|
Log-Analyse und Auswertung: Trojan.ADH.2 Norton AntiVirus kann nicht entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.05.2014, 22:13 | #1 |
| Trojan.ADH.2 Norton AntiVirus kann nicht entfernen Hallo, seit heute erkennt Norton AntiVirus den Trojan.ADH.2. Norton kann ihn nicht entfernen und meldet "Entfernen fehlgeschlagen". Ich habe malwarebyte drüber laufen lassen, aber ohne Erfolg. Hab nach der Anleitung defogger, FRST und GMER ausgeführt. Trojan.ADH.2 wird nicht mehr von Norton gefunden. Jetzt habe ich die Frage: Ist der Virus weg? Muss ich bei dem Defogger abschließend auf Re-enable klicken. Bin unsicher. Kann mir jemand weiterhelfen? Danke für Antwort Johanna Geändert von manontroppo (21.05.2014 um 22:30 Uhr) |
22.05.2014, 05:44 | #2 |
/// the machine /// TB-Ausbilder | Trojan.ADH.2 Norton AntiVirus kann nicht entfernen hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
22.05.2014, 06:46 | #3 |
| Trojan.ADH.2 Norton AntiVirus kann nicht entfernen Hallo,
__________________danke für deine schnelle Antwort. Hab über Nacht noch einen vollständigen Scan mit Norton gemacht. Norton finde nichts mehr. FRST gestartet und auf Scan gedrückt. frst.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014 Ran by User (administrator) on WIN7MS on 22-05-2014 07:49:22 Running from C:\Users\User\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AMD) C:\Windows\System32\atieclxx.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (QNAP) C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\nav.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\nst.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\nav.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 2012\Safe.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe (Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 2012\SteganosHotKeyService.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 2012\fredirstarter.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\nst.exe (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SAFE2012 HotKeys] => C:\Program Files (x86)\Steganos Safe 2012\SteganosHotKeyService.exe [84480 2011-11-16] (Steganos Software GmbH) HKLM-x32\...\Run: [SAFE2012 File Redirection Starter] => C:\Program Files (x86)\Steganos Safe 2012\fredirstarter.exe [17408 2011-11-16] (Steganos Software GmbH) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\Run: [SAFE2012_Safe] => C:\Program Files (x86)\Steganos Safe 2012\Safe.exe [3310688 2011-11-16] (Steganos Software GmbH) HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\MountPoints2: E - E:\LaunchU3.exe -a HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\MountPoints2: {07918612-2978-11e2-9d54-78e4002e9d98} - E:\EMP_UDSe.exe /autorun HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\MountPoints2: {1d4aab26-2b32-11e2-89dc-705ab6d3fb7e} - E:\LaunchU3.exe -a HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\MountPoints2: {2c2020df-6868-11e1-a965-78e4002e9d98} - E:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\MountPoints2: {2c2020f5-6868-11e1-a965-78e4002e9d98} - F:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\MountPoints2: {ba328686-c4dc-11e1-ac5c-705ab6d3fb7e} - E:\LaunchU3.exe -a IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.2.0.38 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.2.0.38 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = hxxp://home.microsoft.com/access/autosearch.asp?p=%s HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=304&src=ds&p={searchTerms} SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=304&src=ds&p={searchTerms} SearchScopes: HKCU - DefaultScope Software\Microsoft\Internet Explorer\SearchScopes URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=304&src=ds&p={searchTerms} BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.47\coIEPlg.dll (Symantec Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coIEPlg.dll (Symantec Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.47\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.47\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default FF NewTab: chrome://lightning/content/newtab.html FF SearchEngineOrder.1: default-search.net FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Settings Manager - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0} [2014-05-01] FF Extension: SeoQuake - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-05-08] FF Extension: Firebug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\firebug@software.joehewitt.com.xpi [2013-12-26] FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2014-05-03] FF Extension: Web Developer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-12-26] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10] FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010-10-15] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2013-11-21] FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\ FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\ [] Chrome: ======= CHR RestoreOnStartup: "hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=304&src=hmp" CHR StartupUrls: "hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=304&src=hmp" CHR DefaultSearchProvider: default-search.net CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll No File CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-22] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-22] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11] CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2013-12-26] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-22] CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\User\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-01-02] CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\Exts\Chrome.crx [2014-05-21] ==================== Services (Whitelisted) ================= R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [98304 2011-01-06] (SEIKO EPSON CORPORATION) R2 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation) R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\NAV.exe [262968 2014-03-12] (Symantec Corporation) R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\NST.exe [130104 2014-05-14] (Symantec Corporation) S4 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation) R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07000.02F\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation) R3 eppvad_simple; C:\Windows\System32\drivers\EMP_UDAU.sys [23040 2011-01-06] (SEIKO EPSON CORPORATION) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140521.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140521.016\ENG64.SYS [126040 2014-04-22] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140521.016\EX64.SYS [2099288 2014-04-22] (Symantec Corporation) R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - ) R0 SMR410; C:\Windows\System32\drivers\SMR410.SYS [96856 2014-05-22] (Symantec Corporation) R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NAVx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-20] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-22 07:34 - 2014-05-22 07:49 - 00026075 _____ () C:\Users\User\Desktop\FRST.txt 2014-05-22 07:34 - 2014-05-22 07:39 - 00000097 _____ () C:\Users\User\Desktop\FRST2.txt 2014-05-22 07:06 - 2014-05-22 07:06 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS 2014-05-22 07:06 - 2014-05-22 07:06 - 00001231 _____ () C:\Users\User\Desktop\SafeDATA.lnk 2014-05-22 07:06 - 2014-05-22 07:06 - 00000020 _____ () C:\Windows\system32\Drivers\SMR410.dat 2014-05-22 07:03 - 2014-05-22 07:03 - 00004608 _____ () C:\Users\User\Desktop\Metadata.dat 2014-05-22 07:03 - 2014-05-22 07:03 - 00001136 _____ () C:\Users\User\Desktop\Remediate2014052206453860711000000.dat 2014-05-22 06:52 - 2014-05-22 07:06 - 01267537 _____ () C:\Users\User\Desktop\Info20140522064538.xml 2014-05-22 06:45 - 2014-05-22 06:45 - 00000000 ____D () C:\NPE 2014-05-22 06:42 - 2014-05-22 06:42 - 00002746 _____ () C:\Users\User\Desktop\norton2014-05-22.txt 2014-05-21 23:01 - 2014-05-21 23:01 - 00021538 _____ () C:\Users\User\Desktop\norton-Behobene Sicherheitsrisiken.txt 2014-05-21 22:54 - 2014-05-21 22:54 - 00011767 _____ () C:\Users\User\Desktop\gmer_scan.log 2014-05-21 22:28 - 2014-05-22 07:49 - 00000000 ____D () C:\FRST 2014-05-21 22:28 - 2014-05-22 07:34 - 00051200 _____ () C:\Users\User\Desktop\FRST1.txt 2014-05-21 22:28 - 2014-05-21 22:29 - 00045345 _____ () C:\Users\User\Desktop\Addition1.txt 2014-05-21 22:26 - 2014-05-21 22:26 - 00000470 _____ () C:\Users\User\Desktop\defogger_disable.log 2014-05-21 22:26 - 2014-05-21 22:26 - 00000000 _____ () C:\Users\User\defogger_reenable 2014-05-21 22:23 - 2014-05-21 22:12 - 00380416 _____ () C:\Users\User\Desktop\GMER.exe 2014-05-21 22:23 - 2014-05-21 22:10 - 02067456 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2014-05-21 22:23 - 2014-05-21 22:07 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe 2014-05-21 22:20 - 2014-05-22 07:47 - 00000000 ____D () C:\Users\User\Desktop\trojaner-board 2014-05-21 21:50 - 2014-05-21 21:50 - 00317408 _____ () C:\Users\User\Desktop\OTL2.Txt 2014-05-21 21:43 - 2014-05-21 21:43 - 00142664 _____ () C:\Users\User\Desktop\OTLkomplett.Txt 2014-05-21 21:40 - 2014-05-21 21:49 - 00087036 _____ () C:\Users\User\Desktop\Extras.Txt 2014-05-21 21:38 - 2014-05-21 21:48 - 00317408 _____ () C:\Users\User\Desktop\OTL.Txt 2014-05-21 21:26 - 2014-05-21 21:26 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\otl.exe 2014-05-21 21:16 - 2014-05-21 21:16 - 00140518 _____ () C:\Users\User\Desktop\OTL-Quick scan.Txt 2014-05-21 20:25 - 2014-05-21 20:25 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\otl.exe 2014-05-21 20:06 - 2014-05-21 21:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-21 20:05 - 2014-05-21 20:05 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-21 20:05 - 2014-05-21 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-21 20:05 - 2014-05-21 20:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-21 20:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-21 20:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-21 20:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-21 19:14 - 2014-05-21 19:14 - 00001466 _____ () C:\Users\User\Desktop\2014-05-21.txt 2014-05-19 23:41 - 2014-05-19 23:42 - 00000000 ____D () C:\Users\User\Desktop\*****-FLYER 2014-05-19 22:43 - 2014-05-21 20:40 - 00000000 ____D () C:\Users\User\Desktop\QR-code 2014-05-15 11:07 - 2014-05-15 11:07 - 00001075 _____ () C:\Users\User\Desktop\Änderungen 2014-05-14 - Verknüpfung.lnk 2014-05-15 09:05 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 09:05 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-15 09:05 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-15 09:05 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 09:05 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 09:05 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-15 07:57 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 07:57 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-15 07:55 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-15 07:55 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-15 07:37 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-15 07:37 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-15 07:37 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-15 07:37 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-15 07:37 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-15 07:37 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-15 07:37 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-15 07:37 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-15 07:37 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-15 07:37 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-15 07:37 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-15 07:37 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-15 07:37 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-15 07:37 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-15 07:37 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-15 07:37 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-15 07:37 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-15 07:37 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-15 07:37 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 07:37 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 07:37 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-15 07:37 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-11 08:36 - 2014-05-11 08:38 - 00000368 _____ () C:\ProgramData\hpzinstall.log 2014-05-11 08:35 - 2014-05-11 08:35 - 00000000 ____D () C:\ProgramData\HP 2014-05-10 08:52 - 2014-05-10 08:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-06 17:29 - 2014-05-19 23:29 - 00000000 ____D () C:\Users\User\Desktop\CD ohne Titel 2014-05-06 15:04 - 2014-05-06 15:04 - 00001100 _____ () C:\Users\User\Desktop\__*****-2014-02-18 - Verknüpfung.lnk 2014-05-06 08:13 - 2014-05-15 10:52 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-05 12:37 - 2014-05-05 12:37 - 00000839 _____ () C:\Users\User\Desktop\****_2014_2 - Verknüpfung.lnk 2014-05-05 11:48 - 2014-05-05 11:48 - 00000643 _____ () C:\Users\User\Desktop\0-Büro - Verknüpfung.lnk 2014-05-05 09:23 - 2014-05-05 09:23 - 00000909 _____ () C:\Users\User\Desktop\*****, ***** Dr - Verknüpfung.lnk 2014-05-05 07:03 - 2014-05-05 07:03 - 00000687 _____ () C:\Users\User\Desktop\1-KUNDEN S-Z.lnk 2014-05-05 07:03 - 2014-05-05 07:03 - 00000687 _____ () C:\Users\User\Desktop\1-KUNDEN H-R.lnk 2014-05-05 07:03 - 2014-05-05 07:03 - 00000687 _____ () C:\Users\User\Desktop\1-KUNDEN A-G.lnk 2014-05-04 12:10 - 2014-05-04 22:29 - 00001623 _____ () C:\Users\User\Desktop\Online Marketing Grade 2.lnk 2014-05-02 18:08 - 2014-05-02 18:42 - 02785280 _____ () C:\Users\User\Desktop\briefbogen***Vorschlaege.indd 2014-04-29 07:04 - 2014-04-29 07:04 - 00121239 _____ () C:\Users\User\Desktop\bookmark.htm 2014-04-23 10:39 - 2014-04-23 10:39 - 00000000 ____D () C:\Users\dub_cm_auto ==================== One Month Modified Files and Folders ======= 2014-05-22 07:49 - 2014-05-22 07:34 - 00026075 _____ () C:\Users\User\Desktop\FRST.txt 2014-05-22 07:49 - 2014-05-21 22:28 - 00000000 ____D () C:\FRST 2014-05-22 07:48 - 2013-09-11 11:36 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-22 07:48 - 2013-09-11 11:36 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-22 07:47 - 2014-05-21 22:20 - 00000000 ____D () C:\Users\User\Desktop\trojaner-board 2014-05-22 07:40 - 2011-07-23 11:24 - 00000000 ____D () C:\Users\User\Documents\Outlook-Dateien 2014-05-22 07:39 - 2014-05-22 07:34 - 00000097 _____ () C:\Users\User\Desktop\FRST2.txt 2014-05-22 07:34 - 2014-05-21 22:28 - 00051200 _____ () C:\Users\User\Desktop\FRST1.txt 2014-05-22 07:33 - 2010-04-26 14:05 - 02009481 _____ () C:\Windows\WindowsUpdate.log 2014-05-22 07:29 - 2011-01-08 18:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileZilla 2014-05-22 07:14 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-22 07:14 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-22 07:08 - 2014-01-24 19:10 - 00000000 ____D () C:\Users\User\AppData\Local\NPE 2014-05-22 07:06 - 2014-05-22 07:06 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS 2014-05-22 07:06 - 2014-05-22 07:06 - 00001231 _____ () C:\Users\User\Desktop\SafeDATA.lnk 2014-05-22 07:06 - 2014-05-22 07:06 - 00000020 _____ () C:\Windows\system32\Drivers\SMR410.dat 2014-05-22 07:06 - 2014-05-22 06:52 - 01267537 _____ () C:\Users\User\Desktop\Info20140522064538.xml 2014-05-22 07:05 - 2013-12-15 23:33 - 00060239 _____ () C:\Windows\setupact.log 2014-05-22 07:05 - 2011-10-27 11:56 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-05-22 07:05 - 2010-10-14 16:21 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll 2014-05-22 07:05 - 2010-04-26 14:01 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe 2014-05-22 07:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-22 07:03 - 2014-05-22 07:03 - 00004608 _____ () C:\Users\User\Desktop\Metadata.dat 2014-05-22 07:03 - 2014-05-22 07:03 - 00001136 _____ () C:\Users\User\Desktop\Remediate2014052206453860711000000.dat 2014-05-22 06:45 - 2014-05-22 06:45 - 00000000 ____D () C:\NPE 2014-05-22 06:42 - 2014-05-22 06:42 - 00002746 _____ () C:\Users\User\Desktop\norton2014-05-22.txt 2014-05-22 06:05 - 2012-04-05 07:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-22 02:36 - 2013-09-11 11:49 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-22 00:34 - 2013-08-11 12:11 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe 2014-05-21 23:04 - 2010-04-26 14:01 - 00327930 _____ () C:\Windows\PFRO.log 2014-05-21 23:01 - 2014-05-21 23:01 - 00021538 _____ () C:\Users\User\Desktop\norton-Behobene Sicherheitsrisiken.txt 2014-05-21 22:54 - 2014-05-21 22:54 - 00011767 _____ () C:\Users\User\Desktop\gmer_scan.log 2014-05-21 22:29 - 2014-05-21 22:28 - 00045345 _____ () C:\Users\User\Desktop\Addition1.txt 2014-05-21 22:26 - 2014-05-21 22:26 - 00000470 _____ () C:\Users\User\Desktop\defogger_disable.log 2014-05-21 22:26 - 2014-05-21 22:26 - 00000000 _____ () C:\Users\User\defogger_reenable 2014-05-21 22:23 - 2010-04-26 23:55 - 00768542 _____ () C:\Windows\system32\perfh007.dat 2014-05-21 22:23 - 2010-04-26 23:55 - 00175080 _____ () C:\Windows\system32\perfc007.dat 2014-05-21 22:23 - 2009-07-14 07:13 - 01812386 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-21 22:16 - 2013-10-28 21:24 - 00001365 _____ () C:\Windows\wininit.ini 2014-05-21 22:14 - 2010-10-14 16:20 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-21 22:13 - 2013-10-28 21:25 - 00000000 ___RD () C:\Users\User\Dropbox 2014-05-21 22:12 - 2014-05-21 22:23 - 00380416 _____ () C:\Users\User\Desktop\GMER.exe 2014-05-21 22:11 - 2014-04-01 10:09 - 00000000 ____D () C:\Program Files (x86)\Settings Manager 2014-05-21 22:10 - 2014-05-21 22:23 - 02067456 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2014-05-21 22:10 - 2014-04-01 10:09 - 00000000 ____D () C:\ProgramData\Wincert 2014-05-21 22:07 - 2014-05-21 22:23 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe 2014-05-21 21:55 - 2014-05-21 20:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-21 21:50 - 2014-05-21 21:50 - 00317408 _____ () C:\Users\User\Desktop\OTL2.Txt 2014-05-21 21:49 - 2014-05-21 21:40 - 00087036 _____ () C:\Users\User\Desktop\Extras.Txt 2014-05-21 21:48 - 2014-05-21 21:38 - 00317408 _____ () C:\Users\User\Desktop\OTL.Txt 2014-05-21 21:43 - 2014-05-21 21:43 - 00142664 _____ () C:\Users\User\Desktop\OTLkomplett.Txt 2014-05-21 21:26 - 2014-05-21 21:26 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\otl.exe 2014-05-21 21:16 - 2014-05-21 21:16 - 00140518 _____ () C:\Users\User\Desktop\OTL-Quick scan.Txt 2014-05-21 20:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-05-21 20:40 - 2014-05-19 22:43 - 00000000 ____D () C:\Users\User\Desktop\QR-code 2014-05-21 20:31 - 2010-04-26 14:02 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.dll 2014-05-21 20:30 - 2010-04-26 14:01 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.exe 2014-05-21 20:25 - 2014-05-21 20:25 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\otl.exe 2014-05-21 20:05 - 2014-05-21 20:05 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-21 20:05 - 2014-05-21 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-21 20:05 - 2014-05-21 20:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-21 20:05 - 2014-01-24 19:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-21 19:14 - 2014-05-21 19:14 - 00001466 _____ () C:\Users\User\Desktop\2014-05-21.txt 2014-05-21 18:26 - 2013-11-21 07:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe 2014-05-21 18:26 - 2013-11-21 07:59 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64 2014-05-19 23:42 - 2014-05-19 23:41 - 00000000 ____D () C:\Users\User\Desktop\*****-FLYER 2014-05-19 23:29 - 2014-05-06 17:29 - 00000000 ____D () C:\Users\User\Desktop\CD ohne Titel 2014-05-19 15:58 - 2011-10-30 13:16 - 00000000 ___SD () C:\Users\User\Documents\Meine Datenquellen 2014-05-15 15:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-15 11:07 - 2014-05-15 11:07 - 00001075 _____ () C:\Users\User\Desktop\Änderungen 2014-05-14 - Verknüpfung.lnk 2014-05-15 10:55 - 2010-10-14 16:20 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 10:52 - 2014-05-06 08:13 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 09:06 - 2010-03-29 11:48 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-15 09:04 - 2013-08-14 17:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-15 09:02 - 2010-10-14 17:36 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-14 06:21 - 2012-04-05 07:32 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 06:21 - 2012-04-05 07:32 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 06:21 - 2011-07-09 17:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-12 09:41 - 2010-10-15 16:15 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps 2014-05-12 07:26 - 2014-05-21 20:05 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-05-21 20:05 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-21 20:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-11 14:48 - 2013-12-26 09:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-11 08:38 - 2014-05-11 08:36 - 00000368 _____ () C:\ProgramData\hpzinstall.log 2014-05-11 08:35 - 2014-05-11 08:35 - 00000000 ____D () C:\ProgramData\HP 2014-05-10 08:52 - 2014-05-10 08:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 08:14 - 2014-05-15 07:55 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-15 07:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-09 07:43 - 2013-09-11 11:36 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-09 07:43 - 2013-09-11 11:36 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-06 15:04 - 2014-05-06 15:04 - 00001100 _____ () C:\Users\User\Desktop\__*****-2014-02-18 - Verknüpfung.lnk 2014-05-06 07:14 - 2014-05-15 09:05 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 07:14 - 2014-05-15 09:05 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 05:53 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-06 05:48 - 2014-05-15 09:05 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:48 - 2014-05-15 09:05 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-06 05:37 - 2014-05-15 09:05 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:26 - 2014-05-15 09:05 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-05 12:37 - 2014-05-05 12:37 - 00000839 _____ () C:\Users\User\Desktop\****_2014_2 - Verknüpfung.lnk 2014-05-05 11:48 - 2014-05-05 11:48 - 00000643 _____ () C:\Users\User\Desktop\0-Büro - Verknüpfung.lnk 2014-05-05 09:23 - 2014-05-05 09:23 - 00000909 _____ () C:\Users\User\Desktop\*****, ***** Dr - Verknüpfung.lnk 2014-05-05 07:03 - 2014-05-05 07:03 - 00000687 _____ () C:\Users\User\Desktop\1-KUNDEN S-Z.lnk 2014-05-05 07:03 - 2014-05-05 07:03 - 00000687 _____ () C:\Users\User\Desktop\1-KUNDEN H-R.lnk 2014-05-05 07:03 - 2014-05-05 07:03 - 00000687 _____ () C:\Users\User\Desktop\1-KUNDEN A-G.lnk 2014-05-04 22:29 - 2014-05-04 12:10 - 00001623 _____ () C:\Users\User\Desktop\Online Marketing Grade 2.lnk 2014-05-04 21:32 - 2014-01-02 17:12 - 00009308 _____ () C:\Users\User\AppData\Roaming\Microsoft Excel 97-2003.EML 2014-05-02 18:42 - 2014-05-02 18:08 - 02785280 _____ () C:\Users\User\Desktop\briefbogen****Vorschlaege.indd 2014-05-01 14:52 - 2011-09-29 19:48 - 00000000 ____D () C:\Program Files (x86)\Google 2014-05-01 14:52 - 2010-03-29 12:02 - 00000000 ____D () C:\Program Files\Google 2014-05-01 11:53 - 2011-09-29 19:54 - 00000000 ____D () C:\ProgramData\Google 2014-05-01 11:53 - 2011-09-29 19:49 - 00000000 ____D () C:\Users\User\AppData\Local\Google 2014-04-30 16:27 - 2014-02-05 18:28 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-04-30 16:27 - 2014-02-05 18:28 - 00001094 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-04-30 10:25 - 2010-03-29 12:03 - 00001024 ___RH () C:\Users\Public\Documents\NTILiveUpdate.dll 2014-04-29 07:04 - 2014-04-29 07:04 - 00121239 _____ () C:\Users\User\Desktop\bookmark.htm 2014-04-27 20:50 - 2010-10-14 16:19 - 00451800 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-27 20:49 - 2009-07-14 06:45 - 09158720 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-27 20:36 - 2011-07-23 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint 2014-04-27 20:36 - 2011-07-23 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2014-04-27 20:34 - 2009-07-14 09:45 - 00000000 ____D () C:\Windows\ShellNew 2014-04-27 20:33 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2014-04-27 20:26 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini 2014-04-27 10:31 - 2014-01-30 14:06 - 03530752 _____ () C:\Users\User\Desktop\*****_DB2.accdb 2014-04-24 09:12 - 2011-11-03 08:09 - 00000000 ____D () C:\Users\User\AppData\Local\Akamai 2014-04-23 19:18 - 2011-12-21 16:57 - 00001456 _____ () C:\Users\User\AppData\Local\Adobe Für Web speichern 12.0 Prefs 2014-04-23 10:39 - 2014-04-23 10:39 - 00000000 ____D () C:\Users\dub_cm_auto Files to move or delete: ==================== C:\Users\User\FileZilla_3.5.3_win32-setup.exe C:\Users\User\FileZilla_3.6.0.1_win32-setup.exe C:\Users\User\FileZilla_3.6.0.2_win32-setup.exe C:\Users\User\FileZilla_3.6.0_win32-setup.exe C:\Users\User\FileZilla_3.7.0.2_win32-setup.exe C:\Users\User\FileZilla_3.7.1_win32-setup.exe C:\Users\User\FileZilla_3.7.3_win32-setup.exe C:\Users\User\FileZilla_3.7.4.1_win32-setup.exe C:\Users\User\FileZilla_3.8.0_win32-setup.exe C:\Users\User\script.js C:\Users\User\TeamViewer_Setup_de.exe Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\amazonicon_v3.exe C:\Users\User\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\User\AppData\Local\Temp\BackupSetup.exe C:\Users\User\AppData\Local\Temp\BundleSweetIMSetup.exe C:\Users\User\AppData\Local\Temp\Delta.exe C:\Users\User\AppData\Local\Temp\DeltaTB.exe C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps8gkue.dll C:\Users\User\AppData\Local\Temp\install_flashplayer12x32axau_gtba_chra_dy_aaa_aih.exe C:\Users\User\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\User\AppData\Local\Temp\MybabylonTB.exe C:\Users\User\AppData\Local\Temp\ose00000.exe C:\Users\User\AppData\Local\Temp\profisubmit_setup.exe C:\Users\User\AppData\Local\Temp\sdanircmdc.exe C:\Users\User\AppData\Local\Temp\sdapskill.exe C:\Users\User\AppData\Local\Temp\SettingsManagerSetup.exe C:\Users\User\AppData\Local\Temp\vcredist_x64.exe C:\Users\User\AppData\Local\Temp\WSSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-19 19:12 ==================== End Of Log ============================ Gruß von Johanna Geändert von manontroppo (22.05.2014 um 06:57 Uhr) |
22.05.2014, 13:46 | #4 |
/// the machine /// TB-Ausbilder | Trojan.ADH.2 Norton AntiVirus kann nicht entfernen Addition.txt fehlt noch
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.05.2014, 17:21 | #5 |
| Trojan.ADH.2 Norton AntiVirus kann nicht entfernen Hallo Schrauber, danke für Hinweis addition.txt ist beim zweiten scan nicht erstellt worden. Hier die addition.txt vom ersten Scan: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2014 Ran by User at 2014-05-21 22:28:56 Running from C:\Users\User\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.60 - NewTech Infosystems) Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.2.0 - Liteon) Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3002 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3007 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0203.2010 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Acer Incorporated) Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated) Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems) Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.2.660 - Adobe Systems Incorporated) Adobe Community Help (x32 Version: 3.2.2 - Adobe Systems Incorporated) Hidden Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{2A65343E-A598-49BA-BB4B-D320F7370B6D}) (Version: 5.0 - Adobe Systems Incorporated) Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{E990BCC2-2FC9-397F-6C1F-D73CCEC0E5AD}) (Version: 3.0.758.0 - ATI Technologies, Inc.) Backup Manager Advance (x32 Version: 2.0.1.60 - NewTech Infosystems) Hidden Batch PPTX to PPT Converter 2012 (HKLM-x32\...\{E6358333-B89B-4243-8477-647C9360B5D9}_is1) (Version: - Batchwork Software) Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.04 - Broadcom Corporation) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (x32 Version: 2010.0122.858.16002 - ATI) Hidden Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0122.858.16002 - ATI) Hidden Catalyst Control Center Graphics Full New (x32 Version: 2010.0122.858.16002 - ATI) Hidden Catalyst Control Center Graphics Light (x32 Version: 2010.0122.858.16002 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0122.858.16002 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0122.858.16002 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0122.858.16002 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help English (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help French (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help German (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0122.0857.16002 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0122.0857.16002 - ATI) Hidden ccc-core-static (x32 Version: 2010.0122.858.16002 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2010.0122.858.16002 - ATI) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft) Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.4 - Fomanu AG) Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.51.000 - SEIKO EPSON CORPORATION) FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse) Flash Movie Player 1.5 (HKLM-x32\...\Flash Movie Player) (Version: 1.5 - Eolsoft) Free Monitor for Google 2.5 (HKLM-x32\...\Free Monitor for Google_is1) (Version: - CleverStat) Google AdWords Editor (HKLM-x32\...\{6145B982-ACC5-46A3-9166-9ADADE6D17E2}) (Version: 10.3.2 - Google) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft) Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation) IETester v0.5.2 (remove only) (HKLM-x32\...\IETester) (Version: 0.5.2 - Core Services) iiyama Monitor Test 2.1 (HKLM-x32\...\iiyama Monitor Test_is1) (Version: - ) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.00.1005 - Intel Corporation) InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.75 - InterVideo Inc.) InterVideo WinDVD 8 (x32 Version: 8.5.10.75 - InterVideo Inc.) Hidden Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java(TM) SE Development Kit 6 Update 20 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160200}) (Version: 1.6.0.200 - Sun Microsystems, Inc.) Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.7 - Acer Inc.) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 (x32 Version: - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 Common Files (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Common Files (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Native Client (HKLM\...\{8325FD0C-2FDB-46C3-921A-3A78385EA972}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NetBeans IDE 7.1.1 (HKLM-x32\...\nbi-nb-base-7.1.1.0.0) (Version: 7.1.1 - NetBeans.org) Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.2.0.38 - Symantec Corporation) Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.0.47 - Symantec Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.2 - ) NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems) NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden Opera 12.10 (HKLM-x32\...\Opera 12.10.1652) (Version: 12.10.1652 - Opera Software ASA) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Pointofix (HKLM-x32\...\Pointofix_is1) (Version: - Amerigomedia) profiSUBMIT (HKLM-x32\...\profiSUBMIT_is1) (Version: Aktuelle Version - IN MEDIA KG) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 4.0.3.1025 - QNAP Systems, Inc.) Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6037 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Service Pack 1 für SQL Server 2008 (KB 968369) (HKLM-x32\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Sql Server Customer Experience Improvement Program (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden Steganos Safe 2012 (HKLM-x32\...\{FADC3DC0-BCD9-4F6A-BB9D-360D695C5791}) (Version: 13.0 - Steganos Software GmbH) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer) Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel) Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.4035.00 - Microsoft Corporation) Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM-x32\...\{877B3198-1C6B-4A9A-8D28-BE4F6040987F}) (Version: 10.1.2531.0 - Microsoft Corporation) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Vodafone Mobile Connect Lite (HKLM-x32\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.3.10523 - Vodafone) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3013 - Acer Incorporated) WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1200 - Broadcom Corporation) Windows Driver Package - Broadcom Bluetooth (01/06/2010 6.2.0.9416) (HKLM\...\DFEA59689C004DFD0378309F3A583EA32D78A1B3) (Version: 01/06/2010 6.2.0.9416 - Broadcom) Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom) ==================== Restore Points ========================= 02-05-2014 10:31:40 Windows Update 06-05-2014 06:12:43 Windows Update 13-05-2014 18:38:40 Geplanter Prüfpunkt 15-05-2014 06:59:51 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0660CE84-EDA7-4EDE-A90A-FC2A16D50B10} - System32\Tasks\iSCSIAgentAutoStartup => C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe [2013-10-25] (QNAP) Task: {0E5AC3C3-DEF7-4CDB-BE9D-CA127A598A08} - System32\Tasks\{6AA924BA-E49C-48BB-A713-4595A6EA4ADF} => C:\Program Files\profiSUBMIT\profiSUBMIT.exe Task: {241BBD83-310A-441D-8408-C8B78D6FA953} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {2FB33DF4-6449-43BA-B669-A71445B44B2E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated) Task: {56009AD4-0E06-4EC4-B526-E1ACF94AF488} - System32\Tasks\{2E9CE474-FC3D-433E-A148-CEEB1B981F37} => C:\Program Files\profiSUBMIT\profiSUBMIT.exe Task: {6A046C29-1140-4E54-99B4-8324CF92B53A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-11] (Google Inc.) Task: {6F186409-B96F-49DB-B13C-35E6C187D73C} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe Task: {8AA00A82-5E0D-4BD0-92EC-201F795F6211} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe Task: {8DFF7963-5F20-4C90-B5BA-906860BC6AD4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation) Task: {8F239C87-C2D6-43BA-9607-47B1B8FE2D7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-11] (Google Inc.) Task: {B39ACD3B-6D0D-4878-981C-BE48593119FD} - System32\Tasks\AdobeAAMUpdater-1.0-User-PC-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated) Task: {B87F8C67-C298-47ED-978A-BC69145198A4} - System32\Tasks\Digital Sites => C:\Users\User\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {E9957B83-DBF8-44AA-9970-AD7E2149C879} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {F40CC57D-867D-44BD-AD46-A4C4D426E355} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\User\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2010-01-07 14:42 - 2010-01-07 14:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-04-26 14:06 - 2010-04-26 14:06 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-03-28 11:35 - 2014-03-28 11:35 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2010-03-09 02:18 - 2010-03-09 02:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-03-09 02:13 - 2010-03-09 02:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2010-03-29 11:47 - 2009-12-24 02:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\User\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: RS_Service => 2 MSCONFIG\Services: SwitchBoard => 3 MSCONFIG\Services: Updater Service => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: EPSON_UD_START => "C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe" -UDCONNECT MSCONFIG\startupreg: Google Update => "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== Faulty Device Manager Devices ============= Name: Microsoft-Adapter für Miniports virtueller WiFis Description: Microsoft-Adapter für Miniports virtueller WiFis Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: 1.3M WebCam Description: USB-Videogerät Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: usbvideo Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (05/21/2014 10:25:06 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm NAV.exe, Version 12.11.2.6 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9ac Startzeit: 01cf7530f7063331 Endzeit: 18 Anwendungspfad: C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\NAV.exe Berichts-ID: Error: (05/21/2014 10:12:33 PM) (Source: VMCService) (EventID: 0) (User: ) Description: conflictManagerTypeValue Error: (05/21/2014 09:21:14 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80070005. Error: (05/21/2014 09:21:13 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80070005. Error: (05/21/2014 09:18:59 PM) (Source: VMCService) (EventID: 0) (User: ) Description: conflictManagerTypeValue Error: (05/21/2014 08:55:40 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (05/21/2014 08:55:40 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (05/21/2014 08:35:58 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80070005. Error: (05/21/2014 08:35:37 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80070005. Error: (05/21/2014 08:32:15 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (05/21/2014 10:16:02 PM) (Source: BROWSER) (EventID: 8032) (User: ) Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{1819FFCA-E308-411F-A256-F1C92DA96207}" zu oft fehl. Der Sicherungssuchdienst wird beendet. Error: (05/21/2014 08:58:51 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (05/21/2014 08:54:12 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (05/21/2014 08:51:45 PM) (Source: BROWSER) (EventID: 8032) (User: ) Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{1819FFCA-E308-411F-A256-F1C92DA96207}" zu oft fehl. Der Sicherungssuchdienst wird beendet. Error: (05/21/2014 08:30:38 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 21.05.2014 um 20:28:52 unerwartet heruntergefahren. Error: (05/21/2014 08:27:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (05/21/2014 08:27:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (05/21/2014 08:27:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (05/21/2014 08:27:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (05/21/2014 08:27:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Microsoft Office Sessions: ========================= Error: (05/21/2014 10:25:06 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: NAV.exe12.11.2.69ac01cf7530f706333118C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\NAV.exe Error: (05/21/2014 10:12:33 PM) (Source: VMCService) (EventID: 0) (User: ) Description: conflictManagerTypeValue Error: (05/21/2014 09:21:14 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80070005. Error: (05/21/2014 09:21:13 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80070005. Error: (05/21/2014 09:18:59 PM) (Source: VMCService) (EventID: 0) (User: ) Description: conflictManagerTypeValue Error: (05/21/2014 08:55:40 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe Error: (05/21/2014 08:55:40 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe Error: (05/21/2014 08:35:58 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80070005. Error: (05/21/2014 08:35:37 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80070005. Error: (05/21/2014 08:32:15 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe ==================== Memory info =========================== Percentage of memory in use: 25% Total physical RAM: 8054.71 MB Available physical RAM: 6030.93 MB Total Pagefile: 16107.59 MB Available Pagefile: 13953.81 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:584.07 GB) (Free:248.52 GB) NTFS Drive x: (SafeDATA) (Removable) (Total:202.38 GB) (Free:144.55 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: B0057A92) Partition 1: (Not Active) - (Size=12 GB) - (Type=27) Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=584 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Viele Grüße von Johanna |
23.05.2014, 16:10 | #6 |
/// the machine /// TB-Ausbilder | Trojan.ADH.2 Norton AntiVirus kann nicht entfernenSo funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Trojan.ADH.2 Norton AntiVirus kann nicht entfernen |
24.05.2014, 12:34 | #7 |
| Trojan.ADH.2 Norton AntiVirus kann nicht entfernen Hallo Schrauber, entschuldige meinen Fehler. Hier kommt adwcleaner: Code:
ATTFilter # AdwCleaner v3.210 - Bericht erstellt am 24/05/2014 um 13:10:28 # Aktualisiert 19/05/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : User - WIN7MS # Gestartet von : C:\Users\User\Desktop\adwcleaner_3.210.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\BitGuard Ordner Gelöscht : C:\ProgramData\Browser Manager Ordner Gelöscht : C:\ProgramData\BrowserProtect Ordner Gelöscht : C:\ProgramData\wincert Ordner Gelöscht : C:\Program Files (x86)\Settings Manager Ordner Gelöscht : C:\Users\User\AppData\LocalLow\DataMngr Ordner Gelöscht : C:\Users\User\AppData\Roaming\DigitalSites Ordner Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0} Datei Gelöscht : C:\Windows\Tasks\Digital Sites.job Datei Gelöscht : C:\Windows\System32\Tasks\Digital Sites ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe Wert Gelöscht : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64] Wert Gelöscht : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gelöscht : HKCU\Software\Linkey Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\SystemK Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\Software\Wpm Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16866 -\\ Mozilla Firefox v29.0.1 (de) [ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\prefs.js ] Zeile gelöscht : user_pref("browser.search.order.1", "default-search.net"); -\\ Google Chrome v35.0.1916.114 [ Datei : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=304&src=ds&p={searchTerms} Gelöscht [Startup_urls] : hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=304&src=hmp Gelöscht [Extension] : cekcjpgehmohobmdiikfnopibipmgnml Gelöscht [Extension] : mkcedibhemacmilmkpndpkoidlnmgngg Gelöscht [Extension] : pkndmigholgfjlniaohblojbhgjbkakn ************************* AdwCleaner[R0].txt - [9920 octets] - [24/05/2014 06:43:36] AdwCleaner[S0].txt - [7345 octets] - [24/05/2014 13:10:28] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7405 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by User on 24.05.2014 at 13:14:39,63 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\m66mev98.default\prefs.js user_pref("extensions.bootstrappedAddons", "{\"firebug@software.joehewitt.com\":{\"version\":\"1.12.8\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\User\\\\AppData\ user_pref("extensions.seoquake.disable-baidu", true); Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\m66mev98.default\minidumps [7 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 24.05.2014 at 13:24:06,60 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014 Ran by User (administrator) on WIN7MS on 24-05-2014 13:29:51 Running from C:\Users\User\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AMD) C:\Windows\System32\atieclxx.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (QNAP) C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe (Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 2012\Safe.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 2012\SteganosHotKeyService.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 2012\fredirstarter.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\nav.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\nst.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\nav.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\nst.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SAFE2012 HotKeys] => C:\Program Files (x86)\Steganos Safe 2012\SteganosHotKeyService.exe [84480 2011-11-16] (Steganos Software GmbH) HKLM-x32\...\Run: [SAFE2012 File Redirection Starter] => C:\Program Files (x86)\Steganos Safe 2012\fredirstarter.exe [17408 2011-11-16] (Steganos Software GmbH) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\Run: [SAFE2012_Safe] => C:\Program Files (x86)\Steganos Safe 2012\Safe.exe [3310688 2011-11-16] (Steganos Software GmbH) HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\MountPoints2: E - E:\LaunchU3.exe -a HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\MountPoints2: {07918612-2978-11e2-9d54-78e4002e9d98} - E:\EMP_UDSe.exe /autorun HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\MountPoints2: {1d4aab26-2b32-11e2-89dc-705ab6d3fb7e} - E:\LaunchU3.exe -a HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\MountPoints2: {2c2020df-6868-11e1-a965-78e4002e9d98} - E:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\MountPoints2: {2c2020f5-6868-11e1-a965-78e4002e9d98} - F:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\MountPoints2: {ba328686-c4dc-11e1-ac5c-705ab6d3fb7e} - E:\LaunchU3.exe -a ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.2.0.38 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.2.0.38 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = hxxp://home.microsoft.com/access/autosearch.asp?p=%s HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.47\coIEPlg.dll (Symantec Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coIEPlg.dll (Symantec Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.47\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.47\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default FF NewTab: chrome://lightning/content/newtab.html FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: SeoQuake - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-05-08] FF Extension: Firebug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\firebug@software.joehewitt.com.xpi [2013-12-26] FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2014-05-03] FF Extension: Web Developer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-12-26] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10] FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010-10-15] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2013-11-21] FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\ FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\ [] Chrome: ======= CHR HomePage: CHR RestoreOnStartup: "hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=304&src=hmp" CHR StartupUrls: "hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=304&src=hmp" CHR DefaultSearchProvider: "name": "default-search.net" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll No File CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-22] CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-22] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11] CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2013-12-26] CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-22] CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\Exts\Chrome.crx [2014-05-21] ==================== Services (Whitelisted) ================= R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [98304 2011-01-06] (SEIKO EPSON CORPORATION) R2 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation) R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\NAV.exe [262968 2014-05-11] (Symantec Corporation) R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\NST.exe [130104 2014-05-14] (Symantec Corporation) S4 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation) R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1503000.00C\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07000.02F\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation) R3 eppvad_simple; C:\Windows\System32\drivers\EMP_UDAU.sys [23040 2011-01-06] (SEIKO EPSON CORPORATION) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140523.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140523.017\ENG64.SYS [126040 2014-04-22] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140523.017\EX64.SYS [2099288 2014-04-22] (Symantec Corporation) R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - ) R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1503000.00C\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NAVx64\1503000.00C\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-20] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1503000.00C\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-24 13:29 - 2014-05-24 13:29 - 00022679 _____ () C:\Users\User\Desktop\FRST.txt 2014-05-24 13:24 - 2014-05-24 13:29 - 00001110 _____ () C:\Users\User\Desktop\JRT.txt 2014-05-24 13:14 - 2014-05-24 13:14 - 00000000 ____D () C:\Windows\ERUNT 2014-05-24 13:12 - 2014-05-24 13:12 - 00007489 _____ () C:\Users\User\Desktop\AdwCleaner[S0].txt 2014-05-24 06:43 - 2014-05-24 13:10 - 00000000 ____D () C:\AdwCleaner 2014-05-24 06:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-24 06:38 - 2014-05-24 06:38 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe 2014-05-24 06:26 - 2014-05-24 06:26 - 01326389 _____ () C:\Users\User\Desktop\adwcleaner_3.210.exe 2014-05-24 06:18 - 2014-05-24 06:18 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus 2014-05-24 06:15 - 2014-05-24 13:12 - 00001231 _____ () C:\Users\User\Desktop\SafeDATA.lnk 2014-05-22 06:45 - 2014-05-22 06:45 - 00000000 ____D () C:\NPE 2014-05-21 22:28 - 2014-05-24 13:29 - 00000000 ____D () C:\FRST 2014-05-21 22:26 - 2014-05-21 22:26 - 00000000 _____ () C:\Users\User\defogger_reenable 2014-05-21 22:23 - 2014-05-21 22:12 - 00380416 _____ () C:\Users\User\Desktop\GMER.exe 2014-05-21 22:23 - 2014-05-21 22:10 - 02067456 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2014-05-21 22:23 - 2014-05-21 22:07 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe 2014-05-21 22:20 - 2014-05-24 06:41 - 00000000 ____D () C:\Users\User\Desktop\trojaner-board 2014-05-21 21:26 - 2014-05-21 21:26 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\otl.exe 2014-05-21 20:25 - 2014-05-21 20:25 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\otl.exe 2014-05-21 20:06 - 2014-05-21 21:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-21 20:05 - 2014-05-21 20:05 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-21 20:05 - 2014-05-21 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-21 20:05 - 2014-05-21 20:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-21 20:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-21 20:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-21 20:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-15 09:05 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 09:05 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-15 09:05 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-15 09:05 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 09:05 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 09:05 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-15 07:57 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 07:57 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-15 07:55 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-15 07:55 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-15 07:37 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-15 07:37 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-15 07:37 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-15 07:37 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-15 07:37 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-15 07:37 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-15 07:37 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-15 07:37 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-15 07:37 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-15 07:37 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-15 07:37 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-15 07:37 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-15 07:37 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-15 07:37 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-15 07:37 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-15 07:37 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-15 07:37 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-15 07:37 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-15 07:37 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 07:37 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 07:37 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-15 07:37 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-11 08:36 - 2014-05-11 08:38 - 00000368 _____ () C:\ProgramData\hpzinstall.log 2014-05-11 08:35 - 2014-05-11 08:35 - 00000000 ____D () C:\ProgramData\HP 2014-05-10 08:52 - 2014-05-10 08:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-06 08:13 - 2014-05-15 10:52 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-04-29 07:04 - 2014-04-29 07:04 - 00121239 _____ () C:\Users\User\Desktop\bookmark.htm ==================== One Month Modified Files and Folders ======= 2014-05-24 13:29 - 2014-05-24 13:29 - 00022679 _____ () C:\Users\User\Desktop\FRST.txt 2014-05-24 13:29 - 2014-05-24 13:24 - 00001110 _____ () C:\Users\User\Desktop\JRT.txt 2014-05-24 13:29 - 2014-05-21 22:28 - 00000000 ____D () C:\FRST 2014-05-24 13:19 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-24 13:19 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-24 13:14 - 2014-05-24 13:14 - 00000000 ____D () C:\Windows\ERUNT 2014-05-24 13:12 - 2014-05-24 13:12 - 00007489 _____ () C:\Users\User\Desktop\AdwCleaner[S0].txt 2014-05-24 13:12 - 2014-05-24 06:15 - 00001231 _____ () C:\Users\User\Desktop\SafeDATA.lnk 2014-05-24 13:12 - 2013-09-11 11:36 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-24 13:12 - 2011-10-27 11:56 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-05-24 13:12 - 2010-10-14 16:21 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll 2014-05-24 13:12 - 2010-04-26 14:01 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe 2014-05-24 13:11 - 2013-12-15 23:33 - 00061247 _____ () C:\Windows\setupact.log 2014-05-24 13:11 - 2010-04-26 14:01 - 00328578 _____ () C:\Windows\PFRO.log 2014-05-24 13:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-24 13:10 - 2014-05-24 06:43 - 00000000 ____D () C:\AdwCleaner 2014-05-24 13:10 - 2010-04-26 14:05 - 02088603 _____ () C:\Windows\WindowsUpdate.log 2014-05-24 13:05 - 2012-04-05 07:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-24 12:48 - 2013-09-11 11:36 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-24 06:41 - 2014-05-21 22:20 - 00000000 ____D () C:\Users\User\Desktop\trojaner-board 2014-05-24 06:38 - 2014-05-24 06:38 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe 2014-05-24 06:27 - 2011-07-23 11:24 - 00000000 ____D () C:\Users\User\Documents\Outlook-Dateien 2014-05-24 06:26 - 2014-05-24 06:26 - 01326389 _____ () C:\Users\User\Desktop\adwcleaner_3.210.exe 2014-05-24 06:18 - 2014-05-24 06:18 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus 2014-05-24 06:12 - 2011-10-21 17:41 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64 2014-05-24 06:11 - 2013-11-21 07:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus 2014-05-24 06:11 - 2012-04-01 12:03 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-05-23 14:03 - 2010-04-26 23:55 - 00768542 _____ () C:\Windows\system32\perfh007.dat 2014-05-23 14:03 - 2010-04-26 23:55 - 00175080 _____ () C:\Windows\system32\perfc007.dat 2014-05-23 14:03 - 2009-07-14 07:13 - 01812386 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-22 07:29 - 2011-01-08 18:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileZilla 2014-05-22 07:08 - 2014-01-24 19:10 - 00000000 ____D () C:\Users\User\AppData\Local\NPE 2014-05-22 06:45 - 2014-05-22 06:45 - 00000000 ____D () C:\NPE 2014-05-22 02:36 - 2013-09-11 11:49 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-22 00:34 - 2013-08-11 12:11 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe 2014-05-21 22:26 - 2014-05-21 22:26 - 00000000 _____ () C:\Users\User\defogger_reenable 2014-05-21 22:16 - 2013-10-28 21:24 - 00001365 _____ () C:\Windows\wininit.ini 2014-05-21 22:14 - 2010-10-14 16:20 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-21 22:13 - 2013-10-28 21:25 - 00000000 ___RD () C:\Users\User\Dropbox 2014-05-21 22:12 - 2014-05-21 22:23 - 00380416 _____ () C:\Users\User\Desktop\GMER.exe 2014-05-21 22:10 - 2014-05-21 22:23 - 02067456 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2014-05-21 22:07 - 2014-05-21 22:23 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe 2014-05-21 21:55 - 2014-05-21 20:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-21 21:26 - 2014-05-21 21:26 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\otl.exe 2014-05-21 20:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-05-21 20:31 - 2010-04-26 14:02 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.dll 2014-05-21 20:30 - 2010-04-26 14:01 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.exe 2014-05-21 20:25 - 2014-05-21 20:25 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\otl.exe 2014-05-21 20:05 - 2014-05-21 20:05 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-21 20:05 - 2014-05-21 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-21 20:05 - 2014-05-21 20:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-21 20:05 - 2014-01-24 19:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-21 18:26 - 2013-11-21 07:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe 2014-05-21 18:26 - 2013-11-21 07:59 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64 2014-05-19 15:58 - 2011-10-30 13:16 - 00000000 ___SD () C:\Users\User\Documents\Meine Datenquellen 2014-05-15 15:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-15 10:55 - 2010-10-14 16:20 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 10:52 - 2014-05-06 08:13 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 09:06 - 2010-03-29 11:48 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-15 09:04 - 2013-08-14 17:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-15 09:02 - 2010-10-14 17:36 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-14 06:21 - 2012-04-05 07:32 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 06:21 - 2012-04-05 07:32 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 06:21 - 2011-07-09 17:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-12 09:41 - 2010-10-15 16:15 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps 2014-05-12 07:26 - 2014-05-21 20:05 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-05-21 20:05 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-21 20:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-11 14:48 - 2013-12-26 09:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-11 08:38 - 2014-05-11 08:36 - 00000368 _____ () C:\ProgramData\hpzinstall.log 2014-05-11 08:35 - 2014-05-11 08:35 - 00000000 ____D () C:\ProgramData\HP 2014-05-10 08:52 - 2014-05-10 08:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 08:14 - 2014-05-15 07:55 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-15 07:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-09 07:43 - 2013-09-11 11:36 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-09 07:43 - 2013-09-11 11:36 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-06 07:14 - 2014-05-15 09:05 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 07:14 - 2014-05-15 09:05 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 05:53 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-06 05:48 - 2014-05-15 09:05 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:48 - 2014-05-15 09:05 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-06 05:37 - 2014-05-15 09:05 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:26 - 2014-05-15 09:05 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-04 21:32 - 2014-01-02 17:12 - 00009308 _____ () C:\Users\User\AppData\Roaming\Microsoft Excel 97-2003.EML 2014-05-01 14:52 - 2011-09-29 19:48 - 00000000 ____D () C:\Program Files (x86)\Google 2014-05-01 14:52 - 2010-03-29 12:02 - 00000000 ____D () C:\Program Files\Google 2014-05-01 11:53 - 2011-09-29 19:54 - 00000000 ____D () C:\ProgramData\Google 2014-05-01 11:53 - 2011-09-29 19:49 - 00000000 ____D () C:\Users\User\AppData\Local\Google 2014-04-30 16:27 - 2014-02-05 18:28 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-04-30 16:27 - 2014-02-05 18:28 - 00001094 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-04-30 10:25 - 2010-03-29 12:03 - 00001024 ___RH () C:\Users\Public\Documents\NTILiveUpdate.dll 2014-04-29 07:04 - 2014-04-29 07:04 - 00121239 _____ () C:\Users\User\Desktop\bookmark.htm 2014-04-27 20:50 - 2010-10-14 16:19 - 00451800 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-27 20:49 - 2009-07-14 06:45 - 09158720 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-27 20:36 - 2011-07-23 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint 2014-04-27 20:36 - 2011-07-23 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2014-04-27 20:34 - 2009-07-14 09:45 - 00000000 ____D () C:\Windows\ShellNew 2014-04-27 20:33 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2014-04-27 20:26 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini 2014-04-24 09:12 - 2011-11-03 08:09 - 00000000 ____D () C:\Users\User\AppData\Local\Akamai Files to move or delete: ==================== C:\Users\User\FileZilla_3.5.3_win32-setup.exe C:\Users\User\FileZilla_3.6.0.1_win32-setup.exe C:\Users\User\FileZilla_3.6.0.2_win32-setup.exe C:\Users\User\FileZilla_3.6.0_win32-setup.exe C:\Users\User\FileZilla_3.7.0.2_win32-setup.exe C:\Users\User\FileZilla_3.7.1_win32-setup.exe C:\Users\User\FileZilla_3.7.3_win32-setup.exe C:\Users\User\FileZilla_3.7.4.1_win32-setup.exe C:\Users\User\FileZilla_3.8.0_win32-setup.exe C:\Users\User\script.js C:\Users\User\TeamViewer_Setup_de.exe Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\amazonicon_v3.exe C:\Users\User\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\User\AppData\Local\Temp\BackupSetup.exe C:\Users\User\AppData\Local\Temp\BundleSweetIMSetup.exe C:\Users\User\AppData\Local\Temp\Delta.exe C:\Users\User\AppData\Local\Temp\DeltaTB.exe C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps8gkue.dll C:\Users\User\AppData\Local\Temp\install_flashplayer12x32axau_gtba_chra_dy_aaa_aih.exe C:\Users\User\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\User\AppData\Local\Temp\MybabylonTB.exe C:\Users\User\AppData\Local\Temp\ose00000.exe C:\Users\User\AppData\Local\Temp\profisubmit_setup.exe C:\Users\User\AppData\Local\Temp\Quarantine.exe C:\Users\User\AppData\Local\Temp\sdanircmdc.exe C:\Users\User\AppData\Local\Temp\sdapskill.exe C:\Users\User\AppData\Local\Temp\SettingsManagerSetup.exe C:\Users\User\AppData\Local\Temp\vcredist_x64.exe C:\Users\User\AppData\Local\Temp\WSSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-19 19:12 ==================== End Of Log ============================ Danke für deine Mühe Gruß von Johanna |
25.05.2014, 06:47 | #8 |
/// the machine /// TB-Ausbilder | Trojan.ADH.2 Norton AntiVirus kann nicht entfernenESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.05.2014, 11:06 | #9 |
| Trojan.ADH.2 Norton AntiVirus kann nicht entfernen Hallo Schrauber, ich habe eine externe Festplatte angeschlossen und NAS online und habe dann ESET, SecurityCheck und FRST gemacht. Bei log.txt von ESET konnte ich keine Bilder entdecken. Hier kommt das log.txt: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=ecc834840789e74cb495d20e095f91c9 # engine=18399 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-05-25 09:30:31 # local_time=2014-05-25 11:30:31 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=3590 16777213 100 84 80296 219999617 0 0 # compatibility_mode=5893 16776574 100 94 27438486 152640081 0 0 # scanned=325701 # found=29 # cleaned=0 # scan_time=7779 sh=6736252706F89DFC6899FEE6C360D8BFBF401BEC ft=1 fh=374276c930bcde15 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF10.dll.vir" sh=7909DF2339D78F00C24092FFF9491317AB954316 ft=1 fh=2ff184a74c05a271 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF11.dll.vir" sh=E5FCE2519122FAF40529BA6294CB3F0844E0C738 ft=1 fh=f13e05a62680f109 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF12.dll.vir" sh=EFC055DC03DD7698ABBFB92718A7777E2973F079 ft=1 fh=6ef019d475ea6325 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF13.dll.vir" sh=D2859A7F5E059C24ED68665DA69EDF33A7352D55 ft=1 fh=357742a168447bbd vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF14.dll.vir" sh=5F46910AFA74FD8EE8574E183A04B8E781F1A249 ft=1 fh=9887df60e379ba2f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF15.dll.vir" sh=D755D4C9CC3700F4869589360F53F61B6CC2CC72 ft=1 fh=ce2f72d226aff2b4 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF16.dll.vir" sh=D5224E3374B861B523BC618B725D88774D077E39 ft=1 fh=c6333adf6866c44f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF17.dll.vir" sh=B538DC950FD59AA3F4D1349FE0BD2E2B92603612 ft=1 fh=21900040b5af4e8e vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF18.dll.vir" sh=B785203A7E1C00F93B888EB494B33EA5D108571E ft=1 fh=fe3406bdfbae635e vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF19.dll.vir" sh=11A9C493387FFF75D1DDEDBB8F4449CD06DF8C93 ft=1 fh=005351c573d9875e vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF2.dll.vir" sh=7AE7378589350EA7FF89791FB017E371E653A5B7 ft=1 fh=f8ea411c78bbb34f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF20.dll.vir" sh=DFEDDDF25967D22BBDFC60DAB1911B85FEE88D01 ft=1 fh=dc927e8494037489 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF21.dll.vir" sh=693DE5FECAD1B00542B339DD2F9A529B4A06A5E2 ft=1 fh=e35a43df301ed0c6 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF22.dll.vir" sh=4ED4F94AF4D97B67412714D0747B45CF0FD6B2DA ft=1 fh=0444909e9111ddc6 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF23.dll.vir" sh=1AFC1DF188673069ACE2163F696052C1ECB08144 ft=1 fh=9a5377a5e8bddacd vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF24.dll.vir" sh=75E809C271D5E5ADE512E408C9EA5ADE196DE89C ft=1 fh=7061a52b9960f21b vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF25.dll.vir" sh=C400C8D7DA9B44EF26D343A43D7079E4A87AF733 ft=1 fh=dbd9550bceae1ea9 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF26.dll.vir" sh=4E650F2C07952D0925C8D71B2B0D36B410D27C51 ft=1 fh=e213dfeb1eda7c6b vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF27.dll.vir" sh=BD6032EF269C1FFAB0931168C6B5CBFE0D8AAF72 ft=1 fh=076f8ebd13e4e9b1 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF28.dll.vir" sh=02BDF10B123D2B329B87328A09D740F8C0214F51 ft=1 fh=d2c3f8c8a36e4e94 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF29.dll.vir" sh=7670B37DBB5192661C56908529F0C994E45A6954 ft=1 fh=36b8f310622c76d5 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF4.dll.vir" sh=FDD7DD7F09B21EB50AAC74FC235F05A594DAC4DC ft=1 fh=4edf44d6b267a41c vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF5.dll.vir" sh=BD07028D4DA0F02790633480206025807B0F78E2 ft=1 fh=473dff4246a7fd2a vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF6.dll.vir" sh=42E09CB7ADCA9A141089F3F2D45F746B1C236F98 ft=1 fh=ffd8dd6bffaac829 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF7.dll.vir" sh=53B8D8514A3C23F2B745FBD5C03E09BB24BF331D ft=1 fh=07e550a04c82e3f3 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF8.dll.vir" sh=6539535AAB146A3C27DB949B4376C7895C3731B6 ft=1 fh=e1ba3d53c2ef126c vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF9.dll.vir" sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\is357113909\2875809_stp\wajam_validate.exe" sh=B5067AFC965501C8BD28602C15B17B10564ACE3C ft=1 fh=3e424f9badc67a8b vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\nsl7B2A.tmp\Helper.dll" Code:
ATTFilter Results of screen317's Security Check version 0.99.83 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Norton AntiVirus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 55 Java(TM) SE Development Kit 6 Update 20 Adobe Flash Player 13.0.0.214 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (29.0.1) Google Chrome 34.0.1847.137 Google Chrome 35.0.1916.114 ````````Process Check: objlist.exe by Laurent```````` Norton AntiVirus Engine 21.3.0.12 NAV.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 Ran by User (administrator) on WIN7MS on 25-05-2014 11:59:25 Running from C:\Users\User\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AMD) C:\Windows\System32\atieclxx.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (QNAP) C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 2012\Safe.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 2012\SteganosHotKeyService.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 2012\fredirstarter.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\nav.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\nst.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\nav.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\nst.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 2012\Safe.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 2012\Safe.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 2012\Safe.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SAFE2012 HotKeys] => C:\Program Files (x86)\Steganos Safe 2012\SteganosHotKeyService.exe [84480 2011-11-16] (Steganos Software GmbH) HKLM-x32\...\Run: [SAFE2012 File Redirection Starter] => C:\Program Files (x86)\Steganos Safe 2012\fredirstarter.exe [17408 2011-11-16] (Steganos Software GmbH) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\Run: [SAFE2012_Safe] => C:\Program Files (x86)\Steganos Safe 2012\Safe.exe [3310688 2011-11-16] (Steganos Software GmbH) HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\MountPoints2: E - E:\LaunchU3.exe -a HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\MountPoints2: {07918612-2978-11e2-9d54-78e4002e9d98} - E:\EMP_UDSe.exe /autorun HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\MountPoints2: {1d4aab26-2b32-11e2-89dc-705ab6d3fb7e} - E:\LaunchU3.exe -a HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\MountPoints2: {2c2020df-6868-11e1-a965-78e4002e9d98} - E:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-626039856-3918898000-2181074896-1003\...\MountPoints2: {2c2020f5-6868-11e1-a965-78e4002e9d98} - F:\setup_vmc_lite.exe /checkApplicationPresence HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.2.0.38 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NAV&pvid=21.2.0.38 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = hxxp://home.microsoft.com/access/autosearch.asp?p=%s HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.47\coIEPlg.dll (Symantec Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coIEPlg.dll (Symantec Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.47\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.47\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default FF NewTab: chrome://lightning/content/newtab.html FF Homepage: https://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: SeoQuake - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-05-08] FF Extension: Firebug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\firebug@software.joehewitt.com.xpi [2013-12-26] FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2014-05-03] FF Extension: Web Developer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m66mev98.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-12-26] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10] FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010-10-15] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2013-11-21] FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\ FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\ [] Chrome: ======= CHR HomePage: CHR RestoreOnStartup: "hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=304&src=hmp" CHR StartupUrls: "hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=304&src=hmp" CHR DefaultSearchProvider: "name": "default-search.net" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll No File CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-22] CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-22] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11] CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2013-12-26] CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-22] CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\Exts\Chrome.crx [2014-05-21] ==================== Services (Whitelisted) ================= R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [98304 2011-01-06] (SEIKO EPSON CORPORATION) R2 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation) R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\NAV.exe [262968 2014-05-11] (Symantec Corporation) R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\NST.exe [130104 2014-05-14] (Symantec Corporation) S4 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation) R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-07-04] (Vodafone) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1503000.00C\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07000.02F\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation) R3 eppvad_simple; C:\Windows\System32\drivers\EMP_UDAU.sys [23040 2011-01-06] (SEIKO EPSON CORPORATION) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140523.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140524.016\ENG64.SYS [126040 2014-04-22] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140524.016\EX64.SYS [2099288 2014-04-22] (Symantec Corporation) R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - ) R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1503000.00C\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NAVx64\1503000.00C\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-20] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1503000.00C\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-25 11:59 - 2014-05-25 11:59 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion 2014-05-25 11:57 - 2014-05-25 11:57 - 00000969 _____ () C:\Users\User\Desktop\checkup.txt 2014-05-25 11:51 - 2014-05-25 11:51 - 00854367 _____ () C:\Users\User\Desktop\SecurityCheck.exe 2014-05-25 08:54 - 2014-05-25 08:55 - 02347384 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_deu.exe 2014-05-25 08:31 - 2014-05-25 08:31 - 00001231 _____ () C:\Users\User\Desktop\SafeDATA.lnk 2014-05-25 07:06 - 2014-05-25 07:06 - 00000839 _____ () C:\Users\User\Desktop\LYNX_2014_2 - Verknüpfung.lnk 2014-05-24 13:30 - 2014-05-24 13:30 - 00043927 _____ () C:\Users\User\Desktop\FRST2014-05-24.txt 2014-05-24 13:29 - 2014-05-25 11:59 - 00022991 _____ () C:\Users\User\Desktop\FRST.txt 2014-05-24 13:24 - 2014-05-24 13:29 - 00001110 _____ () C:\Users\User\Desktop\JRT.txt 2014-05-24 13:14 - 2014-05-24 13:14 - 00000000 ____D () C:\Windows\ERUNT 2014-05-24 13:12 - 2014-05-24 13:12 - 00007489 _____ () C:\Users\User\Desktop\AdwCleaner[S0].txt 2014-05-24 06:43 - 2014-05-24 13:10 - 00000000 ____D () C:\AdwCleaner 2014-05-24 06:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-24 06:38 - 2014-05-24 06:38 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe 2014-05-24 06:26 - 2014-05-24 06:26 - 01326389 _____ () C:\Users\User\Desktop\adwcleaner_3.210.exe 2014-05-24 06:18 - 2014-05-24 06:18 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus 2014-05-22 06:45 - 2014-05-22 06:45 - 00000000 ____D () C:\NPE 2014-05-21 22:28 - 2014-05-25 11:59 - 00000000 ____D () C:\FRST 2014-05-21 22:26 - 2014-05-21 22:26 - 00000000 _____ () C:\Users\User\defogger_reenable 2014-05-21 22:23 - 2014-05-25 11:59 - 02066432 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2014-05-21 22:23 - 2014-05-21 22:12 - 00380416 _____ () C:\Users\User\Desktop\GMER.exe 2014-05-21 22:23 - 2014-05-21 22:07 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe 2014-05-21 22:20 - 2014-05-25 08:53 - 00000000 ____D () C:\Users\User\Desktop\trojaner-board 2014-05-21 21:26 - 2014-05-21 21:26 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\otl.exe 2014-05-21 20:25 - 2014-05-21 20:25 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\otl.exe 2014-05-21 20:06 - 2014-05-21 21:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-21 20:05 - 2014-05-21 20:05 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-21 20:05 - 2014-05-21 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-21 20:05 - 2014-05-21 20:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-21 20:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-21 20:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-21 20:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-15 09:05 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 09:05 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-15 09:05 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-15 09:05 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-15 09:05 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 09:05 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-15 07:57 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-15 07:57 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-15 07:55 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-15 07:55 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-15 07:37 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-15 07:37 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-15 07:37 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-15 07:37 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-15 07:37 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-15 07:37 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-15 07:37 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-15 07:37 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-15 07:37 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-15 07:37 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-15 07:37 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-15 07:37 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-15 07:37 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-15 07:37 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-15 07:37 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-15 07:37 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-15 07:37 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-15 07:37 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-15 07:37 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-15 07:37 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-15 07:37 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-15 07:37 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-15 07:37 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-15 07:37 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-11 08:36 - 2014-05-11 08:38 - 00000368 _____ () C:\ProgramData\hpzinstall.log 2014-05-11 08:35 - 2014-05-11 08:35 - 00000000 ____D () C:\ProgramData\HP 2014-05-10 08:52 - 2014-05-10 08:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-06 08:13 - 2014-05-15 10:52 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-04-29 07:04 - 2014-04-29 07:04 - 00121239 _____ () C:\Users\User\Desktop\bookmark.htm ==================== One Month Modified Files and Folders ======= 2014-05-25 11:59 - 2014-05-25 11:59 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion 2014-05-25 11:59 - 2014-05-24 13:29 - 00022991 _____ () C:\Users\User\Desktop\FRST.txt 2014-05-25 11:59 - 2014-05-21 22:28 - 00000000 ____D () C:\FRST 2014-05-25 11:59 - 2014-05-21 22:23 - 02066432 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2014-05-25 11:57 - 2014-05-25 11:57 - 00000969 _____ () C:\Users\User\Desktop\checkup.txt 2014-05-25 11:51 - 2014-05-25 11:51 - 00854367 _____ () C:\Users\User\Desktop\SecurityCheck.exe 2014-05-25 11:51 - 2011-07-23 11:24 - 00000000 ____D () C:\Users\User\Documents\Outlook-Dateien 2014-05-25 11:48 - 2013-09-11 11:36 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-25 11:05 - 2012-04-05 07:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-25 09:24 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-25 09:24 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-25 09:20 - 2010-04-26 14:05 - 01064693 _____ () C:\Windows\WindowsUpdate.log 2014-05-25 08:55 - 2014-05-25 08:54 - 02347384 _____ (ESET) C:\Users\User\Desktop\esetsmartinstaller_deu.exe 2014-05-25 08:53 - 2014-05-21 22:20 - 00000000 ____D () C:\Users\User\Desktop\trojaner-board 2014-05-25 08:42 - 2010-04-26 23:55 - 00768542 _____ () C:\Windows\system32\perfh007.dat 2014-05-25 08:42 - 2010-04-26 23:55 - 00175080 _____ () C:\Windows\system32\perfc007.dat 2014-05-25 08:42 - 2009-07-14 07:13 - 01812386 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-25 08:32 - 2011-10-27 11:56 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-05-25 08:31 - 2014-05-25 08:31 - 00001231 _____ () C:\Users\User\Desktop\SafeDATA.lnk 2014-05-25 08:31 - 2013-12-15 23:33 - 00061863 _____ () C:\Windows\setupact.log 2014-05-25 08:31 - 2013-09-11 11:36 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-25 08:31 - 2010-10-14 16:21 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll 2014-05-25 08:31 - 2010-04-26 14:01 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe 2014-05-25 08:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-25 08:29 - 2010-10-15 16:15 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps 2014-05-25 07:06 - 2014-05-25 07:06 - 00000839 _____ () C:\Users\User\Desktop\LYNX_2014_2 - Verknüpfung.lnk 2014-05-24 13:30 - 2014-05-24 13:30 - 00043927 _____ () C:\Users\User\Desktop\FRST2014-05-24.txt 2014-05-24 13:29 - 2014-05-24 13:24 - 00001110 _____ () C:\Users\User\Desktop\JRT.txt 2014-05-24 13:14 - 2014-05-24 13:14 - 00000000 ____D () C:\Windows\ERUNT 2014-05-24 13:12 - 2014-05-24 13:12 - 00007489 _____ () C:\Users\User\Desktop\AdwCleaner[S0].txt 2014-05-24 13:11 - 2010-04-26 14:01 - 00328578 _____ () C:\Windows\PFRO.log 2014-05-24 13:10 - 2014-05-24 06:43 - 00000000 ____D () C:\AdwCleaner 2014-05-24 06:38 - 2014-05-24 06:38 - 01016261 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe 2014-05-24 06:26 - 2014-05-24 06:26 - 01326389 _____ () C:\Users\User\Desktop\adwcleaner_3.210.exe 2014-05-24 06:18 - 2014-05-24 06:18 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus 2014-05-24 06:12 - 2011-10-21 17:41 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64 2014-05-24 06:11 - 2013-11-21 07:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus 2014-05-24 06:11 - 2012-04-01 12:03 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-05-22 07:29 - 2011-01-08 18:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileZilla 2014-05-22 07:08 - 2014-01-24 19:10 - 00000000 ____D () C:\Users\User\AppData\Local\NPE 2014-05-22 06:45 - 2014-05-22 06:45 - 00000000 ____D () C:\NPE 2014-05-22 02:36 - 2013-09-11 11:49 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-22 00:34 - 2013-08-11 12:11 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe 2014-05-21 22:26 - 2014-05-21 22:26 - 00000000 _____ () C:\Users\User\defogger_reenable 2014-05-21 22:16 - 2013-10-28 21:24 - 00001365 _____ () C:\Windows\wininit.ini 2014-05-21 22:14 - 2010-10-14 16:20 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-21 22:13 - 2013-10-28 21:25 - 00000000 ___RD () C:\Users\User\Dropbox 2014-05-21 22:12 - 2014-05-21 22:23 - 00380416 _____ () C:\Users\User\Desktop\GMER.exe 2014-05-21 22:07 - 2014-05-21 22:23 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe 2014-05-21 21:55 - 2014-05-21 20:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-21 21:26 - 2014-05-21 21:26 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\otl.exe 2014-05-21 20:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-05-21 20:31 - 2010-04-26 14:02 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.dll 2014-05-21 20:30 - 2010-04-26 14:01 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.exe 2014-05-21 20:25 - 2014-05-21 20:25 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\otl.exe 2014-05-21 20:05 - 2014-05-21 20:05 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-21 20:05 - 2014-05-21 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-21 20:05 - 2014-05-21 20:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-21 20:05 - 2014-01-24 19:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-21 18:26 - 2013-11-21 07:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe 2014-05-21 18:26 - 2013-11-21 07:59 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64 2014-05-19 15:58 - 2011-10-30 13:16 - 00000000 ___SD () C:\Users\User\Documents\Meine Datenquellen 2014-05-15 15:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-15 10:55 - 2010-10-14 16:20 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 10:52 - 2014-05-06 08:13 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 09:06 - 2010-03-29 11:48 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-15 09:04 - 2013-08-14 17:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-15 09:02 - 2010-10-14 17:36 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-14 06:21 - 2012-04-05 07:32 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 06:21 - 2012-04-05 07:32 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 06:21 - 2011-07-09 17:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-12 07:26 - 2014-05-21 20:05 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-05-21 20:05 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-21 20:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-11 14:48 - 2013-12-26 09:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-11 08:38 - 2014-05-11 08:36 - 00000368 _____ () C:\ProgramData\hpzinstall.log 2014-05-11 08:35 - 2014-05-11 08:35 - 00000000 ____D () C:\ProgramData\HP 2014-05-10 08:52 - 2014-05-10 08:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 08:14 - 2014-05-15 07:55 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-15 07:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-09 07:43 - 2013-09-11 11:36 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-09 07:43 - 2013-09-11 11:36 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-06 07:14 - 2014-05-15 09:05 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 07:14 - 2014-05-15 09:05 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 05:53 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-06 05:48 - 2014-05-15 09:05 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:48 - 2014-05-15 09:05 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-06 05:37 - 2014-05-15 09:05 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:26 - 2014-05-15 09:05 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-04 21:32 - 2014-01-02 17:12 - 00009308 _____ () C:\Users\User\AppData\Roaming\Microsoft Excel 97-2003.EML 2014-05-01 14:52 - 2011-09-29 19:48 - 00000000 ____D () C:\Program Files (x86)\Google 2014-05-01 14:52 - 2010-03-29 12:02 - 00000000 ____D () C:\Program Files\Google 2014-05-01 11:53 - 2011-09-29 19:54 - 00000000 ____D () C:\ProgramData\Google 2014-05-01 11:53 - 2011-09-29 19:49 - 00000000 ____D () C:\Users\User\AppData\Local\Google 2014-04-30 16:27 - 2014-02-05 18:28 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-04-30 16:27 - 2014-02-05 18:28 - 00001094 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-04-30 10:25 - 2010-03-29 12:03 - 00001024 ___RH () C:\Users\Public\Documents\NTILiveUpdate.dll 2014-04-29 07:04 - 2014-04-29 07:04 - 00121239 _____ () C:\Users\User\Desktop\bookmark.htm 2014-04-27 20:50 - 2010-10-14 16:19 - 00451800 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-27 20:49 - 2009-07-14 06:45 - 09158720 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-27 20:36 - 2011-07-23 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint 2014-04-27 20:36 - 2011-07-23 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2014-04-27 20:34 - 2009-07-14 09:45 - 00000000 ____D () C:\Windows\ShellNew 2014-04-27 20:33 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2014-04-27 20:26 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini Files to move or delete: ==================== C:\Users\User\FileZilla_3.8.0_win32-setup.exe C:\Users\User\TeamViewer_Setup_de.exe Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\amazonicon_v3.exe C:\Users\User\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\User\AppData\Local\Temp\BackupSetup.exe C:\Users\User\AppData\Local\Temp\BundleSweetIMSetup.exe C:\Users\User\AppData\Local\Temp\Delta.exe C:\Users\User\AppData\Local\Temp\DeltaTB.exe C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps8gkue.dll C:\Users\User\AppData\Local\Temp\install_flashplayer12x32axau_gtba_chra_dy_aaa_aih.exe C:\Users\User\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\User\AppData\Local\Temp\MybabylonTB.exe C:\Users\User\AppData\Local\Temp\ose00000.exe C:\Users\User\AppData\Local\Temp\profisubmit_setup.exe C:\Users\User\AppData\Local\Temp\Quarantine.exe C:\Users\User\AppData\Local\Temp\sdanircmdc.exe C:\Users\User\AppData\Local\Temp\sdapskill.exe C:\Users\User\AppData\Local\Temp\SettingsManagerSetup.exe C:\Users\User\AppData\Local\Temp\vcredist_x64.exe C:\Users\User\AppData\Local\Temp\WSSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-19 19:12 ==================== End Of Log ============================ Beste Grüße von Johanna |
26.05.2014, 11:45 | #10 |
/// the machine /// TB-Ausbilder | Trojan.ADH.2 Norton AntiVirus kann nicht entfernen Adobe updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll C:\Program Files (x86)\Settings Manager Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.05.2014, 06:07 | #11 |
| Trojan.ADH.2 Norton AntiVirus kann nicht entfernen Hallo Schrauber, danke für deine ausführliche zeitnahe Begleitung. Ich habe TFC durchgeführt und Fixlog.txt erstellt und auf dem Desktop gespeichert. Der Inhalt der Datei war sehr kurz und ich konnte keine Probleme erkennen. Blöderweise habe ich nicht gleich den Inhalt hier gepostet. Hab die Defogger re-enable gemacht. Delfix hat leider nun die fixlog.txt gelöscht, so dass ich sie nicht mehr posten kann. Merci für die abschließende Tipps - ich werde sie beherzigen. Danke für die tolle Unterstützung!!! Beste Grüße von Johanna |
27.05.2014, 18:32 | #12 |
/// the machine /// TB-Ausbilder | Trojan.ADH.2 Norton AntiVirus kann nicht entfernen Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Trojan.ADH.2 Norton AntiVirus kann nicht entfernen |
anleitung, antivirus, defogger, entferne, entfernen, erkenn, erkennt, fehlgeschlagen, leitung, malwarebyte, trojan.adh.2, trojan.adh.2 - norton antivirus, weiterhelfen, win32/toolbar.searchsuite.c, win32/toolbar.searchsuite.q, win32/wajam.f |