Windows 7: Norton Trojan.Zbot Entfernen fehlgeschlagen

the_elk · 28.01.2014, 19:35

Hi,

mein Vater hat sich wohl nen Virus eingefangen. Der Rechner ist mit Norton Internetsecurity geschützt. Hier wird nach jedem Neustart angezeigt dass bei der Bedrohung "Trojan.Zbot Entfernen fehlgeschlagen" ist.
Hab es dann wie von Norton empfohlen mit dem Norton Power Eraser versucht. Leider ohne Erfolg. Die Meldung kommt weiterhin.
Hier die Log-Files:

defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:16 on 28/01/2014 (XXX)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2014 03
Ran by XXX (administrator) on XXX on 28-01-2014 18:21:42
Running from C:\Users\XXX\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe [2697832 2010-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [IMSS] - C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112408 2012-09-10] (Intel Corporation)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [214384 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [RemoteControl9] - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [DBRMTray] - C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-05] (Microsoft)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Lsa: [Authentication Packages] msv1_0 wvauth

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.wetter.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {B9914023-3977-41E7-8C5F-8FF5CADDBBC2} URL = 
SearchScopes: HKCU - {B9914023-3977-41E7-8C5F-8FF5CADDBBC2} URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
Tcpip\..\Interfaces\{B53557D2-8DA0-4AA3-B2C0-6C617A12E5DA}: [NameServer]192.168.1.1

Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchProvider: Ask
CHR DefaultSearchURL: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\XXX\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\XXX\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\XXX\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U3) - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.30.255) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\XXX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-26]
CHR Extension: (Google-Suche) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-26]
CHR Extension: (Norton Identity Protection) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-07-26]
CHR Extension: (Google Mail) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-26]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2013-12-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [112800 2011-06-29] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [212944 2011-02-24] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1508232 2011-05-24] (Wave Systems Corp.)
R2 svcGenericHost; c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50704 2011-04-07] (Trend Micro Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] ()
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2605424 2011-05-27] (Wave Systems Corp.)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1131520 2011-07-01] (Wave Systems Corp.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20140121.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20140127.001\IDSvix86.sys [394456 2014-01-21] (Symantec Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHDA.sys [2749416 2010-10-04] (Realtek Semiconductor Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41216 2011-09-22] (Intel Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20140127.022\NAVENG.SYS [93272 2014-01-07] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20140127.022\NAVEX15.SYS [1612376 2014-01-07] (Symantec Corporation)
S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2010-07-21] (Dell Inc)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-28 18:22 - 2014-01-28 18:22 - 00370971 _____ C:\Users\XXX\Downloads\gmer_2.1.19355.zip
2014-01-28 18:21 - 2014-01-28 18:23 - 00014629 _____ C:\Users\XXX\Downloads\FRST.txt
2014-01-28 18:20 - 2014-01-28 18:20 - 01136640 _____ (Farbar) C:\Users\XXX\Downloads\FRST.exe
2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D C:\FRST
2014-01-28 18:17 - 2014-01-28 18:17 - 01136640 _____ (Farbar) C:\Users\XXX\Downloads\FRST.exe.sbgqg04.partial
2014-01-28 18:16 - 2014-01-28 18:16 - 00000490 _____ C:\Users\XXX\Downloads\defogger_disable.log
2014-01-28 18:16 - 2014-01-28 18:16 - 00000000 _____ C:\Users\XXX\defogger_reenable
2014-01-28 18:14 - 2014-01-28 18:14 - 00050477 _____ C:\Users\XXX\Downloads\Defogger.exe
2014-01-28 17:56 - 2014-01-28 17:56 - 00000971 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-28 17:56 - 2014-01-28 17:56 - 00000000 ____D C:\Program Files\CCleaner
2014-01-28 16:58 - 2012-08-23 15:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-01-28 16:58 - 2012-08-23 15:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-01-28 16:58 - 2012-08-23 15:41 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-01-28 16:58 - 2012-08-23 15:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-01-28 16:58 - 2012-08-23 15:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-28 16:58 - 2012-08-23 15:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-28 16:58 - 2012-08-23 14:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-01-28 16:58 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-01-28 16:58 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-01-28 16:58 - 2012-08-23 14:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-01-28 16:58 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-01-28 16:58 - 2012-08-23 12:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-01-28 16:58 - 2012-08-23 12:32 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-01-28 16:58 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-01-28 16:58 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-01-28 16:58 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-01-28 16:58 - 2012-08-23 11:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-01-28 16:58 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-28 16:17 - 2014-01-28 16:26 - 00000000 ____D C:\Users\XXX\AppData\Local\NPE
2014-01-28 10:22 - 2014-01-28 10:22 - 00000000 ____D C:\Users\XXX\AppData\Local\{40D6483A-9405-4D1B-83E5-F194BE6A1950}
2014-01-27 20:42 - 2014-01-27 20:42 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2014-01-27 20:29 - 2014-01-27 20:29 - 00273154 _____ C:\Users\XXX\Desktop\JRT.txt
2014-01-27 20:24 - 2014-01-27 20:24 - 00000000 ____D C:\Windows\ERUNT
2014-01-27 20:20 - 2014-01-27 20:22 - 00000000 ____D C:\AdwCleaner
2014-01-27 19:00 - 2014-01-27 19:00 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Malwarebytes
2014-01-27 18:59 - 2014-01-27 18:59 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-27 18:59 - 2014-01-27 18:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-27 18:59 - 2014-01-27 18:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-27 18:59 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-27 15:20 - 2014-01-27 15:20 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809015252_2.tmp
2014-01-26 12:00 - 2014-01-26 12:24 - 00000000 ____D C:\Users\XXX\Desktop\patientenverf
2014-01-25 17:14 - 2014-01-25 17:15 - 00000000 ____D C:\Users\XXX\Desktop\Gälf. 2014
2014-01-25 17:06 - 2014-01-25 17:15 - 00000000 ____D C:\Users\XXX\Desktop\ahbau 25.1.14
2014-01-24 15:40 - 2014-01-24 16:29 - 00000000 ____D C:\Users\XXX\Desktop\Wüstenrot
2014-01-24 11:44 - 2014-01-24 11:39 - 00072704 _____ C:\Users\XXX\Desktop\37 Torlontano.xls
2014-01-16 11:08 - 2014-01-16 18:43 - 00025088 ____H C:\Users\XXX\Desktop\~WRL1128.tmp
2014-01-16 11:08 - 2014-01-16 16:18 - 00025088 ____H C:\Users\XXX\Desktop\~WRL3657.tmp
2014-01-15 11:12 - 2013-11-27 02:19 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 11:12 - 2013-11-27 02:18 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 11:12 - 2013-11-27 02:18 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 11:12 - 2013-11-27 02:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 11:12 - 2013-11-27 02:18 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 11:12 - 2013-11-27 02:18 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 11:12 - 2013-11-27 02:18 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 11:12 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 11:12 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 14:17 - 2014-01-10 14:17 - 00000000 ____D C:\Users\XXX\Finanzamt
2014-01-09 11:32 - 2014-01-09 11:32 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809013680_1.tmp
2014-01-05 16:46 - 2014-01-05 16:55 - 00000000 ____D C:\Users\XXX\Desktop\Alphorngschichtle
2014-01-05 16:42 - 2014-01-05 16:42 - 00000000 ____D C:\Users\XXX\Desktop\Micky
2014-01-05 16:04 - 2014-01-05 16:16 - 00000000 ____D C:\Users\XXX\Desktop\Termine 2014
2014-01-01 11:38 - 2014-01-01 11:38 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809014888_1.tmp
2014-01-01 11:36 - 2014-01-01 11:36 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809013844_1.tmp
2014-01-01 11:29 - 2014-01-01 11:29 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809016056_1.tmp
2014-01-01 11:28 - 2014-01-01 11:28 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809011428_1.tmp
2014-01-01 11:27 - 2014-01-01 11:27 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809011156_1.tmp
2013-12-31 10:30 - 2013-12-31 10:30 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809015008_1.tmp
2013-12-31 10:24 - 2013-12-31 10:24 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon080901164_1.tmp

==================== One Month Modified Files and Folders =======

2014-01-28 18:23 - 2014-01-28 18:21 - 00014629 _____ C:\Users\XXX\Downloads\FRST.txt
2014-01-28 18:22 - 2014-01-28 18:22 - 00370971 _____ C:\Users\XXX\Downloads\gmer_2.1.19355.zip
2014-01-28 18:20 - 2014-01-28 18:20 - 01136640 _____ (Farbar) C:\Users\XXX\Downloads\FRST.exe
2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D C:\FRST
2014-01-28 18:19 - 2012-11-18 09:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-28 18:17 - 2014-01-28 18:17 - 01136640 _____ (Farbar) C:\Users\XXX\Downloads\FRST.exe.sbgqg04.partial
2014-01-28 18:16 - 2014-01-28 18:16 - 00000490 _____ C:\Users\XXX\Downloads\defogger_disable.log
2014-01-28 18:16 - 2014-01-28 18:16 - 00000000 _____ C:\Users\XXX\defogger_reenable
2014-01-28 18:16 - 2012-02-21 12:00 - 00000000 ____D C:\Users\XXX
2014-01-28 18:15 - 2012-02-15 21:38 - 01973292 ____N C:\Windows\WindowsUpdate.log
2014-01-28 18:14 - 2014-01-28 18:14 - 00050477 _____ C:\Users\XXX\Downloads\Defogger.exe
2014-01-28 18:14 - 2013-02-23 00:38 - 00000000 ____D C:\Windows\Minidump
2014-01-28 18:14 - 2011-02-12 03:26 - 00000000 ____D C:\Windows\panther
2014-01-28 17:56 - 2014-01-28 17:56 - 00000971 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-28 17:56 - 2014-01-28 17:56 - 00000000 ____D C:\Program Files\CCleaner
2014-01-28 17:52 - 2010-11-20 22:01 - 01653296 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-28 17:52 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2014-01-28 17:48 - 2009-07-14 05:34 - 00021088 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-28 17:48 - 2009-07-14 05:34 - 00021088 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-28 17:41 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-28 17:38 - 2012-02-15 22:07 - 00000000 ____D C:\Program Files\Trend Micro
2014-01-28 17:33 - 2012-02-15 22:09 - 00000031 _____ C:\tmuninst.ini
2014-01-28 17:06 - 2010-11-21 01:46 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2014-01-28 17:05 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-28 16:26 - 2014-01-28 16:17 - 00000000 ____D C:\Users\XXX\AppData\Local\NPE
2014-01-28 16:17 - 2012-02-21 16:04 - 00000000 ____D C:\ProgramData\Norton
2014-01-28 15:00 - 2013-07-29 19:33 - 00000000 ____D C:\Users\XXX\Desktop\sigi
2014-01-28 10:50 - 2013-03-07 19:51 - 00000000 ____D C:\Users\XXX\Desktop\Carnyx
2014-01-28 10:22 - 2014-01-28 10:22 - 00000000 ____D C:\Users\XXX\AppData\Local\{40D6483A-9405-4D1B-83E5-F194BE6A1950}
2014-01-27 20:42 - 2014-01-27 20:42 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2014-01-27 20:29 - 2014-01-27 20:29 - 00273154 _____ C:\Users\XXX\Desktop\JRT.txt
2014-01-27 20:24 - 2014-01-27 20:24 - 00000000 ____D C:\Windows\ERUNT
2014-01-27 20:22 - 2014-01-27 20:20 - 00000000 ____D C:\AdwCleaner
2014-01-27 19:00 - 2014-01-27 19:00 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Malwarebytes
2014-01-27 18:59 - 2014-01-27 18:59 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-27 18:59 - 2014-01-27 18:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-27 18:59 - 2014-01-27 18:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-27 16:59 - 2012-02-21 21:15 - 00000000 ____D C:\Users\XXX\Desktop\homepage
2014-01-27 15:20 - 2014-01-27 15:20 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809015252_2.tmp
2014-01-27 13:52 - 2012-10-26 14:51 - 00000000 ____D C:\Firefox
2014-01-26 19:43 - 2012-02-22 12:09 - 00000000 ____D C:\Users\XXX\AppData\Local\FreePDF_XP
2014-01-26 12:24 - 2014-01-26 12:00 - 00000000 ____D C:\Users\XXX\Desktop\patientenverf
2014-01-25 17:15 - 2014-01-25 17:14 - 00000000 ____D C:\Users\XXX\Desktop\Gälf. 2014
2014-01-25 17:15 - 2014-01-25 17:06 - 00000000 ____D C:\Users\XXX\Desktop\ahbau 25.1.14
2014-01-24 16:29 - 2014-01-24 15:40 - 00000000 ____D C:\Users\XXX\Desktop\Wüstenrot
2014-01-24 15:27 - 2012-02-21 21:14 - 00000000 ____D C:\Users\XXX\Aufkleber
2014-01-24 11:39 - 2014-01-24 11:44 - 00072704 _____ C:\Users\XXX\Desktop\37 Torlontano.xls
2014-01-21 19:15 - 2013-12-14 12:01 - 00000000 ____D C:\Users\XXX\Desktop\Bücher
2014-01-20 23:09 - 2012-02-21 20:51 - 00000000 ____D C:\Users\XXX\Desktop\Lustiges
2014-01-20 15:48 - 2013-07-15 14:29 - 00000000 ____D C:\Users\XXX\Desktop\SWR Patch
2014-01-16 18:43 - 2014-01-16 11:08 - 00025088 ____H C:\Users\XXX\Desktop\~WRL1128.tmp
2014-01-16 16:18 - 2014-01-16 11:08 - 00025088 ____H C:\Users\XXX\Desktop\~WRL3657.tmp
2014-01-16 09:19 - 2009-07-14 05:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-16 09:19 - 2009-07-14 05:33 - 00317936 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 17:20 - 2013-08-14 20:38 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 17:19 - 2012-02-21 12:16 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-12 12:10 - 2012-02-21 21:15 - 00000000 ____D C:\Users\XXX\Multiinstr.
2014-01-11 16:42 - 2012-02-21 16:04 - 00000000 ____D C:\Users\Public\Downloads\Norton
2014-01-10 14:17 - 2014-01-10 14:17 - 00000000 ____D C:\Users\XXX\Finanzamt
2014-01-09 17:45 - 2012-02-21 21:12 - 00000000 ____D C:\Users\XXX\alphorn
2014-01-09 11:32 - 2014-01-09 11:32 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809013680_1.tmp
2014-01-09 11:24 - 2013-04-28 14:24 - 00000000 ____D C:\Users\XXX\Desktop\Steuer
2014-01-08 14:13 - 2012-02-21 21:14 - 00000000 ____D C:\Users\XXX\Geschäft
2014-01-05 16:55 - 2014-01-05 16:46 - 00000000 ____D C:\Users\XXX\Desktop\Alphorngschichtle
2014-01-05 16:42 - 2014-01-05 16:42 - 00000000 ____D C:\Users\XXX\Desktop\Micky
2014-01-05 16:16 - 2014-01-05 16:04 - 00000000 ____D C:\Users\XXX\Desktop\Termine 2014
2014-01-01 11:38 - 2014-01-01 11:38 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809014888_1.tmp
2014-01-01 11:36 - 2014-01-01 11:36 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809013844_1.tmp
2014-01-01 11:29 - 2014-01-01 11:29 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809016056_1.tmp
2014-01-01 11:28 - 2014-01-01 11:28 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809011428_1.tmp
2014-01-01 11:27 - 2014-01-01 11:27 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809011156_1.tmp
2013-12-31 10:30 - 2013-12-31 10:30 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809015008_1.tmp
2013-12-31 10:24 - 2013-12-31 10:24 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon080901164_1.tmp

Some content of TEMP:
====================
C:\Users\XXX\AppData\Local\Temp\Quarantine.exe
C:\Users\XXX\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 13:38

==================== End Of Log ============================

Additions:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2014 03
Ran by XXX at 2014-01-28 18:23:24
Running from C:\Users\XXX\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (Version: 10.1.9 - Adobe Systems Incorporated)
ArcSoft PhotoStudio 6 (Version: 6.0.1.148 - ArcSoft)
Ashampoo Burning Studio 6 FREE v.6.81 (Version: 6.8.1 - Ashampoo GmbH & Co. KG)
Audacity 1.2.6 (Version:  - )
Audiograbber 1.83 SE  (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (Version: 1.0 - AG)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Canon MP Navigator EX 2.0 (Version:  - )
Canon Utilities Solution Menu (Version:  - )
CanoScan 5600F Scanner Driver (Version:  - )
capella 2002, Version 4.0 (Version:  - )
CCleaner (Version: 4.10 - Piriform)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000 - Microsoft Corporation)
Content Manager 2 (Version: 3.10.0.52790 - NNG Llc.)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (Version: 9.5.1.4418 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (Version: 9.5.1.4418 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (Version: 1.3.1 - Dell Inc.)
Dell Data Protection | Access (Version: 02.01.01.001 - Wave Systems Corp) Hidden
Dell Data Protection | Access (Version: 2.1.00001.001 - Dell Inc.)
Dell Data Protection | Access | Drivers (Version: 2.01.018 - Dell Inc.)
Dell Data Protection | Access | Middleware (Version: 2.01.010 - Dell Inc.)
Dell Driver Download Manager (HKCU Version: 3.0.0.0 - Dell Inc)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
DellAccess (Version: 01.00.00.108 - Wave Systems Corp.) Hidden
ElsterFormular (Version: 14.1.11318 - Landesfinanzdirektion Thüringen)
EMBASSY Security Center (Version: 04.02.00.173 - Wave Systems Corp.) Hidden
FreePDF (Remove only) (Version:  - )
Gemalto (Version: 01.01.01.0000 - Wave Systems Corp) Hidden
GPL Ghostscript (Version: 9.04 - Artifex Software Inc.)
Intel(R) Control Center (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (Version: 7.1.40.1161 - Intel Corporation)
Intel(R) Network Connections 16.5.2.0 (Version: 16.5.2.0 - Dell)
Intel(R) Network Connections 16.5.2.0 (Version: 16.5.2.0 - Dell) Hidden
Intel(R) Processor Graphics (Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 10.1.0.1008 - Intel Corporation)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.0.3 (Version: 2.0.3 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Naviextras Toolbox Prerequesities (Version: 1.0.0 - NNG Llc.)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Norton Internet Security (Version: 20.4.0.40 - Symantec Corporation)
NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
Preboot Manager (Version: 03.02.00.096 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.00.00.047 - Wave Systems Corp.) Hidden
Realtek High Definition Audio Driver (Version: 6.0.1.5883 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (Version:  - )
Sibelius Scorch (Firefox, Opera, Netscape only) (Version: 6.2.0 - Sibelius Software)
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
TeamViewer 8 (Version: 8.0.19617 - TeamViewer)
Trend Micro Client/Server Security Agent (Version: 3.5.1163 - Trend Micro)
Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.03.17.0010 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.12.00.036 - Wave Systems Corp) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile-Gerätecenter (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
WinRAR 4.10 (32-Bit) (Version: 4.10.0 - win.rar GmbH)

==================== Restore Points  =========================

30-12-2013 12:03:16 Geplanter Prüfpunkt
07-01-2014 16:21:03 Geplanter Prüfpunkt
15-01-2014 16:18:49 Windows Update
23-01-2014 15:49:31 Geplanter Prüfpunkt
27-01-2014 19:42:17 Installed SpyHunter
28-01-2014 15:52:49 Windows Update
28-01-2014 16:51:38 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {235AF9B9-3877-4F38-986B-DA7A06D7B6CC} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {88B5EA6F-35E2-4C8C-934F-AF966B1D71E4} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {A1093D44-9A63-4AAB-BAA2-DDD3F6250535} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {EBC7CE0A-7BDC-41CB-8D38-96FE13215631} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {F3BE2F91-C800-468C-8993-2ABAA1E3C3F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-06-08 06:13 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2012-02-21 16:08 - 2012-01-09 19:44 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2012-02-16 05:24 - 2011-06-10 19:36 - 00094208 ____N () C:\Windows\System32\IccLibDll.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2014 05:42:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2014 05:34:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2014 05:30:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2014 05:11:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2014 04:57:15 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003

Error: (01/28/2014 04:50:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2014 04:26:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2014 04:20:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2014 02:39:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2014 10:22:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/28/2014 05:42:41 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/28/2014 05:42:41 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/28/2014 05:41:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NTRU TSS v1.2.1.36 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (01/28/2014 05:41:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Gruppenrichtlinienclient" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/28/2014 05:41:14 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Gruppenrichtlinienclient erreicht.

Error: (01/28/2014 05:33:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NTRU TSS v1.2.1.36 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (01/28/2014 05:32:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Gruppenrichtlinienclient" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/28/2014 05:32:53 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Gruppenrichtlinienclient erreicht.

Error: (01/28/2014 05:29:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/28/2014 05:29:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (01/28/2014 05:42:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2014 05:34:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2014 05:30:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2014 05:11:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2014 04:57:15 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003 
System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (01/28/2014 04:50:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2014 04:26:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2014 04:20:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2014 02:39:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2014 10:22:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 47%
Total physical RAM: 3241.02 MB
Available physical RAM: 1708.88 MB
Total Pagefile: 6480.32 MB
Available Pagefile: 4809.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.52 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.57 GB) (Free:366.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 0B57E653)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Gmer:

Code:

ATTFilter

GMER 2.1.19355 - hxxp://www.gmer.net
Rootkit scan 2014-01-28 19:24:40
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 Intel___ rev.1.0. 465,76GB
Running: gmer.exe; Driver: C:\Users\XXX\AppData\Local\Temp\kwdoqaog.sys


---- System - GMER 2.1 ----

SSDT            88293928                                                                                     ZwAlertResumeThread
SSDT            882939C0                                                                                     ZwAlertThread
SSDT            88189550                                                                                     ZwAllocateVirtualMemory
SSDT            880CF928                                                                                     ZwAlpcConnectPort
SSDT            88187E48                                                                                     ZwAssignProcessToJobObject
SSDT            88293750                                                                                     ZwCreateMutant
SSDT            88187C40                                                                                     ZwCreateSymbolicLinkObject
SSDT            8817C200                                                                                     ZwCreateThread
SSDT            88187CE8                                                                                     ZwCreateThreadEx
SSDT            88293438                                                                                     ZwDebugActiveProcess
SSDT            88188158                                                                                     ZwDuplicateObject
SSDT            881893E0                                                                                     ZwFreeVirtualMemory
SSDT            882937F8                                                                                     ZwImpersonateAnonymousToken
SSDT            88293890                                                                                     ZwImpersonateThread
SSDT            880EC968                                                                                     ZwLoadDriver
SSDT            88189328                                                                                     ZwMapViewOfSection
SSDT            882936B8                                                                                     ZwOpenEvent
SSDT            88183D68                                                                                     ZwOpenProcess
SSDT            881895F8                                                                                     ZwOpenProcessToken
SSDT            88293588                                                                                     ZwOpenSection
SSDT            881881E0                                                                                     ZwOpenThread
SSDT            88187DA0                                                                                     ZwProtectVirtualMemory
SSDT            88293A58                                                                                     ZwResumeThread
SSDT            88189150                                                                                     ZwSetContextThread
SSDT            881891E8                                                                                     ZwSetInformationProcess
SSDT            882934D0                                                                                     ZwSetSystemInformation
SSDT            88293620                                                                                     ZwSuspendProcess
SSDT            88293AF0                                                                                     ZwSuspendThread
SSDT            88182C80                                                                                     ZwTerminateProcess
SSDT            88293B88                                                                                     ZwTerminateThread
SSDT            88189290                                                                                     ZwUnmapViewOfSection
SSDT            88189488                                                                                     ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                     82E40A15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                       82E7A212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10DB                                                          82E81470 8 Bytes  [28, 39, 29, 88, C0, 39, 29, ...] {SUB [ECX], BH; SUB [EAX-0x77d6c640], ECX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                          82E81488 4 Bytes  [50, 95, 18, 88]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                          82E81494 4 Bytes  [28, F9, 0C, 88] {SUB CL, BH; OR AL, 0x88}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                          82E814E8 4 Bytes  [48, 7E, 18, 88]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                          82E81564 4 Bytes  [50, 37, 29, 88]
.text           ...                                                                                          

---- User code sections - GMER 2.1 ----

.text           C:\Users\Alphorn-Center\Downloads\gmer.exe[3264] ntdll.dll!NtTerminateThread                 775F6918 5 Bytes  JMP 00020050 
.text           C:\Users\Alphorn-Center\Downloads\gmer.exe[3264] USER32.dll!ChangeWindowMessageFilterEx + F  76B524D7 7 Bytes  JMP 00210A12 
.text           C:\Users\Alphorn-Center\Downloads\gmer.exe[3264] USER32.dll!RecordShutdownReason + 372       76B906C2 7 Bytes  JMP 00210930 

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                     fltmgr.sys

---- EOF - GMER 2.1 ----

Ich hoffe, ich habe alles richtig gemacht. Wäre nett, wenn mir jemand helfen könnte.

Gruß

the_elk

schrauber · 28.01.2014, 22:09

hi,

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

the_elk · 29.01.2014, 16:41

Danke für deine Hifle, hier das Log-File von Combofix:

Ich konnte keine Antwort erstellen. Vermute das Log-File war zu groß.
Deshalb der Versuch im Anhang. Leider als rar, da die txt auch zu groß war.

Gruß

the_elk

schrauber · 30.01.2014, 15:53

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

the_elk · 30.01.2014, 19:21

Und weiter geht's:

MalwareBytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.30.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
XXX :: XXX [Administrator]

Schutz: Aktiviert

30.01.2014 17:25:19
mbam-log-2014-01-30 (17-25-19).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212489
Laufzeit: 6 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v3.018 - Bericht erstellt am 30/01/2014 um 18:40:31
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : XXX - XXX
# Gestartet von : C:\Users\XXX\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v

[ Datei : C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R1].txt - [813 octets] - [30/01/2014 18:39:51]
AdwCleaner[S1].txt - [735 octets] - [30/01/2014 18:40:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [794 octets] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x86
Ran by XXX on 30.01.2014 at 18:44:43,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\XXX\appdata\local\{40D6483A-9405-4D1B-83E5-F194BE6A1950}
Successfully deleted: [Empty Folder] C:\Users\XXX\appdata\local\{737BC871-8621-46D5-AF5E-12CE56354F50}
Successfully deleted: [Empty Folder] C:\Users\XXX\appdata\local\{77FFF7B7-5EBA-4AE8-AA65-3F01282EF239}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.01.2014 at 18:46:39,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2014 03
Ran by XXX (administrator) on XXX on 30-01-2014 18:52:42
Running from C:\Users\XXX\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) ===================

(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe [2697832 2010-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [IMSS] - C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112408 2012-09-10] (Intel Corporation)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [214384 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [RemoteControl9] - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [DBRMTray] - C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-05] (Microsoft)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Lsa: [Authentication Packages] msv1_0 wvauth

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {B9914023-3977-41E7-8C5F-8FF5CADDBBC2} URL = 
SearchScopes: HKCU - {B9914023-3977-41E7-8C5F-8FF5CADDBBC2} URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
Tcpip\..\Interfaces\{B53557D2-8DA0-4AA3-B2C0-6C617A12E5DA}: [NameServer]192.168.1.1

Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchProvider: Ask
CHR DefaultSearchURL: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\XXX\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\XXX\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\XXX\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U3) - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.30.255) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\XXX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-26]
CHR Extension: (Google-Suche) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-26]
CHR Extension: (Norton Identity Protection) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-07-26]
CHR Extension: (Google Mail) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-26]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2013-12-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [112800 2011-06-29] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [212944 2011-02-24] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1508232 2011-05-24] (Wave Systems Corp.)
R2 svcGenericHost; c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50704 2011-04-07] (Trend Micro Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] ()
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2605424 2011-05-27] (Wave Systems Corp.)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1131520 2011-07-01] (Wave Systems Corp.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20140121.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20140129.001\IDSvix86.sys [394456 2014-01-21] (Symantec Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHDA.sys [2749416 2010-10-04] (Realtek Semiconductor Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41216 2011-09-22] (Intel Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20140129.035\NAVENG.SYS [93272 2014-01-07] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20140129.035\NAVEX15.SYS [1612376 2014-01-07] (Symantec Corporation)
S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2010-07-21] (Dell Inc)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\ALPHOR~1\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-30 18:46 - 2014-01-30 18:46 - 00000981 _____ C:\Users\XXX\Desktop\JRT.txt
2014-01-30 18:37 - 2014-01-30 18:52 - 00000000 ____D C:\Users\XXX\Downloads\2
2014-01-30 17:27 - 2014-01-30 17:27 - 01037068 _____ (Thisisu) C:\Users\XXX\Downloads\JRT.exe
2014-01-30 17:26 - 2014-01-30 17:26 - 01166132 _____ C:\Users\XXX\Downloads\adwcleaner.exe
2014-01-30 08:16 - 2014-01-30 08:16 - 00000546 _____ C:\Windows\PFRO.log
2014-01-29 16:40 - 2014-01-29 16:40 - 00007794 _____ C:\Users\XXX\Downloads\ComboFix.rar
2014-01-29 16:27 - 2014-01-29 16:38 - 00125741 _____ C:\Users\XXX\Downloads\ComboFix.txt
2014-01-29 16:21 - 2014-01-29 16:27 - 00000000 ____D C:\Qoobox
2014-01-29 16:21 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-29 16:21 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-29 16:21 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-29 16:21 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-29 16:21 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-29 16:21 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-29 16:21 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-29 16:21 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-29 16:20 - 2014-01-29 16:26 - 00000000 ____D C:\Windows\erdnt
2014-01-29 16:19 - 2014-01-29 16:19 - 05177551 ____R (Swearware) C:\Users\XXX\Downloads\ComboFix.exe
2014-01-29 11:20 - 2014-01-30 18:41 - 00000224 _____ C:\Windows\setupact.log
2014-01-29 11:20 - 2014-01-29 11:20 - 00000000 _____ C:\Windows\setuperr.log
2014-01-28 19:24 - 2014-01-28 19:24 - 00006433 _____ C:\Users\XXX\Downloads\GMER.txt
2014-01-28 18:30 - 2014-01-21 21:56 - 00380416 _____ C:\Users\XXX\Downloads\gmer.exe
2014-01-28 18:23 - 2014-01-28 19:34 - 00019078 _____ C:\Users\XXX\Downloads\Addition.txt
2014-01-28 18:21 - 2014-01-30 18:52 - 00014201 _____ C:\Users\XXX\Downloads\FRST.txt
2014-01-28 18:21 - 2014-01-28 19:32 - 00029099 _____ C:\Users\XXX\Downloads\FRST1.txt
2014-01-28 18:20 - 2014-01-28 18:20 - 01136640 _____ (Farbar) C:\Users\XXX\Downloads\FRST.exe
2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D C:\FRST
2014-01-28 18:17 - 2014-01-28 18:17 - 01136640 _____ (Farbar) C:\Users\XXX\Downloads\FRST.exe.sbgqg04.partial
2014-01-28 18:16 - 2014-01-28 18:16 - 00000490 _____ C:\Users\XXX\Downloads\defogger_disable.log
2014-01-28 18:16 - 2014-01-28 18:16 - 00000000 _____ C:\Users\XXX\defogger_reenable
2014-01-28 18:14 - 2014-01-28 18:14 - 00050477 _____ C:\Users\XXX\Downloads\Defogger.exe
2014-01-28 17:56 - 2014-01-28 17:56 - 00000971 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-28 17:56 - 2014-01-28 17:56 - 00000000 ____D C:\Program Files\CCleaner
2014-01-28 16:58 - 2012-08-23 15:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-01-28 16:58 - 2012-08-23 15:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-01-28 16:58 - 2012-08-23 15:41 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-01-28 16:58 - 2012-08-23 15:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-01-28 16:58 - 2012-08-23 15:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-28 16:58 - 2012-08-23 15:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-28 16:58 - 2012-08-23 14:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-01-28 16:58 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-01-28 16:58 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-01-28 16:58 - 2012-08-23 14:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-01-28 16:58 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-01-28 16:58 - 2012-08-23 12:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-01-28 16:58 - 2012-08-23 12:32 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-01-28 16:58 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-01-28 16:58 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-01-28 16:58 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-01-28 16:58 - 2012-08-23 11:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-01-28 16:58 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-28 16:17 - 2014-01-28 16:26 - 00000000 ____D C:\Users\XXX\AppData\Local\NPE
2014-01-27 20:42 - 2014-01-27 20:42 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2014-01-27 20:24 - 2014-01-27 20:24 - 00000000 ____D C:\Windows\ERUNT
2014-01-27 20:20 - 2014-01-30 18:40 - 00000000 ____D C:\AdwCleaner
2014-01-27 19:00 - 2014-01-27 19:00 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Malwarebytes
2014-01-27 18:59 - 2014-01-27 18:59 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-27 18:59 - 2014-01-27 18:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-27 18:59 - 2014-01-27 18:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-27 18:59 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-27 15:20 - 2014-01-27 15:20 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809015252_2.tmp
2014-01-26 12:00 - 2014-01-26 12:24 - 00000000 ____D C:\Users\XXX\Desktop\patientenverf
2014-01-25 17:14 - 2014-01-25 17:15 - 00000000 ____D C:\Users\XXX\Desktop\Gälf. 2014
2014-01-25 17:06 - 2014-01-25 17:15 - 00000000 ____D C:\Users\XXX\Desktop\ahbau 25.1.14
2014-01-24 15:40 - 2014-01-24 16:29 - 00000000 ____D C:\Users\XXX\Desktop\Wüstenrot
2014-01-24 11:44 - 2014-01-24 11:39 - 00072704 _____ C:\Users\XXX\Desktop\37 Torlontano.xls
2014-01-16 11:08 - 2014-01-16 18:43 - 00025088 ____H C:\Users\XXX\Desktop\~WRL1128.tmp
2014-01-16 11:08 - 2014-01-16 16:18 - 00025088 ____H C:\Users\XXX\Desktop\~WRL3657.tmp
2014-01-15 11:12 - 2013-11-27 02:19 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 11:12 - 2013-11-27 02:18 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 11:12 - 2013-11-27 02:18 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 11:12 - 2013-11-27 02:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 11:12 - 2013-11-27 02:18 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 11:12 - 2013-11-27 02:18 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 11:12 - 2013-11-27 02:18 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 11:12 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 11:12 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 14:17 - 2014-01-10 14:17 - 00000000 ____D C:\Users\XXX\Finanzamt
2014-01-09 11:32 - 2014-01-09 11:32 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809013680_1.tmp
2014-01-05 16:46 - 2014-01-05 16:55 - 00000000 ____D C:\Users\XXX\Desktop\Alphorngschichtle
2014-01-05 16:42 - 2014-01-05 16:42 - 00000000 ____D C:\Users\XXX\Desktop\Micky
2014-01-05 16:04 - 2014-01-05 16:16 - 00000000 ____D C:\Users\XXX\Desktop\Termine 2014
2014-01-01 11:38 - 2014-01-01 11:38 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809014888_1.tmp
2014-01-01 11:36 - 2014-01-01 11:36 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809013844_1.tmp
2014-01-01 11:29 - 2014-01-01 11:29 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809016056_1.tmp
2014-01-01 11:28 - 2014-01-01 11:28 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809011428_1.tmp
2014-01-01 11:27 - 2014-01-01 11:27 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809011156_1.tmp
2013-12-31 10:30 - 2013-12-31 10:30 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809015008_1.tmp
2013-12-31 10:24 - 2013-12-31 10:24 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon080901164_1.tmp

==================== One Month Modified Files and Folders =======

2014-01-30 18:52 - 2014-01-30 18:37 - 00000000 ____D C:\Users\XXX\Downloads\2
2014-01-30 18:52 - 2014-01-28 18:21 - 00014201 _____ C:\Users\XXX\Downloads\FRST.txt
2014-01-30 18:48 - 2009-07-14 05:34 - 00021088 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-30 18:48 - 2009-07-14 05:34 - 00021088 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-30 18:46 - 2014-01-30 18:46 - 00000981 _____ C:\Users\XXX\Desktop\JRT.txt
2014-01-30 18:46 - 2010-11-20 22:01 - 01679952 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-30 18:41 - 2014-01-29 11:20 - 00000224 _____ C:\Windows\setupact.log
2014-01-30 18:41 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-30 18:40 - 2014-01-27 20:20 - 00000000 ____D C:\AdwCleaner
2014-01-30 18:40 - 2012-02-15 21:38 - 02046932 _____ C:\Windows\WindowsUpdate.log
2014-01-30 18:31 - 2012-11-18 09:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-30 17:27 - 2014-01-30 17:27 - 01037068 _____ (Thisisu) C:\Users\XXX\Downloads\JRT.exe
2014-01-30 17:26 - 2014-01-30 17:26 - 01166132 _____ C:\Users\XXX\Downloads\adwcleaner.exe
2014-01-30 08:55 - 2012-02-21 21:15 - 00000000 ____D C:\Users\XXX\Desktop\homepage
2014-01-30 08:16 - 2014-01-30 08:16 - 00000546 _____ C:\Windows\PFRO.log
2014-01-29 16:40 - 2014-01-29 16:40 - 00007794 _____ C:\Users\XXX\Downloads\ComboFix.rar
2014-01-29 16:38 - 2014-01-29 16:27 - 00125741 _____ C:\Users\XXX\Downloads\ComboFix.txt
2014-01-29 16:27 - 2014-01-29 16:21 - 00000000 ____D C:\Qoobox
2014-01-29 16:27 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Default
2014-01-29 16:27 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2014-01-29 16:26 - 2014-01-29 16:20 - 00000000 ____D C:\Windows\erdnt
2014-01-29 16:26 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2014-01-29 16:25 - 2012-02-21 12:00 - 00000000 ____D C:\Users\XXX
2014-01-29 16:19 - 2014-01-29 16:19 - 05177551 ____R (Swearware) C:\Users\XXX\Downloads\ComboFix.exe
2014-01-29 11:20 - 2014-01-29 11:20 - 00000000 _____ C:\Windows\setuperr.log
2014-01-28 19:34 - 2014-01-28 18:23 - 00019078 _____ C:\Users\XXX\Downloads\Addition.txt
2014-01-28 19:32 - 2014-01-28 18:21 - 00029099 _____ C:\Users\XXX\Downloads\FRST1.txt
2014-01-28 19:24 - 2014-01-28 19:24 - 00006433 _____ C:\Users\XXX\Downloads\GMER.txt
2014-01-28 18:47 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-28 18:20 - 2014-01-28 18:20 - 01136640 _____ (Farbar) C:\Users\XXX\Downloads\FRST.exe
2014-01-28 18:20 - 2014-01-28 18:20 - 00000000 ____D C:\FRST
2014-01-28 18:17 - 2014-01-28 18:17 - 01136640 _____ (Farbar) C:\Users\XXX\Downloads\FRST.exe.sbgqg04.partial
2014-01-28 18:16 - 2014-01-28 18:16 - 00000490 _____ C:\Users\XXX\Downloads\defogger_disable.log
2014-01-28 18:16 - 2014-01-28 18:16 - 00000000 _____ C:\Users\XXX\defogger_reenable
2014-01-28 18:14 - 2014-01-28 18:14 - 00050477 _____ C:\Users\XXX\Downloads\Defogger.exe
2014-01-28 18:14 - 2013-02-23 00:38 - 00000000 ____D C:\Windows\Minidump
2014-01-28 18:14 - 2011-02-12 03:26 - 00000000 ____D C:\Windows\panther
2014-01-28 17:56 - 2014-01-28 17:56 - 00000971 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-28 17:56 - 2014-01-28 17:56 - 00000000 ____D C:\Program Files\CCleaner
2014-01-28 17:52 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2014-01-28 17:38 - 2012-02-15 22:07 - 00000000 ____D C:\Program Files\Trend Micro
2014-01-28 17:33 - 2012-02-15 22:09 - 00000031 _____ C:\tmuninst.ini
2014-01-28 17:06 - 2010-11-21 01:46 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2014-01-28 16:26 - 2014-01-28 16:17 - 00000000 ____D C:\Users\XXX\AppData\Local\NPE
2014-01-28 16:17 - 2012-02-21 16:04 - 00000000 ____D C:\ProgramData\Norton
2014-01-28 15:00 - 2013-07-29 19:33 - 00000000 ____D C:\Users\XXX\Desktop\sigi
2014-01-28 10:50 - 2013-03-07 19:51 - 00000000 ____D C:\Users\XXX\Desktop\Carnyx
2014-01-27 20:42 - 2014-01-27 20:42 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2014-01-27 20:24 - 2014-01-27 20:24 - 00000000 ____D C:\Windows\ERUNT
2014-01-27 19:00 - 2014-01-27 19:00 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Malwarebytes
2014-01-27 18:59 - 2014-01-27 18:59 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-27 18:59 - 2014-01-27 18:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-27 18:59 - 2014-01-27 18:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-27 15:20 - 2014-01-27 15:20 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809015252_2.tmp
2014-01-27 13:52 - 2012-10-26 14:51 - 00000000 ____D C:\Firefox
2014-01-26 19:43 - 2012-02-22 12:09 - 00000000 ____D C:\Users\XXX\AppData\Local\FreePDF_XP
2014-01-26 12:24 - 2014-01-26 12:00 - 00000000 ____D C:\Users\XXX\Desktop\patientenverf
2014-01-25 17:15 - 2014-01-25 17:14 - 00000000 ____D C:\Users\XXX\Desktop\Gälf. 2014
2014-01-25 17:15 - 2014-01-25 17:06 - 00000000 ____D C:\Users\XXX\Desktop\ahbau 25.1.14
2014-01-24 16:29 - 2014-01-24 15:40 - 00000000 ____D C:\Users\XXX\Desktop\Wüstenrot
2014-01-24 15:27 - 2012-02-21 21:14 - 00000000 ____D C:\Users\XXX\Aufkleber
2014-01-24 11:39 - 2014-01-24 11:44 - 00072704 _____ C:\Users\XXX\Desktop\37 Torlontano.xls
2014-01-21 21:56 - 2014-01-28 18:30 - 00380416 _____ C:\Users\XXX\Downloads\gmer.exe
2014-01-21 19:15 - 2013-12-14 12:01 - 00000000 ____D C:\Users\XXX\Desktop\Bücher
2014-01-20 23:09 - 2012-02-21 20:51 - 00000000 ____D C:\Users\XXX\Desktop\Lustiges
2014-01-20 15:48 - 2013-07-15 14:29 - 00000000 ____D C:\Users\XXX\Desktop\SWR Patch
2014-01-16 18:43 - 2014-01-16 11:08 - 00025088 ____H C:\Users\XXX\Desktop\~WRL1128.tmp
2014-01-16 16:18 - 2014-01-16 11:08 - 00025088 ____H C:\Users\XXX\Desktop\~WRL3657.tmp
2014-01-16 09:19 - 2009-07-14 05:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-16 09:19 - 2009-07-14 05:33 - 00317936 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 17:20 - 2013-08-14 20:38 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 17:19 - 2012-02-21 12:16 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-12 12:10 - 2012-02-21 21:15 - 00000000 ____D C:\Users\XXX\Multiinstr. F. Sch
2014-01-11 16:42 - 2012-02-21 16:04 - 00000000 ____D C:\Users\Public\Downloads\Norton
2014-01-10 14:17 - 2014-01-10 14:17 - 00000000 ____D C:\Users\XXX\Finanzamt
2014-01-09 17:45 - 2012-02-21 21:12 - 00000000 ____D C:\Users\XXX\alphorn
2014-01-09 11:32 - 2014-01-09 11:32 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809013680_1.tmp
2014-01-09 11:24 - 2013-04-28 14:24 - 00000000 ____D C:\Users\XXX\Desktop\Steuer
2014-01-08 14:13 - 2012-02-21 21:14 - 00000000 ____D C:\Users\XXX\Geschäft
2014-01-05 16:55 - 2014-01-05 16:46 - 00000000 ____D C:\Users\XXX\Desktop\Alphorngschichtle
2014-01-05 16:42 - 2014-01-05 16:42 - 00000000 ____D C:\Users\XXX\Desktop\Micky
2014-01-05 16:16 - 2014-01-05 16:04 - 00000000 ____D C:\Users\XXX\Desktop\Termine 2014
2014-01-01 11:38 - 2014-01-01 11:38 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809014888_1.tmp
2014-01-01 11:36 - 2014-01-01 11:36 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809013844_1.tmp
2014-01-01 11:29 - 2014-01-01 11:29 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809016056_1.tmp
2014-01-01 11:28 - 2014-01-01 11:28 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809011428_1.tmp
2014-01-01 11:27 - 2014-01-01 11:27 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809011156_1.tmp
2013-12-31 10:30 - 2013-12-31 10:30 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809015008_1.tmp
2013-12-31 10:24 - 2013-12-31 10:24 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon080901164_1.tmp

Some content of TEMP:
====================
C:\Users\XXX\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 13:38

==================== End Of Log ============================

--- --- ---

Norton meckert noch.

schrauber · 31.01.2014, 12:18

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

the_elk · 31.01.2014, 18:42

Und weiter geht's:

Eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4add7b2eef8692428b5f7c3afb093600
# engine=16880
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-31 04:35:04
# local_time=2014-01-31 05:35:04 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 93 26496 153782689 0 0
# compatibility_mode=5893 16776574 100 94 17628209 142817295 0 0
# scanned=129570
# found=0
# cleaned=0
# scan_time=3688

SecurityCheck:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 CCleaner     
 JavaFX 2.0.3    
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (Firefox,. Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Trend Micro Client Server Security Agent HostedAgent svcGenericHost.exe 
 Trend Micro Client Server Security Agent HostedAgent HostedAgent.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014 01
Ran by XXX (administrator) on XXX on 31-01-2014 18:37:31
Running from C:\Users\XXX\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) ===================

(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe [2697832 2010-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [IMSS] - C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112408 2012-09-10] (Intel Corporation)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [214384 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [RemoteControl9] - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [DBRMTray] - C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-05] (Microsoft)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Lsa: [Authentication Packages] msv1_0 wvauth

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {B9914023-3977-41E7-8C5F-8FF5CADDBBC2} URL = 
SearchScopes: HKCU - {B9914023-3977-41E7-8C5F-8FF5CADDBBC2} URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
Tcpip\..\Interfaces\{B53557D2-8DA0-4AA3-B2C0-6C617A12E5DA}: [NameServer]192.168.1.1

Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchProvider: Ask
CHR DefaultSearchURL: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\XXX\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\XXX\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\XXX\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U3) - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.30.255) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\XXX\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-26]
CHR Extension: (Google-Suche) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-26]
CHR Extension: (Norton Identity Protection) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-07-26]
CHR Extension: (Google Mail) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-26]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2013-12-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [112800 2011-06-29] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [212944 2011-02-24] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1508232 2011-05-24] (Wave Systems Corp.)
R2 svcGenericHost; c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50704 2011-04-07] (Trend Micro Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] ()
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2605424 2011-05-27] (Wave Systems Corp.)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1131520 2011-07-01] (Wave Systems Corp.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20140121.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20140130.001\IDSvix86.sys [394456 2014-01-21] (Symantec Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHDA.sys [2749416 2010-10-04] (Realtek Semiconductor Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41216 2011-09-22] (Intel Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20140131.002\NAVENG.SYS [93272 2014-01-30] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20140131.002\NAVEX15.SYS [1612376 2014-01-30] (Symantec Corporation)
S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2010-07-21] (Dell Inc)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\ALPHOR~1\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-31 18:37 - 2014-01-31 18:37 - 00000000 ____D C:\Users\XXX\Downloads\FRST-OlderVersion
2014-01-31 18:34 - 2014-01-31 18:37 - 00000000 ____D C:\Users\XXX\Downloads\3
2014-01-31 18:34 - 2014-01-31 18:34 - 00987425 _____ C:\Users\XXX\Downloads\SecurityCheck.exe
2014-01-31 16:30 - 2014-01-31 16:30 - 00000000 ____D C:\Program Files\ESET
2014-01-31 16:28 - 2014-01-31 16:28 - 02347384 _____ (ESET) C:\Users\XXX\Downloads\esetsmartinstaller_enu.exe
2014-01-31 08:46 - 2014-01-31 08:46 - 00000000 ____D C:\Users\XXX\AppData\Local\{899839AE-0277-4B18-9975-9D4AFABE207D}
2014-01-30 22:01 - 2014-01-31 14:32 - 00000000 ____D C:\Users\XXX\Desktop\Torlantono
2014-01-30 20:45 - 2014-01-30 20:46 - 00000000 ____D C:\Users\XXX\AppData\Local\{5F6DED54-A6D0-47B7-B99E-0E8915AABA71}
2014-01-30 18:46 - 2014-01-30 18:46 - 00000981 _____ C:\Users\XXX\Desktop\JRT.txt
2014-01-30 18:37 - 2014-01-30 18:53 - 00000000 ____D C:\Users\XXX\Downloads\2
2014-01-30 17:27 - 2014-01-30 17:27 - 01037068 _____ (Thisisu) C:\Users\XXX\Downloads\JRT.exe
2014-01-30 17:26 - 2014-01-30 17:26 - 01166132 _____ C:\Users\XXX\Downloads\adwcleaner.exe
2014-01-30 08:16 - 2014-01-30 08:16 - 00000546 _____ C:\Windows\PFRO.log
2014-01-29 16:40 - 2014-01-29 16:40 - 00007794 _____ C:\Users\XXX\Downloads\ComboFix.rar
2014-01-29 16:27 - 2014-01-29 16:38 - 00125741 _____ C:\Users\XXX\Downloads\ComboFix.txt
2014-01-29 16:21 - 2014-01-29 16:27 - 00000000 ____D C:\Qoobox
2014-01-29 16:21 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-29 16:21 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-29 16:21 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-29 16:21 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-29 16:21 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-29 16:21 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-29 16:21 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-29 16:21 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-29 16:20 - 2014-01-29 16:26 - 00000000 ____D C:\Windows\erdnt
2014-01-29 16:19 - 2014-01-29 16:19 - 05177551 ____R (Swearware) C:\Users\XXX\Downloads\ComboFix.exe
2014-01-29 11:20 - 2014-01-31 08:23 - 00000336 _____ C:\Windows\setupact.log
2014-01-29 11:20 - 2014-01-29 11:20 - 00000000 _____ C:\Windows\setuperr.log
2014-01-28 19:24 - 2014-01-28 19:24 - 00006433 _____ C:\Users\XXX\Downloads\GMER.txt
2014-01-28 18:30 - 2014-01-21 21:56 - 00380416 _____ C:\Users\XXX\Downloads\gmer.exe
2014-01-28 18:23 - 2014-01-28 19:34 - 00019078 _____ C:\Users\XXX\Downloads\Addition.txt
2014-01-28 18:21 - 2014-01-31 18:37 - 00014446 _____ C:\Users\XXX\Downloads\FRST.txt
2014-01-28 18:21 - 2014-01-28 19:32 - 00029099 _____ C:\Users\XXX\Downloads\FRST1.txt
2014-01-28 18:20 - 2014-01-31 18:37 - 01137152 _____ (Farbar) C:\Users\XXX\Downloads\FRST.exe
2014-01-28 18:20 - 2014-01-31 18:37 - 00000000 ____D C:\FRST
2014-01-28 18:17 - 2014-01-28 18:17 - 01136640 _____ (Farbar) C:\Users\XXX\Downloads\FRST.exe.sbgqg04.partial
2014-01-28 18:16 - 2014-01-28 18:16 - 00000490 _____ C:\Users\XXX\Downloads\defogger_disable.log
2014-01-28 18:16 - 2014-01-28 18:16 - 00000000 _____ C:\Users\XXX\defogger_reenable
2014-01-28 18:14 - 2014-01-28 18:14 - 00050477 _____ C:\Users\XXX\Downloads\Defogger.exe
2014-01-28 17:56 - 2014-01-28 17:56 - 00000971 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-28 17:56 - 2014-01-28 17:56 - 00000000 ____D C:\Program Files\CCleaner
2014-01-28 16:58 - 2012-08-23 15:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-01-28 16:58 - 2012-08-23 15:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-01-28 16:58 - 2012-08-23 15:41 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-01-28 16:58 - 2012-08-23 15:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-01-28 16:58 - 2012-08-23 15:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-28 16:58 - 2012-08-23 15:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-28 16:58 - 2012-08-23 14:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-01-28 16:58 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-01-28 16:58 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-01-28 16:58 - 2012-08-23 14:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-01-28 16:58 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-01-28 16:58 - 2012-08-23 12:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-01-28 16:58 - 2012-08-23 12:32 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-01-28 16:58 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-01-28 16:58 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-01-28 16:58 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-01-28 16:58 - 2012-08-23 11:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-01-28 16:58 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-28 16:17 - 2014-01-28 16:26 - 00000000 ____D C:\Users\XXX\AppData\Local\NPE
2014-01-27 20:42 - 2014-01-27 20:42 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2014-01-27 20:24 - 2014-01-27 20:24 - 00000000 ____D C:\Windows\ERUNT
2014-01-27 20:20 - 2014-01-30 18:40 - 00000000 ____D C:\AdwCleaner
2014-01-27 19:00 - 2014-01-27 19:00 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Malwarebytes
2014-01-27 18:59 - 2014-01-27 18:59 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-27 18:59 - 2014-01-27 18:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-27 18:59 - 2014-01-27 18:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-27 18:59 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-27 15:20 - 2014-01-27 15:20 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809015252_2.tmp
2014-01-26 12:00 - 2014-01-26 12:24 - 00000000 ____D C:\Users\XXX\Desktop\patientenverf
2014-01-25 17:14 - 2014-01-25 17:15 - 00000000 ____D C:\Users\XXX\Desktop\Gälf. 2014
2014-01-25 17:06 - 2014-01-25 17:15 - 00000000 ____D C:\Users\XXX\Desktop\ahbau 25.1.14
2014-01-24 15:40 - 2014-01-24 16:29 - 00000000 ____D C:\Users\XXX\Desktop\Wüstenrot
2014-01-16 11:08 - 2014-01-16 18:43 - 00025088 ____H C:\Users\XXX\Desktop\~WRL1128.tmp
2014-01-16 11:08 - 2014-01-16 16:18 - 00025088 ____H C:\Users\XXX\Desktop\~WRL3657.tmp
2014-01-15 11:12 - 2013-11-27 02:19 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 11:12 - 2013-11-27 02:18 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 11:12 - 2013-11-27 02:18 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 11:12 - 2013-11-27 02:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 11:12 - 2013-11-27 02:18 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 11:12 - 2013-11-27 02:18 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 11:12 - 2013-11-27 02:18 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 11:12 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 11:12 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 14:17 - 2014-01-10 14:17 - 00000000 ____D C:\Users\XXX\Finanzamt
2014-01-09 11:32 - 2014-01-09 11:32 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809013680_1.tmp
2014-01-05 16:46 - 2014-01-05 16:55 - 00000000 ____D C:\Users\XXX\Desktop\Alphorngschichtle
2014-01-05 16:42 - 2014-01-05 16:42 - 00000000 ____D C:\Users\XXX\Desktop\Micky
2014-01-05 16:04 - 2014-01-05 16:16 - 00000000 ____D C:\Users\XXX\Desktop\Termine 2014
2014-01-01 11:38 - 2014-01-01 11:38 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809014888_1.tmp
2014-01-01 11:36 - 2014-01-01 11:36 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809013844_1.tmp
2014-01-01 11:29 - 2014-01-01 11:29 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809016056_1.tmp
2014-01-01 11:28 - 2014-01-01 11:28 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809011428_1.tmp
2014-01-01 11:27 - 2014-01-01 11:27 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809011156_1.tmp

==================== One Month Modified Files and Folders =======

2014-01-31 18:38 - 2014-01-28 18:21 - 00014446 _____ C:\Users\XXX\Downloads\FRST.txt
2014-01-31 18:37 - 2014-01-31 18:37 - 00000000 ____D C:\Users\XXX\Downloads\FRST-OlderVersion
2014-01-31 18:37 - 2014-01-31 18:34 - 00000000 ____D C:\Users\XXX\Downloads\3
2014-01-31 18:37 - 2014-01-28 18:20 - 01137152 _____ (Farbar) C:\Users\XXX\Downloads\FRST.exe
2014-01-31 18:37 - 2014-01-28 18:20 - 00000000 ____D C:\FRST
2014-01-31 18:35 - 2012-02-15 21:38 - 02095556 _____ C:\Windows\WindowsUpdate.log
2014-01-31 18:34 - 2014-01-31 18:34 - 00987425 _____ C:\Users\XXX\Downloads\SecurityCheck.exe
2014-01-31 18:33 - 2012-11-18 09:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-31 16:30 - 2014-01-31 16:30 - 00000000 ____D C:\Program Files\ESET
2014-01-31 16:28 - 2014-01-31 16:28 - 02347384 _____ (ESET) C:\Users\XXX\Downloads\esetsmartinstaller_enu.exe
2014-01-31 14:32 - 2014-01-30 22:01 - 00000000 ____D C:\Users\XXX\Desktop\Torlantono
2014-01-31 14:32 - 2013-12-07 19:04 - 00000000 ____D C:\Users\XXX\Desktop\Gugge
2014-01-31 14:23 - 2013-07-29 19:33 - 00000000 ____D C:\Users\XXX\Desktop\sigi
2014-01-31 13:34 - 2012-02-21 21:15 - 00000000 ____D C:\Users\XXX\Desktop\homepage
2014-01-31 08:46 - 2014-01-31 08:46 - 00000000 ____D C:\Users\XXX\AppData\Local\{899839AE-0277-4B18-9975-9D4AFABE207D}
2014-01-31 08:31 - 2009-07-14 05:34 - 00021088 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-31 08:31 - 2009-07-14 05:34 - 00021088 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-31 08:28 - 2010-11-20 22:01 - 01679952 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-31 08:23 - 2014-01-29 11:20 - 00000336 _____ C:\Windows\setupact.log
2014-01-31 08:23 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-30 20:46 - 2014-01-30 20:45 - 00000000 ____D C:\Users\XXX\AppData\Local\{5F6DED54-A6D0-47B7-B99E-0E8915AABA71}
2014-01-30 18:53 - 2014-01-30 18:37 - 00000000 ____D C:\Users\XXX\Downloads\2
2014-01-30 18:46 - 2014-01-30 18:46 - 00000981 _____ C:\Users\XXX\Desktop\JRT.txt
2014-01-30 18:40 - 2014-01-27 20:20 - 00000000 ____D C:\AdwCleaner
2014-01-30 17:27 - 2014-01-30 17:27 - 01037068 _____ (Thisisu) C:\Users\XXX\Downloads\JRT.exe
2014-01-30 17:26 - 2014-01-30 17:26 - 01166132 _____ C:\Users\XXX\Downloads\adwcleaner.exe
2014-01-30 08:16 - 2014-01-30 08:16 - 00000546 _____ C:\Windows\PFRO.log
2014-01-29 16:40 - 2014-01-29 16:40 - 00007794 _____ C:\Users\XXX\Downloads\ComboFix.rar
2014-01-29 16:38 - 2014-01-29 16:27 - 00125741 _____ C:\Users\XXX\Downloads\ComboFix.txt
2014-01-29 16:27 - 2014-01-29 16:21 - 00000000 ____D C:\Qoobox
2014-01-29 16:27 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Default
2014-01-29 16:27 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2014-01-29 16:26 - 2014-01-29 16:20 - 00000000 ____D C:\Windows\erdnt
2014-01-29 16:26 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2014-01-29 16:25 - 2012-02-21 12:00 - 00000000 ____D C:\Users\XXX
2014-01-29 16:19 - 2014-01-29 16:19 - 05177551 ____R (Swearware) C:\Users\XXX\Downloads\ComboFix.exe
2014-01-29 11:20 - 2014-01-29 11:20 - 00000000 _____ C:\Windows\setuperr.log
2014-01-28 19:34 - 2014-01-28 18:23 - 00019078 _____ C:\Users\XXX\Downloads\Addition.txt
2014-01-28 19:32 - 2014-01-28 18:21 - 00029099 _____ C:\Users\XXX\Downloads\FRST1.txt
2014-01-28 19:24 - 2014-01-28 19:24 - 00006433 _____ C:\Users\XXX\Downloads\GMER.txt
2014-01-28 18:47 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-28 18:17 - 2014-01-28 18:17 - 01136640 _____ (Farbar) C:\Users\XXX\Downloads\FRST.exe.sbgqg04.partial
2014-01-28 18:16 - 2014-01-28 18:16 - 00000490 _____ C:\Users\XXX\Downloads\defogger_disable.log
2014-01-28 18:16 - 2014-01-28 18:16 - 00000000 _____ C:\Users\XXX\defogger_reenable
2014-01-28 18:14 - 2014-01-28 18:14 - 00050477 _____ C:\Users\XXX\Downloads\Defogger.exe
2014-01-28 18:14 - 2013-02-23 00:38 - 00000000 ____D C:\Windows\Minidump
2014-01-28 18:14 - 2011-02-12 03:26 - 00000000 ____D C:\Windows\panther
2014-01-28 17:56 - 2014-01-28 17:56 - 00000971 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-28 17:56 - 2014-01-28 17:56 - 00000000 ____D C:\Program Files\CCleaner
2014-01-28 17:52 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2014-01-28 17:38 - 2012-02-15 22:07 - 00000000 ____D C:\Program Files\Trend Micro
2014-01-28 17:33 - 2012-02-15 22:09 - 00000031 _____ C:\tmuninst.ini
2014-01-28 17:06 - 2010-11-21 01:46 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2014-01-28 16:26 - 2014-01-28 16:17 - 00000000 ____D C:\Users\XXX\AppData\Local\NPE
2014-01-28 16:17 - 2012-02-21 16:04 - 00000000 ____D C:\ProgramData\Norton
2014-01-28 10:50 - 2013-03-07 19:51 - 00000000 ____D C:\Users\XXX\Desktop\Carnyx
2014-01-27 20:42 - 2014-01-27 20:42 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2014-01-27 20:24 - 2014-01-27 20:24 - 00000000 ____D C:\Windows\ERUNT
2014-01-27 19:00 - 2014-01-27 19:00 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Malwarebytes
2014-01-27 18:59 - 2014-01-27 18:59 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-27 18:59 - 2014-01-27 18:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-27 18:59 - 2014-01-27 18:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-27 15:20 - 2014-01-27 15:20 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809015252_2.tmp
2014-01-27 13:52 - 2012-10-26 14:51 - 00000000 ____D C:\Firefox
2014-01-26 19:43 - 2012-02-22 12:09 - 00000000 ____D C:\Users\XXX\AppData\Local\FreePDF_XP
2014-01-26 12:24 - 2014-01-26 12:00 - 00000000 ____D C:\Users\XXX\Desktop\patientenverf
2014-01-25 17:15 - 2014-01-25 17:14 - 00000000 ____D C:\Users\XXX\Desktop\Gälf. 2014
2014-01-25 17:15 - 2014-01-25 17:06 - 00000000 ____D C:\Users\XXX\Desktop\ahbau 25.1.14
2014-01-24 16:29 - 2014-01-24 15:40 - 00000000 ____D C:\Users\XXX\Desktop\Wüstenrot
2014-01-24 15:27 - 2012-02-21 21:14 - 00000000 ____D C:\Users\XXX\Aufkleber
2014-01-21 21:56 - 2014-01-28 18:30 - 00380416 _____ C:\Users\XXX\Downloads\gmer.exe
2014-01-21 19:15 - 2013-12-14 12:01 - 00000000 ____D C:\Users\XXX\Desktop\Bücher
2014-01-20 23:09 - 2012-02-21 20:51 - 00000000 ____D C:\Users\XXX\Desktop\Lustiges
2014-01-20 15:48 - 2013-07-15 14:29 - 00000000 ____D C:\Users\XXX\Desktop\SWR Patch
2014-01-16 18:43 - 2014-01-16 11:08 - 00025088 ____H C:\Users\XXX\Desktop\~WRL1128.tmp
2014-01-16 16:18 - 2014-01-16 11:08 - 00025088 ____H C:\Users\XXX\Desktop\~WRL3657.tmp
2014-01-16 09:19 - 2009-07-14 05:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-16 09:19 - 2009-07-14 05:33 - 00317936 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 17:20 - 2013-08-14 20:38 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 17:19 - 2012-02-21 12:16 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-12 12:10 - 2012-02-21 21:15 - 00000000 ____D C:\Users\XXX\Multiinstr. F. Sch
2014-01-11 16:42 - 2012-02-21 16:04 - 00000000 ____D C:\Users\Public\Downloads\Norton
2014-01-10 14:17 - 2014-01-10 14:17 - 00000000 ____D C:\Users\XXX\Finanzamt
2014-01-09 17:45 - 2012-02-21 21:12 - 00000000 ____D C:\Users\XXX\alphorn
2014-01-09 11:32 - 2014-01-09 11:32 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809013680_1.tmp
2014-01-09 11:24 - 2013-04-28 14:24 - 00000000 ____D C:\Users\XXX\Desktop\Steuer
2014-01-08 14:13 - 2012-02-21 21:14 - 00000000 ____D C:\Users\XXX\Geschäft
2014-01-05 16:55 - 2014-01-05 16:46 - 00000000 ____D C:\Users\XXX\Desktop\Alphorngschichtle
2014-01-05 16:42 - 2014-01-05 16:42 - 00000000 ____D C:\Users\XXX\Desktop\Micky
2014-01-05 16:16 - 2014-01-05 16:04 - 00000000 ____D C:\Users\XXX\Desktop\Termine 2014
2014-01-01 11:38 - 2014-01-01 11:38 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809014888_1.tmp
2014-01-01 11:36 - 2014-01-01 11:36 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809013844_1.tmp
2014-01-01 11:29 - 2014-01-01 11:29 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809016056_1.tmp
2014-01-01 11:28 - 2014-01-01 11:28 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809011428_1.tmp
2014-01-01 11:27 - 2014-01-01 11:27 - 00000520 _____ C:\Users\XXX\AppData\Local\TempPSTEMPFILEon0809011156_1.tmp

Some content of TEMP:
====================
C:\Users\XXX\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 13:38

==================== End Of Log ============================

--- --- ---

Leider ja, Norton meckert immer noch.

Gruß

schrauber · 01.02.2014, 11:34

Java, Adobe und Firefox updaten.

Wo meckert Norton noch? Logfile oder Screenshot bitte.

the_elk · 01.02.2014, 14:55

Java updatet gerade, danach folgt der Adobe Reader. Firefox ist schon ne Weile nicht mehr installiert, komisch, dass das noch angezeigt wird.

Hier ein Screenshot der Meldung.

schrauber · 02.02.2014, 07:00

Klick mal auf Ergebnisse exportieren und poste es als Text.

the_elk · 02.02.2014, 11:01

Code:

ATTFilter

Behobene Bedrohungen:
Es wurden keine Risiken behoben.

Nicht behobene Bedrohungen:
Trojan.Zbot
 Typ: Komprimiert
 Risiko: Hoch (Hoch Verbergen, Hoch Entfernen, Hoch Leistung, Hoch Datenschutz)  
 Kategorien: Virus
 Status: Entfernen fehlgeschlagen
 -----------
 1 Datei
[doc.exe] in [c:\users\XXX\appdata\local\microsoft\windows live mail\XXX\deleted items\3d442ddc-00004966.eml] - Infiziert

So wie ich das sehe liegt das Problem wohl an ner eMail, die im Papierkorb liegt?

Habe die Datei gerade gesucht, ist aber nicht zu finden. Mit deinem OK würde ich den Papierkorb in LiveMail mal leeren.

schrauber · 03.02.2014, 10:45

Ok

the_elk · 03.02.2014, 17:21

So, hab die eMails im Papierkorb gelöscht. Der Ordner ist nun leer. habe danach einen Scan von Norton laufen lassen. Nichts gefunden außer Tracking-Cookies. Danach Neustart und dann meckert Norton wieder den Zbot Trojaner an

schrauber · 04.02.2014, 11:57

Und wo meckert er ihn an?

the_elk · 04.02.2014, 19:00

Immer noch im selben Ordner, der ist aber leer. Vesteckte Dateien und Systemdateien werden angezeigt.

01.02.2014, 11:34	#8
schrauber /// the machine /// TB-Ausbilder	Windows 7: Norton Trojan.Zbot Entfernen fehlgeschlagen Java, Adobe und Firefox updaten. Wo meckert Norton noch? Logfile oder Screenshot bitte. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

02.02.2014, 07:00	#10
schrauber /// the machine /// TB-Ausbilder	Windows 7: Norton Trojan.Zbot Entfernen fehlgeschlagen Klick mal auf Ergebnisse exportieren und poste es als Text. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

03.02.2014, 10:45	#12
schrauber /// the machine /// TB-Ausbilder	Windows 7: Norton Trojan.Zbot Entfernen fehlgeschlagen Ok __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

04.02.2014, 11:57	#14
schrauber /// the machine /// TB-Ausbilder	Windows 7: Norton Trojan.Zbot Entfernen fehlgeschlagen Und wo meckert er ihn an? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 7: Norton Trojan.Zbot Entfernen fehlgeschlagen

Log-Analyse und Auswertung: Windows 7: Norton Trojan.Zbot Entfernen fehlgeschlagen