Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   db22.exe kann nicht entfernt werden (https://www.trojaner-board.de/162836-db22-exe-entfernt.html)

Ifrit91 16.01.2015 11:08
db22.exe kann nicht entfernt werden
 
hallo ich brauch dringens hilfe......bitte um schnellen rat :) danke


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Stormer (administrator) on STORMER-PC on 16-01-2015 10:51:07
Running from C:\Users\Stormer\Desktop
Loaded Profiles: Stormer & UpdatusUser (Available profiles: Stormer & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Spanisch (Spanien, internationale Sortierung)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\010\ackaxfnrcw32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\MPK\lsynchost.exe
() C:\Windows\SysWOW64\MPK\lsynchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(BitTorrent Inc.) C:\Users\Stormer\AppData\Roaming\BitTorrent\BitTorrent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2472048 2010-08-11] (VIA)
HKLM-x32\...\Run: [mbot_de_352] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1684227235-1697619234-988528933-1000\...\Run: [BitTorrent] => C:\Users\Stormer\AppData\Roaming\BitTorrent\BitTorrent.exe [1388888 2014-11-26] (BitTorrent Inc.)
HKU\S-1-5-21-1684227235-1697619234-988528933-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1684227235-1697619234-988528933-1001\...\Run: [BitTorrent] => C:\Users\Stormer\AppData\Roaming\BitTorrent\BitTorrent.exe [1388888 2014-11-26] (BitTorrent Inc.)
HKU\S-1-5-21-1684227235-1697619234-988528933-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}
HKU\S-1-5-21-1684227235-1697619234-988528933-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}
HKU\S-1-5-21-1684227235-1697619234-988528933-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX
HKU\S-1-5-21-1684227235-1697619234-988528933-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1684227235-1697619234-988528933-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX
HKU\S-1-5-21-1684227235-1697619234-988528933-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}
HKU\S-1-5-21-1684227235-1697619234-988528933-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt66vmjNGZQt3rUPUUfyGWX1_FrQBcAd1FwG3OTSwySepxoqXSoa_tNWMblsIUk2NPII-bP0D-WlbhLO7CIeZe9wOvYYqukIH8UDPIaZcJShyB_fkw9PijrrGMwgWOzj
HKU\S-1-5-21-1684227235-1697619234-988528933-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt66vmjNGZQt3rUPUUfyGWX1_FrQBcAd1FwG3OTSwySepxoqXSoa_tNWMblsIUk2NP5Bsj710YyhYTcjkN5s5oW_2JpcxrWkDumd9Io6naijGWGDGLnMgEEYppvMl9cP&q={searchTerms}
HKU\S-1-5-21-1684227235-1697619234-988528933-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt66vmjNGZQt3rUPUUfyGWX1_FrQBcAd1FwG3OTSwySepxoqXSoa_tNWMblsIUk2NP5Bsj710YyhYTcjkN5s5oW_2JpcxrWkDumd9Io6naijGWGDGLnMgEEYppvMl9cP&q={searchTerms}
HKU\S-1-5-21-1684227235-1697619234-988528933-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX
SearchScopes: HKU\S-1-5-21-1684227235-1697619234-988528933-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1684227235-1697619234-988528933-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1684227235-1697619234-988528933-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt66vmjNGZQt3rUPUUfyGWX1_FrQBcAd1FwG3OTSwySepxoqXSoa_tNWMblsIUk2NP5Bsj710YyhYTcjkN5s5oW_2JpcxrWkDumd9Io6naijGWGDGLnMgEEYppvMl9cP&q={searchTerms}
BHO: No Name -> {426afe3a-6103-4d08-939a-867e7ccb1696} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {E6D66045-F951-4DBF-962E-993B4FB6A9E0} -> C:\Users\Stormer\AppData\LocalLow\IE-BHO\bho.dll ()
Hosts: 54.225.95.126        fhajokkdlhllmgenmniigcnlefjakobn
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: Avira Browser Safety - C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Avira SafeSearch - C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\Extensions\safesearch@avira.com [2014-12-04]
FF Extension: Download videos and MP3s from YouTube - C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-09-29]
FF Extension: ProxTube - C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\Extensions\ich@maltegoetz.de.xpi [2014-09-29]
FF Extension: Adblock Edge - C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-04]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-1684227235-1697619234-988528933-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-09-29]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-27]
CHR Extension: (Google Docs) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-27]
CHR Extension: (Google Drive) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-27]
CHR Extension: (YouTube) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-27]
CHR Extension: (Google Search) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-27]
CHR Extension: (Google Sheets) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-27]
CHR Extension: (Avira Browser Safety) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2014-12-10]
CHR Extension: (Google Wallet) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-27]
CHR Extension: (Amazon) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj [2014-12-05]
CHR Extension: (Gmail) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-27]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Stormer\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ackaxfnrcw32; C:\Program Files\010\ackaxfnrcw32.exe [682992 2014-11-26] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 MainLSyncHost; c:\windows\syswow64\mpk\lsynchost.exe [1695544 2014-08-11] ()
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-26] (Electronic Arts)
R2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [91304 2015-01-12] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-02] (Disc Soft Ltd)
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 10:51 - 2015-01-16 10:51 - 00018463 _____ () C:\Users\Stormer\Desktop\FRST.txt
2015-01-16 10:42 - 2015-01-16 10:51 - 00000000 ____D () C:\FRST
2015-01-16 10:41 - 2015-01-16 10:41 - 02125312 _____ (Farbar) C:\Users\Stormer\Desktop\FRST64.exe
2015-01-11 06:16 - 2015-01-11 06:16 - 00203724 _____ () C:\Users\Stormer\Downloads\Neelix - Left Behind by neelix on SoundCloud - Hear the world’s sounds.htm
2015-01-11 06:16 - 2015-01-11 06:16 - 00000000 ____D () C:\Users\Stormer\Downloads\Neelix - Left Behind by neelix on SoundCloud - Hear the world’s sounds-Dateien
2015-01-11 02:53 - 2015-01-11 02:53 - 00262144 _____ () C:\Windows\Minidump\011115-20984-01.dmp
2015-01-11 02:53 - 2015-01-11 02:53 - 00000000 ____D () C:\Windows\Minidump
2014-12-30 10:09 - 2014-12-30 10:09 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-12-30 10:09 - 2014-12-30 10:09 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2014-12-30 10:09 - 2014-12-30 10:09 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-12-30 10:09 - 2014-12-30 10:09 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2014-12-26 18:08 - 2014-12-26 18:08 - 01054912 _____ (Adobe) C:\Users\Stormer\Downloads\install_flashplayer16x32au_mssd_aaa_aih.exe
2014-12-26 16:40 - 2015-01-16 09:01 - 00003022 _____ () C:\Windows\setupact.log
2014-12-26 16:40 - 2014-12-27 11:05 - 00028734 _____ () C:\Windows\PFRO.log
2014-12-26 16:40 - 2014-12-26 16:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-26 15:28 - 2014-12-26 15:28 - 00000221 _____ () C:\Users\Stormer\Desktop\Borderlands 2.url
2014-12-24 15:38 - 2015-01-16 10:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2014-12-24 15:38 - 2015-01-16 10:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2014-12-23 21:17 - 2015-01-15 21:30 - 00000112 _____ () C:\ProgramData\21JF620.dat
2014-12-23 21:16 - 2014-12-26 01:21 - 07263745 _____ () C:\Windows\SysWOW64\debug.log
2014-12-23 21:15 - 2015-01-16 10:47 - 00000000 ____D () C:\Users\Stormer\AppData\Roaming\Compatibility Verifier
2014-12-23 17:03 - 2014-12-23 17:03 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-12-20 09:23 - 2014-12-20 09:23 - 00000022 _____ () C:\Users\Stormer\Downloads\UM-Rechnungen.zip
2014-12-20 01:44 - 2014-12-20 01:44 - 00000000 _____ () C:\Users\Stormer\Desktop\httpswww.youtube.comwatchv=z-yKyO3Wgzo.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 10:50 - 2014-03-21 20:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 10:49 - 2014-09-08 19:26 - 00000000 ____D () C:\Users\Stormer\AppData\Roaming\BitTorrent
2015-01-16 10:36 - 2014-03-21 18:05 - 01688252 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 10:30 - 2014-09-27 09:14 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 09:12 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 09:12 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 09:03 - 2014-09-27 09:14 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 09:03 - 2014-09-08 15:36 - 00000000 __SHD () C:\ProgramData\MPK
2015-01-16 09:01 - 2014-03-21 19:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-16 09:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 19:36 - 2014-09-27 09:14 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-11 19:40 - 2014-10-14 10:59 - 00087040 ___SH () C:\Users\Stormer\Downloads\Thumbs.db
2015-01-08 12:04 - 2014-09-06 20:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-05 11:30 - 2014-03-21 20:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-05 11:30 - 2014-03-21 20:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-05 11:30 - 2014-03-21 20:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-05 11:30 - 2014-03-21 20:26 - 00000000 ____D () C:\Users\Stormer\AppData\Local\Adobe
2014-12-26 15:35 - 2014-09-06 23:10 - 00000000 ____D () C:\ProgramData\Origin
2014-12-26 15:33 - 2014-09-06 23:10 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-26 15:28 - 2014-09-06 20:50 - 00000000 ____D () C:\Users\Stormer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-26 15:20 - 2014-10-17 08:31 - 00000000 ____D () C:\Users\Stormer\Desktop\fotos
2014-12-26 15:17 - 2014-03-22 16:05 - 00000000 ____D () C:\Program Files (x86)\White Label Office 3
2014-12-26 15:06 - 2014-09-06 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-26 12:47 - 2014-10-31 21:17 - 00000000 ____D () C:\Users\Stormer\AppData\Local\CSO
2014-12-24 07:31 - 2014-12-16 15:30 - 00000000 ____D () C:\ProgramData\1837308050
2014-12-23 17:03 - 2014-03-21 19:45 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-18 19:22 - 2014-09-09 17:21 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-18 19:22 - 2014-09-09 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-18 19:22 - 2014-09-09 17:19 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-18 19:22 - 2014-09-07 16:43 - 00000000 ____D () C:\ProgramData\Package Cache

Files to move or delete:
====================
C:\ProgramData\21JF620.dat
C:\Users\Stormer\Setup.exe


Some content of TEMP:
====================
C:\Users\Stormer\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 14:53

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by Stormer at 2015-01-16 10:51:33
Running from C:\Users\Stormer\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.34 (HKLM-x32\...\{23170F69-40C1-2701-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
7-Zip 9.35 beta (HKLM-x32\...\7-Zip) (Version:  - )
Actualización de NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
BitTorrent (HKU\S-1-5-21-1684227235-1697619234-988528933-1000\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
BitTorrent (HKU\S-1-5-21-1684227235-1697619234-988528933-1001\...\BitTorrent) (Version: 7.9.2.34312 - BitTorrent Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dizzel (HKLM-x32\...\Steam App 315640) (Version:  - NSStudio)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 0.9.1 - )
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.10.923 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.46.923 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.46.923 - DVDVideoSoft Ltd.)
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.3 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Moorhuhn 2 (HKLM-x32\...\Moorhuhn 2 deinstallieren) (Version:  - )
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA Controlador de 3D Vision 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Panel de control de NVIDIA 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
RollerCoaster Tycoon 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Styx Reloaded 1.0 (HKLM-x32\...\Styx Reloaded) (Version: 1.0 - NumLock Software)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
VIA Administrador de dispositivos de plataforma (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-01-2015 10:36:03 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-10-04 19:46 - 00000872 ____A C:\Windows\system32\Drivers\etc\hosts
54.225.95.126        fhajokkdlhllmgenmniigcnlefjakobn

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {26878C56-C926-4E47-8A4C-146FDC40392D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-27] (Google Inc.)
Task: {386ACB75-FDB7-4496-A09A-4565D9722B5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-27] (Google Inc.)
Task: {64BCE482-BE68-49D0-B5EA-8FFA9692EA4D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-05] (Adobe Systems Incorporated)
Task: {E924F5FE-FB98-4DF8-BCBA-C2D80A7EF05E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-21 19:45 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-08 15:36 - 2014-08-11 13:07 - 00725816 _____ () c:\windows\syswow64\mpk\MPK64.dll
2014-11-26 18:47 - 2014-11-26 18:47 - 00682992 _____ () C:\Program Files\010\ackaxfnrcw32.exe
2014-09-08 15:36 - 2014-08-11 10:20 - 01695544 _____ () c:\windows\syswow64\mpk\lsynchost.exe
2014-10-20 17:05 - 2010-08-11 10:32 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-10-20 17:05 - 2010-08-11 10:32 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-10-20 17:05 - 2010-08-11 10:32 - 00105584 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2014-10-20 17:05 - 2010-08-11 10:32 - 64643696 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-12-24 15:38 - 2015-01-13 23:12 - 51548328 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2014-12-24 15:38 - 2015-01-12 13:55 - 00091304 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2014-09-08 15:36 - 2014-08-11 13:07 - 00653112 _____ () c:\windows\syswow64\mpk\MPK.dll
2014-12-24 15:38 - 2014-12-24 07:03 - 01360552 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2014-12-24 15:38 - 2014-12-24 07:03 - 00214184 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libegl.dll
2014-12-24 15:38 - 2014-12-24 07:03 - 00985768 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
2014-12-24 15:39 - 2014-12-15 21:02 - 16827048 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll
2014-11-11 16:46 - 2014-11-11 16:46 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Stormer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^White Label Office 3.3.lnk => C:\Windows\pss\White Label Office 3.3.lnk.Startup
MSCONFIG\startupreg: BitTorrent => "C:\Users\Stormer\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

========================= Accounts: ==========================

Administrador (S-1-5-21-1684227235-1697619234-988528933-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1684227235-1697619234-988528933-1009 - Limited - Enabled)
Invitado (S-1-5-21-1684227235-1697619234-988528933-501 - Limited - Disabled)
Stormer (S-1-5-21-1684227235-1697619234-988528933-1000 - Administrator - Enabled) => C:\Users\Stormer
UpdatusUser (S-1-5-21-1684227235-1697619234-988528933-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 09:03:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2015 09:23:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2015 05:57:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2015 00:28:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Ausnahmecode: 0x4000001f
Fehleroffset: 0x0022ecf0
ID des fehlerhaften Prozesses: 0x974
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/15/2015 00:27:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Ausnahmecode: 0x4000001f
Fehleroffset: 0x0022ecf0
ID des fehlerhaften Prozesses: 0x1f1c
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/15/2015 00:27:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Ausnahmecode: 0x4000001f
Fehleroffset: 0x0022ecf0
ID des fehlerhaften Prozesses: 0x1ab0
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/15/2015 00:26:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Ausnahmecode: 0x4000001f
Fehleroffset: 0x0022ecf0
ID des fehlerhaften Prozesses: 0x22d4
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/15/2015 00:26:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Ausnahmecode: 0x4000001f
Fehleroffset: 0x0022ecf0
ID des fehlerhaften Prozesses: 0x2098
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/15/2015 00:25:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Ausnahmecode: 0x4000001f
Fehleroffset: 0x0022ecf0
ID des fehlerhaften Prozesses: 0x1f4c
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/15/2015 00:25:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Ausnahmecode: 0x4000001f
Fehleroffset: 0x0022ecf0
ID des fehlerhaften Prozesses: 0x1888
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3


System errors:
=============
Error: (01/16/2015 09:06:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Compatibility Verify" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/16/2015 09:02:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (01/16/2015 09:01:41 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (01/15/2015 09:26:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Compatibility Verify" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/15/2015 09:22:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (01/15/2015 09:21:14 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (01/15/2015 06:06:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "OpenService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/15/2015 06:00:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Compatibility Verify" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/15/2015 05:56:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (01/15/2015 05:55:49 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.


Microsoft Office Sessions:
=========================
Error: (01/16/2015 09:03:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2015 09:23:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2015 05:57:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2015 00:28:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124compatibilitycheck.exe0.0.0.054af41244000001f0022ecf097401d030a493635f1fC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exea648cc57-9ca9-11e4-937b-00252218581c

Error: (01/15/2015 00:27:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124compatibilitycheck.exe0.0.0.054af41244000001f0022ecf01f1c01d030b6423c10bbC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe84bf0c12-9ca9-11e4-937b-00252218581c

Error: (01/15/2015 00:27:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124compatibilitycheck.exe0.0.0.054af41244000001f0022ecf01ab001d030b63fcb689fC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe8248943b-9ca9-11e4-937b-00252218581c

Error: (01/15/2015 00:26:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124compatibilitycheck.exe0.0.0.054af41244000001f0022ecf022d401d030b618822affC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe5b05e512-9ca9-11e4-937b-00252218581c

Error: (01/15/2015 00:26:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124compatibilitycheck.exe0.0.0.054af41244000001f0022ecf0209801d030b6160def5cC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe5890521c-9ca9-11e4-937b-00252218581c

Error: (01/15/2015 00:25:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124compatibilitycheck.exe0.0.0.054af41244000001f0022ecf01f4c01d030b5eec86b68C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe31448bfd-9ca9-11e4-937b-00252218581c

Error: (01/15/2015 00:25:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124compatibilitycheck.exe0.0.0.054af41244000001f0022ecf0188801d030b5ec53972fC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe2ed1a7ac-9ca9-11e4-937b-00252218581c


CodeIntegrity Errors:
===================================
  Date: 2014-10-20 18:05:53.365
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-20 18:05:53.318
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-20 18:03:35.605
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-20 18:03:23.337
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-20 18:01:29.703
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-20 17:51:31.324
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-20 17:31:23.914
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-20 17:31:19.112
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-20 17:25:49.779
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-20 17:23:29.094
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 940 Processor
Percentage of memory in use: 46%
Total physical RAM: 6143.24 MB
Available physical RAM: 3315.14 MB
Total Pagefile: 12284.66 MB
Available Pagefile: 8828.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:76.59 GB) (Free:5.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 76.7 GB) (Disk ID: 268C8C2B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=76.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 16.01.2015 11:26
hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Remote Desktop Access


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Ifrit91 16.01.2015 19:43
Code:
ComboFix 15-01-08.01 - Stormer 16.01.2015  19:24:19.3.4 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.34.3082.18.6143.3778 [GMT 1:00]
Running from: c:\users\Stormer\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Stormer\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((((  Files Created from 2014-12-16 to 2015-01-16  )))))))))))))))))))))))))))))))
.
.
2015-01-16 18:29 . 2015-01-16 18:29        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2015-01-16 18:29 . 2015-01-16 18:29        --------        d-----w-        c:\users\Invitado\AppData\Local\temp
2015-01-16 18:29 . 2015-01-16 18:29        --------        d-----w-        c:\users\HomeGroupUser$\AppData\Local\temp
2015-01-16 18:29 . 2015-01-16 18:29        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-01-16 18:29 . 2015-01-16 18:29        --------        d-----w-        c:\users\Administrador\AppData\Local\temp
2015-01-16 13:16 . 2015-01-16 13:16        --------        d-----w-        c:\program files (x86)\VS Revo Group
2015-01-16 09:42 . 2015-01-16 09:51        --------        d-----w-        C:\FRST
2014-12-24 14:38 . 2015-01-16 18:29        --------        d-----w-        c:\users\Default\AppData\Roaming\Compatibility Verifier
2014-12-24 14:38 . 2014-12-24 14:38        --------        d-----w-        c:\users\Default\AppData\Local\Programs
2014-12-23 20:15 . 2015-01-16 09:47        --------        d-----w-        c:\users\Stormer\AppData\Roaming\Compatibility Verifier
2014-12-23 16:03 . 2014-12-23 16:03        --------        d-----w-        c:\program files (x86)\AGEIA Technologies
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-16 10:50 . 2014-03-21 19:28        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-16 10:50 . 2014-03-21 19:28        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E6D66045-F951-4DBF-962E-993B4FB6A9E0}]
2014-11-14 10:57        2242560        ----a-w-        c:\users\Stormer\AppData\LocalLow\IE-BHO\bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-08-11 2472048]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-11 702768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 REN2CAP_DRIVER;Hear;c:\windows\system32\drivers\ren2cap.sys;c:\windows\SYSNATIVE\drivers\ren2cap.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 ackaxfnrcw32;ackaxfnrcw32;c:\program files\010\ackaxfnrcw32.exe run options=00100010100000000000000000000000 source=DB6FA7A7-844E-4017-92E2-73FA405F7637 ;c:\program files\010\ackaxfnrcw32.exe run options=00100010100000000000000000000000 source=DB6FA7A7-844E-4017-92E2-73FA405F7637  [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-21 10:50]
.
2015-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-27 08:14]
.
2015-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-27 08:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-03-20 1797064]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX
uDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\Stormer\AppData\Local\Temp\ie_script.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\
FF - prefs.js: browser.startup.homepage - google.de
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{426afe3a-6103-4d08-939a-867e7ccb1696} - (no file)
AddRemove-Moorhuhn 2 deinstallieren - c:\windows\IsUn0407.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\010\ackaxfnrcw32.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
c:\windows\temp\db22.exe
c:\windows\temp\db22.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2015-01-16  19:35:03 - machine was rebooted
ComboFix-quarantined-files.txt  2015-01-16 18:35
ComboFix2.txt  2015-01-16 14:45
.
Pre-Run: 6.063.616.000 Bytes frei
Post-Run: 5.858.304.000 Bytes frei
.
- - End Of File - - A4D0E7C0894524CDA4E41AB0900AAA4B
A36C5E4F47E84449FF07ED3517B43A31

schrauber 16.01.2015 19:49
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Ifrit91 16.01.2015 21:09
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 16.01.2015
Suchlauf-Zeit: 20:01:34
Logdatei: log.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.16.09
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Stormer

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 432713
Verstrichene Zeit: 16 Min, 43 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, 1064, , [2bee9a5ecdbce650d855bab6dd2657a9]
PUP.Optional.AdPeak.A, C:\Program Files\010\ackaxfnrcw32.exe, 1604, , [ba5fd721b9d051e5c97e9460c4403dc3]

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 21
PUP.Optional.Snapdo.T, HKU\S-1-5-21-1684227235-1697619234-988528933-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, , [b0695d9b95f45ed8595ad55249ba7090],
PUP.Optional.BrowserChampion.A, HKU\S-1-5-21-1684227235-1697619234-988528933-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD6EF0F0-B46B-4CB2-839C-BBE569FAA859}, , [b762e0188affd264090526c433cf7090],
PUP.Optional.CompatibilityVerifier.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Verifies and fixes application compatibility issues, , [2bee9a5ecdbce650d855bab6dd2657a9],
PUP.Optional.AdPeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ackaxfnrcw32, , [ba5fd721b9d051e5c97e9460c4403dc3],
Refog.Keylogger, HKLM\SOFTWARE\Refog Software, , [ae6b7a7ec0c958de126cb88f20e404fc],
PUP.Optional.BrowserChampion.A, HKLM\SOFTWARE\WOW6432NODE\Browser Champion, , [a871d0284f3aaf87b7d09cec56adcf31],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\Cinema-P+-1.2V28.09-nv, , [63b61eda810836000d20d5a837ccb54b],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, , [11089f59c8c137ffd510b6c121e255ab],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, , [e53492662e5b989e5d627d2b3ec54fb1],
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\TornTv Downloader, , [fb1ec7316425fb3b20809ed93dc628d8],
PUP.Optional.CrossRider.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\APPDATALOW\SOFTWARE\Cinema-P+-1.2V28.09, , [fe1b5a9e96f30135200f740932d19967],
PUP.Optional.WeatherItUp.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\APPDATALOW\SOFTWARE\Weather It Up, , [e633af492663033307edd0dd43c09769],
PUP.Optional.TornTV.A, HKU\S-1-5-21-1684227235-1697619234-988528933-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\TornTv Downloader, , [1504d91f9aef0b2b07993641030044bc],
PUP.Optional.Qone8, HKU\S-1-5-21-1684227235-1697619234-988528933-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [2decd5239ced70c6aafb2da9986c54ac],
PUP.Optional.FastStart.A, HKU\S-1-5-21-1684227235-1697619234-988528933-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MOZILLA\EXTENDS, , [62b76593523741f5fffb5929d3307789],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1684227235-1697619234-988528933-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [c356cb2df89158dea89b7e614db71ce4],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1684227235-1697619234-988528933-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [958412e680094beb6ad4df9922e15da3],
PUP.Optional.WeatherItUp.A, HKU\S-1-5-21-1684227235-1697619234-988528933-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Weather It Up, , [fa1f7e7ad6b3082e4fa5a607ed16b050],
PUP.Optional.IEBho.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E6D66045-F951-4DBF-962E-993B4FB6A9E0}, , [a376f30598f1e3539f79323ba55e3ac6],
PUP.Optional.IEBho.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E6D66045-F951-4DBF-962E-993B4FB6A9E0}, , [a376f30598f1e3539f79323ba55e3ac6],
PUP.Optional.IEBho.A, HKU\S-1-5-21-1684227235-1697619234-988528933-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E6D66045-F951-4DBF-962E-993B4FB6A9E0}, , [a376f30598f1e3539f79323ba55e3ac6],

Registrierungswerte: 2
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\extensions\faststartff@gmail.com, , [1cfdb5432e5bba7c6fa67278d52f08f8]
PUP.Optional.FastStart.A, HKU\S-1-5-21-1684227235-1697619234-988528933-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, , [62b76593523741f5fffb5929d3307789]

Registrierungsdaten: 13
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX),,[ee2b52a6cebb49ed264e9bf21aeb36ca]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}),,[af6aac4c08819e98155dc8c561a45da3]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX),,[bf5ac038fb8e2b0bd29e860751b41ee2]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX),,[839620d84a3fae8878fc0f7ef60f6898]
PUP.Optional.WebSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}),,[67b215e3c1c86cca543b87128f768080]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-1684227235-1697619234-988528933-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX),,[fe1b49affb8e3006f97c5e2fce37c33d]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-1684227235-1697619234-988528933-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}),,[b663dd1b84051d192b48464728dd4db3]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1684227235-1697619234-988528933-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt66vmjNGZQt3rUPUUfyGWX1_FrQBcAd1FwG3OTSwySepxoqXSoa_tNWMblsIUk2NPII-bP0D-WlbhLO7CIeZe9wOvYYqukIH8UDPIaZcJShyB_fkw9PijrrGMwgWOzj, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt66vmjNGZQt3rUPUUfyGWX1_FrQBcAd1FwG3OTSwySepxoqXSoa_tNWMblsIUk2NPII-bP0D-WlbhLO7CIeZe9wOvYYqukIH8UDPIaZcJShyB_fkw9PijrrGMwgWOzj),,[c8513fb9e7a29e98429b157606ffed13]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1684227235-1697619234-988528933-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt66vmjNGZQt3rUPUUfyGWX1_FrQBcAd1FwG3OTSwySepxoqXSoa_tNWMblsIUk2NP5Bsj710YyhYTcjkN5s5oW_2JpcxrWkDumd9Io6naijGWGDGLnMgEEYppvMl9cP&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt66vmjNGZQt3rUPUUfyGWX1_FrQBcAd1FwG3OTSwySepxoqXSoa_tNWMblsIUk2NP5Bsj710YyhYTcjkN5s5oW_2JpcxrWkDumd9Io6naijGWGDGLnMgEEYppvMl9cP&q={searchTerms}),,[ea2fa7518cfdbb7bac2f3754b0552ad6]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1684227235-1697619234-988528933-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt66vmjNGZQt3rUPUUfyGWX1_FrQBcAd1FwG3OTSwySepxoqXSoa_tNWMblsIUk2NP5Bsj710YyhYTcjkN5s5oW_2JpcxrWkDumd9Io6naijGWGDGLnMgEEYppvMl9cP&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt66vmjNGZQt3rUPUUfyGWX1_FrQBcAd1FwG3OTSwySepxoqXSoa_tNWMblsIUk2NP5Bsj710YyhYTcjkN5s5oW_2JpcxrWkDumd9Io6naijGWGDGLnMgEEYppvMl9cP&q={searchTerms}),,[a47548b093f62c0a32aaee9d64a126da]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1684227235-1697619234-988528933-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt66vmjNGZQt3rUPUUfyGWX1_FrQBcAd1FwG3OTSwySepxoqXSoa_tNWMblsIUk2NP5Bsj710YyhYTcjkN5s5oW_2JpcxrWkDumd9Io6naijGWGDGLnMgEEYppvMl9cP&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt66vmjNGZQt3rUPUUfyGWX1_FrQBcAd1FwG3OTSwySepxoqXSoa_tNWMblsIUk2NP5Bsj710YyhYTcjkN5s5oW_2JpcxrWkDumd9Io6naijGWGDGLnMgEEYppvMl9cP&q={searchTerms}),,[c4559d5bc9c0bb7bc11d3259ae57ff01]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1684227235-1697619234-988528933-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt66vmjNGZQt3rUPUUfyGWX1_FrQBcAd1FwG3OTSwySepxoqXSoa_tNWMblsIUk2NP5Bsj710YyhYTcjkN5s5oW_2JpcxrWkDumd9Io6naijGWGDGLnMgEEYppvMl9cP&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt66vmjNGZQt3rUPUUfyGWX1_FrQBcAd1FwG3OTSwySepxoqXSoa_tNWMblsIUk2NP5Bsj710YyhYTcjkN5s5oW_2JpcxrWkDumd9Io6naijGWGDGLnMgEEYppvMl9cP&q={searchTerms}),,[58c1d127fc8d6dc9f7e86c1f778ef60a]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1684227235-1697619234-988528933-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt66vmjNGZQt3rUPUUfyGWX1_FrQBcAd1FwG3OTSwySepxoqXSoa_tNWMblsIUk2NP5Bsj710YyhYTcjkN5s5oW_2JpcxrWkDumd9Io6naijGWGDGLnMgEEYppvMl9cP&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQme9oxsQRSyyp0Bt66vmjNGZQt3rUPUUfyGWX1_FrQBcAd1FwG3OTSwySepxoqXSoa_tNWMblsIUk2NP5Bsj710YyhYTcjkN5s5oW_2JpcxrWkDumd9Io6naijGWGDGLnMgEEYppvMl9cP&q={searchTerms}),,[1ffaca2e236676c0c119b8d363a2f60a]

Ordner: 6
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier, , [2bee9a5ecdbce650d855bab6dd2657a9],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\locales, , [2bee9a5ecdbce650d855bab6dd2657a9],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Stormer\AppData\Roaming\Compatibility Verifier, , [aa6f6b8d1a6f46f073ba1f518f7410f0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Stormer\AppData\Roaming\Compatibility Verifier\locales, , [aa6f6b8d1a6f46f073ba1f518f7410f0],
PUP.Optional.AdPeak.A, C:\Program Files\010, , [ba5fd721b9d051e5c97e9460c4403dc3],
PUP.Optional.IEBho.A, C:\Users\Stormer\AppData\LocalLow\IE-BHO, , [a376f30598f1e3539f79323ba55e3ac6],

Dateien: 37
PUP.Optional.SearchProtect.A, C:\Users\Stormer\AppData\Roaming\RHEng\894314C8ECE841F7B8D0AE3CAD22A2D2\0c3246.exe, , [b366f80087027cba6b8e099a8f729967],
PUP.Optional.SmartBar, C:\Windows\Installer\MSI5843.tmp, , [1bfe01f7afdabe782063d35bbd43d32d],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak, , [2bee9a5ecdbce650d855bab6dd2657a9],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, , [2bee9a5ecdbce650d855bab6dd2657a9],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, , [2bee9a5ecdbce650d855bab6dd2657a9],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, , [2bee9a5ecdbce650d855bab6dd2657a9],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, , [2bee9a5ecdbce650d855bab6dd2657a9],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, , [2bee9a5ecdbce650d855bab6dd2657a9],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, , [2bee9a5ecdbce650d855bab6dd2657a9],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat, , [2bee9a5ecdbce650d855bab6dd2657a9],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, , [2bee9a5ecdbce650d855bab6dd2657a9],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, , [2bee9a5ecdbce650d855bab6dd2657a9],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, , [2bee9a5ecdbce650d855bab6dd2657a9],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x64.exe, , [2bee9a5ecdbce650d855bab6dd2657a9],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, , [2bee9a5ecdbce650d855bab6dd2657a9],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Stormer\AppData\Roaming\Compatibility Verifier\cef.pak, , [aa6f6b8d1a6f46f073ba1f518f7410f0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Stormer\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, , [aa6f6b8d1a6f46f073ba1f518f7410f0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Stormer\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, , [aa6f6b8d1a6f46f073ba1f518f7410f0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Stormer\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, , [aa6f6b8d1a6f46f073ba1f518f7410f0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Stormer\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, , [aa6f6b8d1a6f46f073ba1f518f7410f0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Stormer\AppData\Roaming\Compatibility Verifier\debug.log, , [aa6f6b8d1a6f46f073ba1f518f7410f0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Stormer\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, , [aa6f6b8d1a6f46f073ba1f518f7410f0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Stormer\AppData\Roaming\Compatibility Verifier\icudtl.dat, , [aa6f6b8d1a6f46f073ba1f518f7410f0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Stormer\AppData\Roaming\Compatibility Verifier\libEGL.dll, , [aa6f6b8d1a6f46f073ba1f518f7410f0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Stormer\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, , [aa6f6b8d1a6f46f073ba1f518f7410f0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Stormer\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, , [aa6f6b8d1a6f46f073ba1f518f7410f0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Stormer\AppData\Roaming\Compatibility Verifier\vcredist_x64.exe, , [aa6f6b8d1a6f46f073ba1f518f7410f0],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Stormer\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, , [aa6f6b8d1a6f46f073ba1f518f7410f0],
PUP.Optional.MyStartSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystartsearch.xml, , [8c8da058b4d5fc3a687b572000039868],
PUP.Optional.Proxy.A, C:\Users\Stormer\AppData\Local\proxy.log, , [b9600aee2c5d3600846a5a2eaa59cf31],
PUP.Optional.WebSearchs.A, C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage, , [54c546b2fc8d171f13c68ffe33d0e41c],
PUP.Optional.WebSearchs.A, C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal, , [c6539c5c4c3d16205d7cb8d5e122dd23],
PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, , [b06980787b0ed2640bb6adfb08fba45c],
PUP.Optional.AdPeak.A, C:\Program Files\010\ackaxfnrcw32.exe, , [ba5fd721b9d051e5c97e9460c4403dc3],
PUP.Optional.IEBho.A, C:\Users\Stormer\AppData\LocalLow\IE-BHO\bho.dll, , [a376f30598f1e3539f79323ba55e3ac6],
PUP.Optional.IEBho.A, C:\Users\Stormer\AppData\LocalLow\IE-BHO\ie.ini, , [a376f30598f1e3539f79323ba55e3ac6],
PUP.Optional.QuickStart.A, C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), ,[cc4d7e7a6425f6407f77a92742c308f8]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
# AdwCleaner v4.107 - Reporte Creado 16/01/2015 en 20:46:40
# Actualizado 07/01/2015 por Xplode
# Database : 2015-01-13.2 [Live]
# Sistema Operativo : Windows 7 Ultimate Service Pack 1 (64 bits)
# Nombre de usuario : Stormer - STORMER-PC
# Ejecutado desde : C:\Users\Stormer\Desktop\AdwCleaner_4.107.exe
# Opción : Limpiar

***** [ Servicios ] *****

Servicio Borrar : ackaxfnrcw32

***** [ Archivos / Carpetas ] *****

Carpeta Borrar : C:\ProgramData\YuoutubbeAddBllockE
Carpeta Borrar : C:\ProgramData\b6e8edeb3aec3fdb
Carpeta Borrar : C:\Program Files (x86)\predm
Carpeta Borrar : C:\Program Files (x86)\HitsBlenderUpdater
Carpeta Borrar : C:\Program Files (x86)\YuoutubbeAddBllockE
Carpeta Borrar : C:\Program Files\010
Carpeta Borrar : C:\Users\Stormer\AppData\Local\HitsBlender
Carpeta Borrar : C:\Users\Stormer\AppData\Roaming\RHEng
Carpeta Borrar : C:\Users\Stormer\Documents\Optimizer Pro
Carpeta Borrar : C:\Users\Stormer\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb
Archivo Borrar : C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\foxydeal.sqlite
Archivo Borrar : C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\invalidprefs.js

***** [ Tareas ] *****


***** [ Accesos directos ] *****


***** [ Registro ] *****

Clave Borrar : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Clave Borrar : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Clave Borrar : HKCU\Software\OCS
Clave Borrar : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clave Borrar : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Clave Borrar : HKLM\SOFTWARE\YourFileDownloader
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v33.1 (x86 de)

[fqnoptlc.default\prefs.js] - Linea borrada : user_pref("avira.safe_search.prev_newtab", "chrome://quick_start/content/index.html");
[fqnoptlc.default\prefs.js] - Linea borrada : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[fqnoptlc.default\prefs.js] - Linea borrada : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[fqnoptlc.default\prefs.js] - Linea borrada : user_pref("extensions.quick_start.enable_search1", false);
[fqnoptlc.default\prefs.js] - Linea borrada : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[fqnoptlc.default\prefs.js] - Linea borrada : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"1485b394a339-081718cd2cab8b8-42504136-0-1485b394a341bc\"");
[fqnoptlc.default\prefs.js] - Linea borrada : user_pref("extensions.safesearch.SAUTH_expires_at", "1421864864");
[fqnoptlc.default\prefs.js] - Linea borrada : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"e344454ec8a04a02f1f4c03b07845f67f907633b\"");
[fqnoptlc.default\prefs.js] - Linea borrada : user_pref("extensions.safesearch.SAUTH_userid", "4303734290");
[fqnoptlc.default\prefs.js] - Linea borrada : user_pref("extensions.safesearch.SAUTH_utoken", "\"84008f9cb792867d73c9fd8ca1b2f2abe3a99237\"");
[fqnoptlc.default\prefs.js] - Linea borrada : user_pref("extensions.safesearch.install", "1410279754298");
[fqnoptlc.default\prefs.js] - Linea borrada : user_pref("extensions.safesearch.search_offer_disabled", "true");
[fqnoptlc.default\prefs.js] - Linea borrada : user_pref("extensions.safesearch@avira.com.install-event-fired", true);

-\\ Google Chrome v41.0.2272.3

[C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Borrar [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}
[C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Borrar [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}
[C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Borrar [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}
[C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Borrar [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}

-\\ Comodo Dragon v

[C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Borrar [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}
[C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Borrar [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}
[C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Borrar [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}
[C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Borrar [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1418739575&from=exp&uid=HDS728080PLA380_PFDB32S0T1S9YMT1S9YMX&q={searchTerms}

*************************

AdwCleaner[R0].txt - [5763 octets] - [16/01/2015 20:44:06]
AdwCleaner[S0].txt - [6492 octets] - [16/01/2015 20:46:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6552 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by Stormer on 16.01.2015 at 20:56:23,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Users\Stormer\AppData\Roaming\mozilla\firefox\profiles\fqnoptlc.default\searchplugins\avira-safesearch.xml
Successfully deleted: [Folder] C:\Users\Stormer\AppData\Roaming\mozilla\firefox\profiles\fqnoptlc.default\extensions\safesearch@avira.com
Successfully deleted the following from C:\Users\Stormer\AppData\Roaming\mozilla\firefox\profiles\fqnoptlc.default\prefs.js

user_pref("avira.safe_search.search_was_active", "false");
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-
user_pref("extensions.bootstrappedAddons", "{\"ich@maltegoetz.de\":{\"version\":\"2.0.0.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Stormer\\\\AppData\\\\Roamin
user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"1485b394a339-081718cd2cab8b8-42504136-0-1485b394a341bc\"");
user_pref("extensions.safesearch.SAUTH_expires_at", "1422042892");
user_pref("extensions.safesearch.SAUTH_rndsnr", "\"0917d379bd5d472453c8892a46c7c4400807115d\"");
user_pref("extensions.safesearch.SAUTH_userid", "5786899152");
user_pref("extensions.safesearch.SAUTH_utoken", "\"58ed97dbfde9defe5409c24154d85608ab80af57\"");
user_pref("extensions.safesearch.install", "1421438095783");
user_pref("extensions.uLG1wD2EwCLOgL1y.url", "hxxp://musicforallpro.info/sync2/?q=hfZ9ofV9CShEAen0qHs9tMqLDe49CNU0mwkMCMlNhd9Fqda4rdCFqjk9rTCMBzqUojw9rdUFpjw9rdCFrch7hfs0pihPB
Emptied folder: C:\Users\Stormer\AppData\Roaming\mozilla\firefox\profiles\fqnoptlc.default\minidumps [76 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.01.2015 at 20:58:53,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
alles getan

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Stormer (administrator) on STORMER-PC on 16-01-2015 21:04:05
Running from C:\Users\Stormer\Desktop
Loaded Profiles: Stormer & UpdatusUser (Available profiles: Stormer & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Spanisch (Spanien, internationale Sortierung)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2472048 2010-08-11] (VIA)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1684227235-1697619234-988528933-1001\...\Run: [BitTorrent] => C:\Users\Stormer\AppData\Roaming\BitTorrent\BitTorrent.exe [1388888 2014-11-26] (BitTorrent Inc.)
HKU\S-1-5-21-1684227235-1697619234-988528933-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1684227235-1697619234-988528933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1684227235-1697619234-988528933-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1684227235-1697619234-988528933-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {426afe3a-6103-4d08-939a-867e7ccb1696} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\searchplugins\google-maps.xml
FF Extension: Avira Browser Safety - C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Download videos and MP3s from YouTube - C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-09-29]
FF Extension: ProxTube - C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\Extensions\ich@maltegoetz.de.xpi [2014-09-29]
FF Extension: Adblock Edge - C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-04]
FF HKU\S-1-5-21-1684227235-1697619234-988528933-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-09-29]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-27]
CHR Extension: (Google Docs) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-27]
CHR Extension: (Google Drive) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-27]
CHR Extension: (YouTube) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-27]
CHR Extension: (Google Search) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-27]
CHR Extension: (Google Sheets) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-27]
CHR Extension: (Avira Browser Safety) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2014-12-10]
CHR Extension: (Google Wallet) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-27]
CHR Extension: (Amazon) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj [2014-12-05]
CHR Extension: (Gmail) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-27]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Stormer\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-26] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-02] (Disc Soft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 20:58 - 2015-01-16 20:58 - 00002328 _____ () C:\Users\Stormer\Desktop\JRT.txt
2015-01-16 20:56 - 2015-01-16 20:56 - 00000000 ____D () C:\Windows\ERUNT
2015-01-16 20:44 - 2015-01-16 20:46 - 00000000 ____D () C:\AdwCleaner
2015-01-16 20:43 - 2015-01-16 20:43 - 02191360 _____ () C:\Users\Stormer\Desktop\AdwCleaner_4.107.exe
2015-01-16 20:30 - 2015-01-16 20:30 - 00018884 _____ () C:\Users\Stormer\Desktop\mbam.txt
2015-01-16 20:02 - 2015-01-16 20:02 - 01707939 _____ (Thisisu) C:\Users\Stormer\Desktop\JRT.exe
2015-01-16 19:59 - 2015-01-16 20:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 19:58 - 2015-01-16 19:58 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-16 19:58 - 2015-01-16 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-16 19:58 - 2015-01-16 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-16 19:58 - 2015-01-16 19:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-16 19:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-16 19:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-16 19:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-16 19:57 - 2015-01-16 19:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Stormer\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-16 19:35 - 2015-01-16 19:35 - 00013778 _____ () C:\ComboFix.txt
2015-01-16 14:22 - 2015-01-16 19:35 - 00000000 ____D () C:\Qoobox
2015-01-16 14:22 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-16 14:22 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-16 14:22 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-16 14:22 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-16 14:22 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-16 14:22 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-16 14:22 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-16 14:22 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-16 14:21 - 2015-01-16 15:44 - 00000000 ____D () C:\Windows\erdnt
2015-01-16 14:19 - 2015-01-16 14:19 - 05609736 ____R (Swearware) C:\Users\Stormer\Desktop\ComboFix.exe
2015-01-16 14:16 - 2015-01-16 14:16 - 00001264 _____ () C:\Users\Stormer\Desktop\Revo Uninstaller.lnk
2015-01-16 14:16 - 2015-01-16 14:16 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-16 14:15 - 2015-01-16 14:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Stormer\Downloads\revosetup95.exe
2015-01-16 10:51 - 2015-01-16 21:04 - 00012634 _____ () C:\Users\Stormer\Desktop\FRST.txt
2015-01-16 10:51 - 2015-01-16 10:51 - 00027177 _____ () C:\Users\Stormer\Desktop\Addition.txt
2015-01-16 10:42 - 2015-01-16 21:04 - 00000000 ____D () C:\FRST
2015-01-16 10:41 - 2015-01-16 10:41 - 02125312 _____ (Farbar) C:\Users\Stormer\Desktop\FRST64.exe
2015-01-11 06:16 - 2015-01-11 06:16 - 00203724 _____ () C:\Users\Stormer\Downloads\Neelix - Left Behind by neelix on SoundCloud - Hear the world’s sounds.htm
2015-01-11 06:16 - 2015-01-11 06:16 - 00000000 ____D () C:\Users\Stormer\Downloads\Neelix - Left Behind by neelix on SoundCloud - Hear the world’s sounds-Dateien
2015-01-11 02:53 - 2015-01-11 02:53 - 00262144 _____ () C:\Windows\Minidump\011115-20984-01.dmp
2015-01-11 02:53 - 2015-01-11 02:53 - 00000000 ____D () C:\Windows\Minidump
2014-12-30 10:09 - 2014-12-30 10:09 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-12-30 10:09 - 2014-12-30 10:09 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2014-12-30 10:09 - 2014-12-30 10:09 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-12-30 10:09 - 2014-12-30 10:09 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2014-12-26 18:08 - 2014-12-26 18:08 - 01054912 _____ (Adobe) C:\Users\Stormer\Downloads\install_flashplayer16x32au_mssd_aaa_aih.exe
2014-12-26 16:40 - 2015-01-16 20:47 - 00043108 _____ () C:\Windows\PFRO.log
2014-12-26 16:40 - 2015-01-16 20:47 - 00003358 _____ () C:\Windows\setupact.log
2014-12-26 16:40 - 2014-12-26 16:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-26 15:28 - 2014-12-26 15:28 - 00000221 _____ () C:\Users\Stormer\Desktop\Borderlands 2.url
2014-12-23 21:17 - 2015-01-16 19:14 - 00000112 _____ () C:\ProgramData\21JF620.dat
2014-12-23 17:03 - 2014-12-23 17:03 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-12-20 09:23 - 2014-12-20 09:23 - 00000022 _____ () C:\Users\Stormer\Downloads\UM-Rechnungen.zip
2014-12-20 01:44 - 2014-12-20 01:44 - 00000000 _____ () C:\Users\Stormer\Desktop\httpswww.youtube.comwatchv=z-yKyO3Wgzo.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 20:56 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 20:56 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 20:52 - 2014-03-21 18:05 - 01707500 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 20:50 - 2014-03-21 20:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 20:48 - 2014-09-27 09:14 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 20:47 - 2014-03-21 19:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-16 20:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 20:30 - 2014-09-27 09:14 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 19:30 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-16 19:14 - 2014-09-06 20:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-16 15:45 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-16 15:26 - 2014-09-08 19:26 - 00000000 ____D () C:\Users\Stormer\AppData\Roaming\BitTorrent
2015-01-16 14:37 - 2009-07-14 03:34 - 55836672 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-16 14:37 - 2009-07-14 03:34 - 14680064 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-16 14:37 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-16 14:37 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-16 14:37 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-16 11:50 - 2014-03-21 20:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-16 11:50 - 2014-03-21 20:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-16 11:50 - 2014-03-21 20:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 19:36 - 2014-09-27 09:14 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-11 19:40 - 2014-10-14 10:59 - 00087040 ___SH () C:\Users\Stormer\Downloads\Thumbs.db
2015-01-05 11:30 - 2014-03-21 20:26 - 00000000 ____D () C:\Users\Stormer\AppData\Local\Adobe
2014-12-26 15:35 - 2014-09-06 23:10 - 00000000 ____D () C:\ProgramData\Origin
2014-12-26 15:33 - 2014-09-06 23:10 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-26 15:28 - 2014-09-06 20:50 - 00000000 ____D () C:\Users\Stormer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-26 15:20 - 2014-10-17 08:31 - 00000000 ____D () C:\Users\Stormer\Desktop\fotos
2014-12-26 15:17 - 2014-03-22 16:05 - 00000000 ____D () C:\Program Files (x86)\White Label Office 3
2014-12-26 15:06 - 2014-09-06 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-26 12:47 - 2014-10-31 21:17 - 00000000 ____D () C:\Users\Stormer\AppData\Local\CSO
2014-12-23 17:03 - 2014-03-21 19:45 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-18 19:22 - 2014-09-09 17:21 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-18 19:22 - 2014-09-09 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-18 19:22 - 2014-09-09 17:19 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-18 19:22 - 2014-09-07 16:43 - 00000000 ____D () C:\ProgramData\Package Cache

Files to move or delete:
====================
C:\ProgramData\21JF620.dat
C:\Users\Stormer\Setup.exe


Some content of TEMP:
====================
C:\Users\Stormer\AppData\Local\Temp\avgnt.exe
C:\Users\Stormer\AppData\Local\Temp\Quarantine.exe
C:\Users\Stormer\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-16 16:03

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 17.01.2015 12:31

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Ifrit91 18.01.2015 22:47
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6b38ce660cd4384bbb17e49decd98e02
# engine=22025
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-18 09:29:58
# local_time=2015-01-18 10:29:58 (+0100, Mitteleuropäische Zeit    )
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 17953 13525195 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 11538491 173246448 0 0
# scanned=151809
# found=122
# cleaned=0
# scan_time=17539
sh=AD16239DA51C13ECFF734FA31E3494A40B48B2C8 ft=1 fh=2d795a99a9115d61 vn="Variante von Win32/ExpressDownloader.K evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1684227235-1697619234-988528933-1000\$REV2CBS.exe"
sh=023F0EC63C57CE9CB4FE6BE3BCFCF444C3911102 ft=1 fh=fb3768dd715bbe86 vn="Variante von Win32/ExpressDownloader.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HitsBlenderUpdater\Uninstall.exe.vir"
sh=E6E0A9834C1D5B63FB1887CF6EECD978F9261881 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\frIpZF.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\lsdb.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\content.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\lsdb.js.vir"
sh=92A047E3DEF034DE6049C6A11AFEBA47C74082F3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\oVCdw.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\content.js.vir"
sh=3B63AB1BF7D3A3A437D51C8C8228B1B37670B3C4 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\LB8.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\lsdb.js.vir"
sh=D11CD109A94227DD9E5F94AAFC1B5C45ED6F8FAD ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\jC4NQFa.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\lsdb.js.vir"
sh=E6E0A9834C1D5B63FB1887CF6EECD978F9261881 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\frIpZF.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\lsdb.js.vir"
sh=E6E0A9834C1D5B63FB1887CF6EECD978F9261881 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\frIpZF.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\lsdb.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\content.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\lsdb.js.vir"
sh=92A047E3DEF034DE6049C6A11AFEBA47C74082F3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\oVCdw.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\content.js.vir"
sh=3B63AB1BF7D3A3A437D51C8C8228B1B37670B3C4 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\LB8.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\lsdb.js.vir"
sh=D11CD109A94227DD9E5F94AAFC1B5C45ED6F8FAD ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\jC4NQFa.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\lsdb.js.vir"
sh=E6E0A9834C1D5B63FB1887CF6EECD978F9261881 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\frIpZF.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\lsdb.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\content.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\lsdb.js.vir"
sh=92A047E3DEF034DE6049C6A11AFEBA47C74082F3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\oVCdw.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\content.js.vir"
sh=3B63AB1BF7D3A3A437D51C8C8228B1B37670B3C4 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\LB8.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\lsdb.js.vir"
sh=D11CD109A94227DD9E5F94AAFC1B5C45ED6F8FAD ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\jC4NQFa.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\lsdb.js.vir"
sh=E6E0A9834C1D5B63FB1887CF6EECD978F9261881 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\frIpZF.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\lsdb.js.vir"
sh=E6E0A9834C1D5B63FB1887CF6EECD978F9261881 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\frIpZF.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\lsdb.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\content.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\lsdb.js.vir"
sh=92A047E3DEF034DE6049C6A11AFEBA47C74082F3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\oVCdw.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\content.js.vir"
sh=3B63AB1BF7D3A3A437D51C8C8228B1B37670B3C4 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\LB8.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\lsdb.js.vir"
sh=D11CD109A94227DD9E5F94AAFC1B5C45ED6F8FAD ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\jC4NQFa.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\lsdb.js.vir"
sh=E6E0A9834C1D5B63FB1887CF6EECD978F9261881 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\frIpZF.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\lsdb.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\content.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\lsdb.js.vir"
sh=92A047E3DEF034DE6049C6A11AFEBA47C74082F3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\oVCdw.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\content.js.vir"
sh=3B63AB1BF7D3A3A437D51C8C8228B1B37670B3C4 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\LB8.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\lsdb.js.vir"
sh=D11CD109A94227DD9E5F94AAFC1B5C45ED6F8FAD ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\jC4NQFa.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\lsdb.js.vir"
sh=E6E0A9834C1D5B63FB1887CF6EECD978F9261881 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\frIpZF.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\lsdb.js.vir"
sh=E6E0A9834C1D5B63FB1887CF6EECD978F9261881 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\frIpZF.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\lsdb.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\content.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\lsdb.js.vir"
sh=92A047E3DEF034DE6049C6A11AFEBA47C74082F3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\oVCdw.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\content.js.vir"
sh=3B63AB1BF7D3A3A437D51C8C8228B1B37670B3C4 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\LB8.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\lsdb.js.vir"
sh=D11CD109A94227DD9E5F94AAFC1B5C45ED6F8FAD ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\jC4NQFa.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\lsdb.js.vir"
sh=E6E0A9834C1D5B63FB1887CF6EECD978F9261881 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\frIpZF.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\lsdb.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\content.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\lsdb.js.vir"
sh=92A047E3DEF034DE6049C6A11AFEBA47C74082F3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\oVCdw.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\content.js.vir"
sh=3B63AB1BF7D3A3A437D51C8C8228B1B37670B3C4 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\LB8.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\lsdb.js.vir"
sh=D11CD109A94227DD9E5F94AAFC1B5C45ED6F8FAD ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\jC4NQFa.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\lsdb.js.vir"
sh=E6E0A9834C1D5B63FB1887CF6EECD978F9261881 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\frIpZF.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\lsdb.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\content.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\lsdb.js.vir"
sh=92A047E3DEF034DE6049C6A11AFEBA47C74082F3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\oVCdw.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\content.js.vir"
sh=3B63AB1BF7D3A3A437D51C8C8228B1B37670B3C4 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\LB8.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\lsdb.js.vir"
sh=D11CD109A94227DD9E5F94AAFC1B5C45ED6F8FAD ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\jC4NQFa.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stormer\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\lsdb.js.vir"
sh=E6E0A9834C1D5B63FB1887CF6EECD978F9261881 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\frIpZF.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\lsdb.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\content.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\lsdb.js.vir"
sh=92A047E3DEF034DE6049C6A11AFEBA47C74082F3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\oVCdw.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\content.js.vir"
sh=3B63AB1BF7D3A3A437D51C8C8228B1B37670B3C4 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\LB8.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\lsdb.js.vir"
sh=D11CD109A94227DD9E5F94AAFC1B5C45ED6F8FAD ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\jC4NQFa.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\lsdb.js.vir"
sh=E6E0A9834C1D5B63FB1887CF6EECD978F9261881 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\frIpZF.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\lsdb.js.vir"
sh=E6E0A9834C1D5B63FB1887CF6EECD978F9261881 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\frIpZF.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\155\lsdb.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\content.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\lsdb.js.vir"
sh=92A047E3DEF034DE6049C6A11AFEBA47C74082F3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kbondpholjkjkddkadgdfhlpnmdollnn\1.0\oVCdw.js.vir"
sh=AC8BC008A577C41A2D728B02C2CFBE810F55FBFB ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\content.js.vir"
sh=3B63AB1BF7D3A3A437D51C8C8228B1B37670B3C4 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\LB8.js.vir"
sh=EA4A87D50BC66B19B73443F9113E44E08B3B4002 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lihoopeopcidjoebfgidpelknckjmbmf\1.0\lsdb.js.vir"
sh=D11CD109A94227DD9E5F94AAFC1B5C45ED6F8FAD ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\jC4NQFa.js.vir"
sh=C78174996528590A8756824624BAC58541B94C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ocnijmbhinkojjglkhdolanjejkeoggl\3.9\lsdb.js.vir"
sh=AB91E981965B2C25B25C23A228ED679AC3EC2DB0 ft=1 fh=f5c379a356c67ed4 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Windows\SysWOW64\MPK\lsynchost.exe.vir"
sh=67E28AC106F7FE1FDEEBB1FBD215771E9FC08214 ft=1 fh=49619b02953dec9d vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Windows\SysWOW64\MPK\Mpk.dll.vir"
sh=0A998A7BD340D9E5986BA70E4F7589CBBD078E81 ft=1 fh=6fbef25447663cc4 vn="Variante von Win32/KeyLogger.Refog.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Windows\SysWOW64\MPK\MPK.exe.vir"
sh=FB67151B5624D994084965D4C2402C8C7275FB9C ft=1 fh=14959ea47fad148b vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Windows\SysWOW64\MPK\Mpk64.dll.vir"
sh=449C119031B228216E0442862706F8CED451B336 ft=1 fh=886f747f4d0afb5e vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Windows\SysWOW64\MPK\MpkHCA.dll.vir"
sh=27491C54623C56677CB5DCC823D298BB507138A3 ft=1 fh=aa48013cf37e62be vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Windows\SysWOW64\MPK\MpkHCQ12.dll.vir"
sh=CBE7A6C2BD84090F061A77680C3CEA5C179BB1DF ft=1 fh=bf5a0da85e813302 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Windows\SysWOW64\MPK\MPKInst.exe.vir"
sh=118771D71D4B0953316E2A56CFD6849E71A25254 ft=1 fh=cdb34b1bedf7a50c vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Windows\SysWOW64\MPK\MpkL64.exe.vir"
sh=D756F55F38956AA8B40A56055FC76868FFA1662C ft=1 fh=559951fe1765a936 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Windows\SysWOW64\MPK\MPKView.exe.vir"
sh=3009A9465B5BB0B1E3A28B8D7F957001F70E24DE ft=1 fh=13569e54f3542984 vn="Variante von Win32/KeyLogger.Refog.D Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Windows\SysWOW64\MPK\unins000.exe.vir"
sh=3DEEFB16E53E462DEC3F8E0BD4E21A6991460CEF ft=1 fh=0080dc61b784d694 vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\Users\Stormer\AppData\Local\Temp\aaccee\aabbcc.exe"
sh=C14C0089454DC4CB22A1693380892FB4D3EE8F26 ft=1 fh=2fd10951590b9000 vn="Variante von Win32/TrojanDownloader.Agent.SEQ Trojaner" ac=I fn="C:\Windows\temp\db22.exe"
Code:
Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 20 
 Java version 32-bit out of Date!
 Adobe Flash Player 16.0.0.257 
 Mozilla Firefox 33.1 Firefox out of Date! 
 Google Chrome (41.0.2267.0)
 Google Chrome (41.0.2272.3)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 01
Ran by Stormer (administrator) on STORMER-PC on 18-01-2015 22:38:14
Running from C:\Users\Stormer\Desktop
Loaded Profiles: Stormer & UpdatusUser (Available profiles: Stormer & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Spanisch (Spanien, internationale Sortierung)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2472048 2010-08-11] (VIA)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1684227235-1697619234-988528933-1001\...\Run: [BitTorrent] => C:\Users\Stormer\AppData\Roaming\BitTorrent\BitTorrent.exe [1388888 2014-11-26] (BitTorrent Inc.)
HKU\S-1-5-21-1684227235-1697619234-988528933-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1684227235-1697619234-988528933-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1684227235-1697619234-988528933-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1684227235-1697619234-988528933-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {426afe3a-6103-4d08-939a-867e7ccb1696} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\searchplugins\google-maps.xml
FF Extension: Avira Browser Safety - C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\Extensions\abs@avira.com [2014-12-11]
FF Extension: Download videos and MP3s from YouTube - C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-09-29]
FF Extension: ProxTube - C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\Extensions\ich@maltegoetz.de.xpi [2014-09-29]
FF Extension: Adblock Edge - C:\Users\Stormer\AppData\Roaming\Mozilla\Firefox\Profiles\fqnoptlc.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-04]
FF HKU\S-1-5-21-1684227235-1697619234-988528933-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-09-29]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-27]
CHR Extension: (Google Docs) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-27]
CHR Extension: (Google Drive) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-27]
CHR Extension: (YouTube) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-27]
CHR Extension: (Google Search) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-27]
CHR Extension: (Google Sheets) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-27]
CHR Extension: (Avira Browser Safety) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2014-12-10]
CHR Extension: (Google Wallet) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-27]
CHR Extension: (Amazon) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj [2014-12-05]
CHR Extension: (Gmail) - C:\Users\Stormer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-27]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Stormer\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-26] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-02] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 22:38 - 2015-01-18 22:38 - 00013077 _____ () C:\Users\Stormer\Desktop\FRST.txt
2015-01-18 22:38 - 2015-01-18 22:38 - 00000000 ____D () C:\Users\Stormer\Desktop\FRST-OlderVersion
2015-01-18 22:31 - 2015-01-18 22:31 - 00852504 _____ () C:\Users\Stormer\Desktop\SecurityCheck.exe
2015-01-18 17:35 - 2015-01-18 17:35 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-18 17:32 - 2015-01-18 17:33 - 02347384 _____ (ESET) C:\Users\Stormer\Downloads\esetsmartinstaller_deu.exe
2015-01-16 20:56 - 2015-01-16 20:56 - 00000000 ____D () C:\Windows\ERUNT
2015-01-16 20:44 - 2015-01-16 20:46 - 00000000 ____D () C:\AdwCleaner
2015-01-16 20:43 - 2015-01-16 20:43 - 02191360 _____ () C:\Users\Stormer\Desktop\AdwCleaner_4.107.exe
2015-01-16 20:02 - 2015-01-16 20:02 - 01707939 _____ (Thisisu) C:\Users\Stormer\Desktop\JRT.exe
2015-01-16 19:59 - 2015-01-18 20:44 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 19:58 - 2015-01-16 19:58 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-16 19:58 - 2015-01-16 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-16 19:58 - 2015-01-16 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-16 19:58 - 2015-01-16 19:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-16 19:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-16 19:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-16 19:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-16 19:35 - 2015-01-16 19:35 - 00013778 _____ () C:\ComboFix.txt
2015-01-16 14:22 - 2015-01-16 19:35 - 00000000 ____D () C:\Qoobox
2015-01-16 14:22 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-16 14:22 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-16 14:22 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-16 14:22 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-16 14:22 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-16 14:22 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-16 14:22 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-16 14:22 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-16 14:21 - 2015-01-16 15:44 - 00000000 ____D () C:\Windows\erdnt
2015-01-16 14:19 - 2015-01-16 14:19 - 05609736 ____R (Swearware) C:\Users\Stormer\Desktop\ComboFix.exe
2015-01-16 14:16 - 2015-01-16 14:16 - 00001264 _____ () C:\Users\Stormer\Desktop\Revo Uninstaller.lnk
2015-01-16 14:16 - 2015-01-16 14:16 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-16 10:42 - 2015-01-18 22:38 - 00000000 ____D () C:\FRST
2015-01-16 10:41 - 2015-01-18 22:38 - 02126848 _____ (Farbar) C:\Users\Stormer\Desktop\FRST64.exe
2015-01-11 02:53 - 2015-01-11 02:53 - 00262144 _____ () C:\Windows\Minidump\011115-20984-01.dmp
2015-01-11 02:53 - 2015-01-11 02:53 - 00000000 ____D () C:\Windows\Minidump
2014-12-30 10:09 - 2014-12-30 10:09 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-12-30 10:09 - 2014-12-30 10:09 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2014-12-30 10:09 - 2014-12-30 10:09 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-12-30 10:09 - 2014-12-30 10:09 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2014-12-26 16:40 - 2015-01-18 17:24 - 00003526 _____ () C:\Windows\setupact.log
2014-12-26 16:40 - 2015-01-17 11:45 - 00043462 _____ () C:\Windows\PFRO.log
2014-12-26 16:40 - 2014-12-26 16:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-26 15:28 - 2014-12-26 15:28 - 00000221 _____ () C:\Users\Stormer\Desktop\Borderlands 2.url
2014-12-23 21:17 - 2015-01-16 19:14 - 00000112 _____ () C:\ProgramData\21JF620.dat
2014-12-23 17:03 - 2014-12-23 17:03 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-12-20 01:44 - 2014-12-20 01:44 - 00000000 _____ () C:\Users\Stormer\Desktop\httpswww.youtube.comwatchv=z-yKyO3Wgzo.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 22:31 - 2014-09-27 09:14 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 21:50 - 2014-03-21 20:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-18 21:26 - 2014-03-21 18:05 - 01717978 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 19:30 - 2014-09-27 09:14 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 17:33 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 17:33 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 17:24 - 2014-03-21 19:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-18 17:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 13:50 - 2014-03-21 20:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-17 13:50 - 2014-03-21 20:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-17 13:50 - 2014-03-21 20:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-16 19:30 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-16 19:14 - 2014-09-06 20:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-16 15:45 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-16 15:26 - 2014-09-08 19:26 - 00000000 ____D () C:\Users\Stormer\AppData\Roaming\BitTorrent
2015-01-16 14:37 - 2009-07-14 03:34 - 55836672 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-16 14:37 - 2009-07-14 03:34 - 14680064 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-16 14:37 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-16 14:37 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-16 14:37 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-14 19:36 - 2014-09-27 09:14 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-11 19:40 - 2014-10-14 10:59 - 00087040 ___SH () C:\Users\Stormer\Downloads\Thumbs.db
2015-01-05 11:30 - 2014-03-21 20:26 - 00000000 ____D () C:\Users\Stormer\AppData\Local\Adobe
2014-12-26 15:35 - 2014-09-06 23:10 - 00000000 ____D () C:\ProgramData\Origin
2014-12-26 15:33 - 2014-09-06 23:10 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-26 15:28 - 2014-09-06 20:50 - 00000000 ____D () C:\Users\Stormer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-26 15:20 - 2014-10-17 08:31 - 00000000 ____D () C:\Users\Stormer\Desktop\fotos
2014-12-26 15:17 - 2014-03-22 16:05 - 00000000 ____D () C:\Program Files (x86)\White Label Office 3
2014-12-26 15:06 - 2014-09-06 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-26 12:47 - 2014-10-31 21:17 - 00000000 ____D () C:\Users\Stormer\AppData\Local\CSO
2014-12-23 17:03 - 2014-03-21 19:45 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

==================== Files in the root of some directories =======
2014-12-23 21:17 - 2015-01-16 19:14 - 0000112 _____ () C:\ProgramData\21JF620.dat

Files to move or delete:
====================
C:\ProgramData\21JF620.dat
C:\Users\Stormer\Setup.exe


Some content of TEMP:
====================
C:\Users\Stormer\AppData\Local\Temp\avgnt.exe
C:\Users\Stormer\AppData\Local\Temp\Quarantine.exe
C:\Users\Stormer\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-16 16:03

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 19.01.2015 11:38
Java und Firefox updaten.



Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\$RECYCLE.BIN
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\ProgramData\21JF620.dat
C:\Users\Stormer\Setup.exe
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Ifrit91 19.01.2015 16:58
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-01-2015 01
Ran by Stormer at 2015-01-19 16:52:56 Run:1
Running from C:\Users\Stormer\Desktop
Loaded Profiles: Stormer & UpdatusUser (Available profiles: Stormer & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\$RECYCLE.BIN
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\ProgramData\21JF620.dat
C:\Users\Stormer\Setup.exe
Emptytemp:
       
*****************

C:\$RECYCLE.BIN => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\ProgramData\21JF620.dat => Moved successfully.
C:\Users\Stormer\Setup.exe => Moved successfully.
EmptyTemp: => Removed 582 MB temporary data.


The system needed a reboot.

==== End of Fixlog 16:53:15 ====

schrauber 19.01.2015 19:53
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:00 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55