger 1.06) +01 Trainer\Icewind Dale (v.ger 1.06) +01 Trainer.exe" => File/Directory not found.
"G:\01 keine Filme\Cracks\Spiel\cracks\3dfallingleavesFree.exe" => File/Directory not found.
"G:\01 keine Filme\Cracks\Spiel\cracks\lightningstormFree.exe" => File/Directory not found.
"G:\01 keine Filme\Cracks\Spiel\cracks\marine2Free.exe" => File/Directory not found.
"G:\01 keine Filme\Cracks\Spiel\cracks\fallout3d\FalloutLauncher.exe" => File/Directory not found.
"G:\01 keine Filme\Cracks\Spiel\Fallout 3\fallout3d.7z" => File/Directory not found.
"G:\01 keine Filme\Cracks\Spiel\Fallout 3\fallout3d\FalloutLauncher.exe" => File/Directory not found.
"H:\Programme\Programme\ps_radio2014.exe" => File/Directory not found.
"H:\Programme\Programme1\advancedfileoptimizersetup_DLL.exe" => File/Directory not found.
"H:\Programme\Programme1\dffsetup-msvcp100.exe" => File/Directory not found.
"H:\Programme\Programme1\dffsetup-msvcp110.exe" => File/Directory not found.
"H:\Programme\Programme1\dffsetup-msvcr100(1).exe" => File/Directory not found.
"H:\Programme\Programme1\dffsetup-msvcr100.exe" => File/Directory not found.
"H:\Programme\Programme1\driverupdater.exe" => File/Directory not found.
"H:\Programme\Programme1\driver_genius_12_keygen_freedownload_downloader.exe" => File/Directory not found.
"H:\Programme\Programme1\FinalTorrent2012Setup.exe" => File/Directory not found.
"H:\Programme\Programme1\hamsterfreevideoconverter.exe" => File/Directory not found.
"H:\Programme\Programme1\rcpsetup_2005.exe" => File/Directory not found.
"H:\Programme\Programme1\setup.exe" => File/Directory not found.
"H:\Programme\Programme1\Setup21_FreeConverter.exe" => File/Directory not found.
"H:\Programme\Programme1\Tuneup_Utilities_2014_downloader_de_252.exe" => File/Directory not found.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
EmptyTemp: => Removed 30.3 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 10:18:10 ====
Auf ein Neues!

Alt 06.02.2015, 13:23   #12
schrauber
/// the machine
/// TB-Ausbilder
 
chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html - Standard

chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html


Wo liegt denn die Combofix.exe bei Dir?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.02.2015, 13:40   #13
Lepakko
 
chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html - Standard

chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html


In einem Ordner auf dem Desktop. Zumindest die Datei, die ich heruntergeladen habe. also vermutlich die "uninstallierte" Version.

Alt 06.02.2015, 19:21   #14
schrauber
/// the machine
/// TB-Ausbilder
 
chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html - Standard

chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html


Warum in einem Ordner wenn in der Anleitung steht auf dem Desktop speichern?

Schieb sie auf den Desktop, dann nochmal Combofix /Uninstall versuchen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.02.2015, 20:30   #15
Lepakko
 
chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html - Standard

chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html


Gut.
1. Combofix auf den Desktop kopiert.
2. Original im Ordner gelöscht.
2. Ausführen: Combofix /Uninstall (genau so, Mit Großschreibung und Leerzeichen vor dem Slash) . Ergebnis: Datei kann nicht gefunden werden.

Frage: Was nun?

Antwort
Seite 1 von 2 1 2

Themen zu chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html
ahnung, chrome, festgestellt, gestellt, hilfe, hoffe, häufig, kurzem, umgang, wenig, öffnet


« NAch Avira Scan: Virus Funde in Archiven können nicht repariert werden! | win32:Evo-gen (Susp) »


Ähnliche Themen: chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html


  1. Windows 7: Verschiedene Virenmeldungen: ADWARE/FDealPly.I - HTML/FCrypted.Gen - HTML/FExpKit.Gen3
    Log-Analyse und Auswertung - 26.04.2015 (11)
  2. Win 7 chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html
    Log-Analyse und Auswertung - 09.04.2015 (21)
  3. Neuerdings erscheint folgende Meldung: chrome-extension://nafaimnnclfjfedmmabolbppcngeolgf/newtab/newtab-hp.html
    Plagegeister aller Art und deren Bekämpfung - 16.03.2015 (7)
  4. Hilfe ich habe mir was gefangen:chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html
    Log-Analyse und Auswertung - 16.01.2015 (17)
  5. Virusbefall und Trojaner entfernt jetzt kommt immer als Startseite: resource://firefox.abs.avira.com/html/blocked.html
    Plagegeister aller Art und deren Bekämpfung - 28.12.2014 (3)
  6. Windows 7: resource://firefox.abs.avira.com/html/blocked.html
    Log-Analyse und Auswertung - 16.12.2014 (9)
  7. resource://firefox.abs.avira.com/html/blocked.html
    Log-Analyse und Auswertung - 10.11.2014 (10)
  8. resource://firefox.abs.avira.com/html/blocked.html
    Plagegeister aller Art und deren Bekämpfung - 07.11.2014 (13)
  9. Bei Firefox start -> resource://firefox.abs.avira.com/html/blocked.html
    Log-Analyse und Auswertung - 21.09.2014 (9)
  10. resource://firefox.abs.avira.com/html/blocked.html
    Log-Analyse und Auswertung - 08.09.2014 (11)
  11. Virenfund !! HTML Scriptvirus HTML/Dldr.Dawn.X1 Was tun?
    Plagegeister aller Art und deren Bekämpfung - 19.11.2011 (25)
  12. TR/Kazy.12044.psa und HTML Scriptvirus HTML/Infected.WebPage.Gen
    Plagegeister aller Art und deren Bekämpfung - 14.02.2011 (1)
  13. Wie entferne ich HTML-Scriptvirus HTML/Drop.Agent.AB & W32/Ramnit.A
    Plagegeister aller Art und deren Bekämpfung - 10.12.2010 (32)
  14. Virenusbefall ? HTML/Rce.Gen und HTML/Infected.WebPage.Gen2
    Plagegeister aller Art und deren Bekämpfung - 22.09.2010 (4)
  15. TR/Agent.AR,TR/Click.Klik,HEUR/HTML.Malware,HTML/Crypted.Gen, dwwin.exe, drwtsu32.exe
    Plagegeister aller Art und deren Bekämpfung - 25.05.2010 (1)
  16. TR/Rootkit.Gen & HTML/Infected.WebPage.Gen' & HEUR/HTML.Malware gefunden
    Log-Analyse und Auswertung - 25.06.2009 (31)
  17. Antivir Update funktioniert nicht (HTML/IFrame.Age.tih & HEUR/Exploit.HTML gefunden)
    Plagegeister aller Art und deren Bekämpfung - 05.12.2007 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html - Hallo allerseits, seit kurzem öffnet sich Chrome bei mir mit der o.g. genannten Seite. Ich habe mich ein wenig belesen und dabei festgestellt, daß das ein offenbar häufig auftretendes Phenomän - chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html...
Archiv
Du betrachtest: chrome-extension://flliilndjeohchalpbbcdekjklbdgfkk/html/blocked.html auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131