Hallo,
ich habe mir heute Morgen auch diese widevinecdmadapter.dll eingefangen.

Dateiname: widevinecdmadapter.dll
Vollständiger Pfad: c:\Users\****\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll

Nach suchen was das ist bin ich auf dieses Board und diesen Thread gestoßen http://www.trojaner-board.de/150610-...apter-dll.html

Ich habe nun einige Schritte wie im Thread befolgt.Leider werde ich aus den verschiedenen Log's nicht schlau. Kann mal jemand bitte drüber schauen.

erste FRST.txt

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02
Ran by Mom (administrator) on MOM-PC on 15-06-2014 15:52:41
Running from F:\Trojanher-soft\Farbar Recovery Scan Tool
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files\Winamp\winampa.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(ITSamples.com) C:\Program Files\NetworkIndicator\NetworkIndicator.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() F:\Iphone\ifunbox.win\ifb_conn.exe
(Spotify Ltd) C:\Users\Mom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Dropbox, Inc.) C:\Users\Mom\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Google Inc.) C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [P17RunE] => C:\Windows\system32\P17RunE.dll [14848 2008-03-28] (Creative Technology Ltd.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [37888 2009-04-10] ()
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109336 2013-01-22] (Siber Systems)
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [NetworkIndicator] => C:\Program Files\NetworkIndicator\NetworkIndicator.exe [344064 2010-10-25] (ITSamples.com)
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [iFunBoxConnector] => F:\Iphone\ifunbox.win\ifb_conn.exe [812544 2013-01-08] ()
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [Google Update] => C:\Users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-25] (Google Inc.)
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [Spotify Web Helper] => C:\Users\Mom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-02] (Spotify Ltd)
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\MountPoints2: {c1b01022-70fa-11e2-9807-00248c592651} - L:\.\autorun.exe
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\MountPoints2: {c42abe1a-c128-11e2-a715-00248c592651} - L:\LaunchU3.exe -a
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\MountPoints2: {cae506c6-648f-11e2-9e32-00248c592651} - K:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mom\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9C08BD7E9EF8CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.facebook.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.4.0.40
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Mom\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Mom\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF [2013-10-09]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ []

Chrome: 
=======
CHR HomePage: chrome://newtab
CHR StartupUrls: "hxxp://www.t-online.de/", "hxxp://www.facebook.de/", "hxxp://forum.gewinnspiele.com/", "hxxp://www.inselatelier.de/index.php/nicole-wenning-borkum/live-uebertragung-von-der-promenade", "hxxp://www.borkum.de/DE/insel/interaktiv/webcams.php"
CHR Extension: (Google Docs) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-05]
CHR Extension: (Google Drive) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-05]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-05-12]
CHR Extension: (YouTube) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-25]
CHR Extension: (Google-Suche) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-05]
CHR Extension: (Google Wallet) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-05]
CHR Extension: (Google Mail) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-05]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-01]

========================== Services (Whitelisted) =================

S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-01-22] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S2 KMService; C:\Windows\system32\srvany.exe [8192 2013-01-22] () [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [129536 2012-04-06] (Samsung Electronics) [File not signed]

==================== Drivers (Whitelisted) ====================

S3 athr; C:\Windows\System32\DRIVERS\athr.sys [1882624 2011-02-08] (Atheros Communications, Inc.) [File not signed]
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1405000.01C\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-11-06] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-11-06] (Symantec Corporation)
R3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [99968 2009-02-09] (Guillemot Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140613.001\IDSvix86.sys [395992 2014-03-26] (Symantec Corporation)
R3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [41752 2007-10-12] (Logitech Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140614.001\NAVENG.SYS [93272 2014-06-09] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140614.001\NAVEX15.SYS [1612376 2014-06-09] (Symantec Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2012-03-26] (Apple Inc.) [File not signed]
R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2014-06-15] (secr9tos) [File not signed]
R3 P17; C:\Windows\System32\drivers\P17.sys [1168896 2009-10-16] (Creative Technology Ltd.)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [490776 2007-10-12] (Logitech Inc.)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-08-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-08-20] (RapidSolution Software AG)
R3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10371072 2007-07-17] (Sonix Co. Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2013-01-22] () [File not signed]
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1405000.01C\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1405000.01C\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1405000.01C\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1405000.01C\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1405000.01C\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1405000.01C\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39016 2012-08-20] (RapidSolution Software AG)
S3 tmnsusbser; C:\Windows\System32\DRIVERS\tmnsusbser.sys [108160 2010-04-21] (Wireless Device)
S3 tmusbnet; C:\Windows\System32\DRIVERS\tmusbnet.sys [109568 2010-04-20] (QUALCOMM Incorporated)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16128 2013-10-11] (Windows (R) Win 7 DDK provider)
U3 ax8bwhf2; C:\Windows\system32\Drivers\ax8bwhf2.sys [0 ] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-15 15:44 - 2014-06-15 15:44 - 00000785 _____ () C:\Users\Mom\Desktop\JRT.txt
2014-06-15 15:32 - 2014-06-15 15:32 - 00000000 ____D () C:\Windows\ERUNT
2014-06-15 15:19 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-15 15:18 - 2014-06-15 15:24 - 00000000 ____D () C:\AdwCleaner
2014-06-15 13:50 - 2014-06-15 15:52 - 00000000 ____D () C:\FRST
2014-06-15 12:15 - 2014-06-15 14:59 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-15 12:15 - 2014-06-15 14:29 - 00001056 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-15 12:15 - 2014-06-15 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-15 12:15 - 2014-06-15 14:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-15 12:15 - 2014-06-15 12:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-15 12:15 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-15 12:15 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-15 12:15 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-13 17:43 - 2014-06-13 17:43 - 00000000 ____D () C:\Users\Mom\AppData\Local\Adobe
2014-06-13 13:23 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-13 13:23 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-13 13:23 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-13 13:23 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-13 13:23 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-13 13:23 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 18:18 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 18:18 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 18:18 - 2014-05-08 11:06 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 18:18 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 18:17 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 18:17 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 18:17 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 18:17 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 18:17 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 18:17 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 18:17 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 18:17 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 18:17 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 18:17 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 18:17 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 18:17 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 18:17 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 18:17 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 18:17 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 18:17 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 18:17 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 18:17 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 18:17 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 18:17 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 18:17 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 18:17 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 18:17 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 18:17 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 18:17 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 18:17 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 18:17 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 18:17 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 19:39 - 2014-06-15 15:40 - 00000000 ___RD () C:\Users\Mom\Dropbox
2014-06-10 19:39 - 2014-06-10 19:39 - 00001035 _____ () C:\Users\Mom\Desktop\Dropbox.lnk
2014-06-07 22:59 - 2014-06-07 22:59 - 00519525 _____ () C:\Users\Mom\Documents\ALG2-Berechnung_V2014-02-28.ods
2014-06-07 10:44 - 2014-06-07 10:49 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-06-06 22:19 - 2014-06-15 15:40 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\DropboxMaster
2014-06-06 22:18 - 2014-06-06 22:18 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-06 22:14 - 2014-06-15 15:40 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Dropbox
2014-06-05 21:38 - 2014-06-05 21:38 - 00630272 _____ () C:\Users\Mom\Documents\sap_work_einkaufsvorgang_beispiel_45B_01.ppt
2014-06-05 21:37 - 2014-06-05 21:37 - 00223232 _____ () C:\Users\Mom\Documents\sap_work_demsystem_einstellungen_01.ppt
2014-06-04 20:10 - 2014-06-04 20:10 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieUserList
2014-06-04 20:10 - 2014-06-04 20:10 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieSiteList
2014-06-03 17:58 - 2014-06-03 17:58 - 00000622 _____ () C:\Users\Mom\Desktop\WBS - Verknüpfung.lnk
2014-05-28 20:45 - 2014-05-28 20:45 - 32087148 _____ () C:\Users\Mom\Downloads\sample.avi
2014-05-28 16:20 - 2014-05-28 16:20 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-28 16:20 - 2014-05-28 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-28 16:18 - 2014-05-28 16:20 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-28 16:18 - 2014-05-28 16:20 - 00000000 ____D () C:\Program Files\iTunes
2014-05-28 16:18 - 2014-05-28 16:18 - 00000000 ____D () C:\Program Files\iPod
2014-05-24 10:15 - 2014-05-24 10:15 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-24 10:15 - 2014-05-24 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-24 10:15 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-24 10:15 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-24 10:15 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-24 10:15 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-21 22:03 - 2014-05-21 22:06 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\.oit
2014-05-21 21:53 - 2014-05-21 22:19 - 00000000 ____D () C:\Program Files\Kroll Ontrack
2014-05-20 14:10 - 2013-05-17 13:43 - 00000000 ____D () C:\Users\Mom\Documents\Horst Lichter – Grossmutters geheime Rezepte
2014-05-20 14:08 - 2014-05-20 14:09 - 51747050 _____ () C:\Users\Mom\Documents\Yls52f5f.rar
2014-05-20 14:04 - 2014-05-20 14:04 - 00001299 _____ () C:\Users\Mom\Documents\20140520-1016450072-umsMT940.txt
2014-05-20 14:02 - 2014-05-20 14:02 - 00001341 _____ () C:\Users\Mom\Documents\20140520-1016450072-umsatz.csv

==================== One Month Modified Files and Folders =======

2014-06-15 15:53 - 2013-01-22 14:02 - 00000000 ____D () C:\Users\Mom\AppData\Local\Temp
2014-06-15 15:52 - 2014-06-15 13:50 - 00000000 ____D () C:\FRST
2014-06-15 15:52 - 2013-07-04 10:14 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-15 15:47 - 2009-07-14 06:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-15 15:47 - 2009-07-14 06:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-15 15:44 - 2014-06-15 15:44 - 00000785 _____ () C:\Users\Mom\Desktop\JRT.txt
2014-06-15 15:40 - 2014-06-10 19:39 - 00000000 ___RD () C:\Users\Mom\Dropbox
2014-06-15 15:40 - 2014-06-06 22:19 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\DropboxMaster
2014-06-15 15:40 - 2014-06-06 22:14 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Dropbox
2014-06-15 15:39 - 2013-07-04 10:14 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-15 15:39 - 2013-01-22 14:00 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys
2014-06-15 15:39 - 2011-05-12 13:53 - 00097806 _____ () C:\Windows\setupact.log
2014-06-15 15:39 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-15 15:38 - 2013-01-22 13:49 - 01512192 _____ () C:\Windows\WindowsUpdate.log
2014-06-15 15:32 - 2014-06-15 15:32 - 00000000 ____D () C:\Windows\ERUNT
2014-06-15 15:28 - 2010-11-20 23:48 - 00119566 _____ () C:\Windows\PFRO.log
2014-06-15 15:24 - 2014-06-15 15:18 - 00000000 ____D () C:\AdwCleaner
2014-06-15 15:23 - 2013-05-25 15:18 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-15 15:23 - 2013-01-22 14:03 - 00001140 _____ () C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-15 15:12 - 2013-05-25 15:17 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3156063637-4183764843-1936028-1000UA.job
2014-06-15 15:00 - 2010-11-20 23:01 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-15 14:59 - 2014-06-15 12:15 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-15 14:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Web
2014-06-15 14:29 - 2014-06-15 12:15 - 00001056 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-15 14:29 - 2014-06-15 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-15 14:29 - 2014-06-15 12:15 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-15 12:15 - 2014-06-15 12:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-15 00:12 - 2013-11-04 16:12 - 00000035 _____ () C:\Users\Mom\AppData\Roaming\WB.CFG
2014-06-14 22:19 - 2013-05-25 15:18 - 00002340 _____ () C:\Users\Mom\Desktop\Google Chrome.lnk
2014-06-14 19:46 - 2013-02-15 00:23 - 00000000 ____D () C:\Users\Mom\AppData\Local\625937AE-53AE-441E-8760-7DD1A270DE96.aplzod
2014-06-13 17:43 - 2014-06-13 17:43 - 00000000 ____D () C:\Users\Mom\AppData\Local\Adobe
2014-06-13 17:11 - 2013-01-26 21:35 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-13 17:11 - 2013-01-26 21:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-13 08:12 - 2013-05-25 15:17 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3156063637-4183764843-1936028-1000Core.job
2014-06-12 21:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-12 20:52 - 2014-05-06 22:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-10 19:39 - 2014-06-10 19:39 - 00001035 _____ () C:\Users\Mom\Desktop\Dropbox.lnk
2014-06-10 19:39 - 2013-01-22 14:02 - 00000000 ____D () C:\Users\Mom
2014-06-08 13:51 - 2013-01-30 08:55 - 00000000 ____D () C:\Users\Mom\Documents\Eigene Scans
2014-06-08 10:48 - 2014-06-12 18:18 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-12 18:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 22:59 - 2014-06-07 22:59 - 00519525 _____ () C:\Users\Mom\Documents\ALG2-Berechnung_V2014-02-28.ods
2014-06-07 10:49 - 2014-06-07 10:44 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-06-06 22:18 - 2014-06-06 22:18 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-05 21:38 - 2014-06-05 21:38 - 00630272 _____ () C:\Users\Mom\Documents\sap_work_einkaufsvorgang_beispiel_45B_01.ppt
2014-06-05 21:37 - 2014-06-05 21:37 - 00223232 _____ () C:\Users\Mom\Documents\sap_work_demsystem_einstellungen_01.ppt
2014-06-04 20:10 - 2014-06-04 20:10 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieUserList
2014-06-04 20:10 - 2014-06-04 20:10 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieSiteList
2014-06-03 17:58 - 2014-06-03 17:58 - 00000622 _____ () C:\Users\Mom\Desktop\WBS - Verknüpfung.lnk
2014-06-01 19:56 - 2013-01-22 20:48 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\vlc
2014-05-30 11:18 - 2014-06-12 18:17 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 11:02 - 2014-06-12 18:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 11:02 - 2014-06-12 18:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 10:44 - 2014-06-12 18:17 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 10:43 - 2014-06-12 18:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 10:42 - 2014-06-12 18:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 18:17 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 10:34 - 2014-06-12 18:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 18:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 10:30 - 2014-06-12 18:17 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 10:28 - 2014-06-12 18:17 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 10:28 - 2014-06-12 18:17 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 10:27 - 2014-06-12 18:17 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 10:21 - 2014-06-12 18:17 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 10:16 - 2014-06-12 18:17 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 18:17 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 18:17 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:04 - 2014-06-12 18:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 18:17 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 09:57 - 2014-06-12 18:17 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 09:56 - 2014-06-12 18:17 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 09:54 - 2014-06-12 18:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 18:17 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 18:17 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 09:40 - 2014-06-12 18:17 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:21 - 2014-06-12 18:17 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:15 - 2014-06-12 18:17 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:13 - 2014-06-12 18:17 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-28 20:45 - 2014-05-28 20:45 - 32087148 _____ () C:\Users\Mom\Downloads\sample.avi
2014-05-28 16:27 - 2013-01-26 11:56 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Winamp
2014-05-28 16:20 - 2014-05-28 16:20 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-28 16:20 - 2014-05-28 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-28 16:20 - 2014-05-28 16:18 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-28 16:20 - 2014-05-28 16:18 - 00000000 ____D () C:\Program Files\iTunes
2014-05-28 16:18 - 2014-05-28 16:18 - 00000000 ____D () C:\Program Files\iPod
2014-05-28 16:18 - 2013-02-15 00:11 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-27 10:09 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-24 10:16 - 2013-10-18 08:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-24 10:15 - 2014-05-24 10:15 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-24 10:15 - 2014-05-24 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-24 10:15 - 2013-10-18 08:44 - 00000000 ____D () C:\Program Files\Java
2014-05-21 22:19 - 2014-05-21 21:53 - 00000000 ____D () C:\Program Files\Kroll Ontrack
2014-05-21 22:19 - 2013-01-22 14:08 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-21 22:06 - 2014-05-21 22:03 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\.oit
2014-05-21 21:52 - 2013-01-22 14:08 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-05-20 14:09 - 2014-05-20 14:08 - 51747050 _____ () C:\Users\Mom\Documents\Yls52f5f.rar
2014-05-20 14:04 - 2014-05-20 14:04 - 00001299 _____ () C:\Users\Mom\Documents\20140520-1016450072-umsMT940.txt
2014-05-20 14:02 - 2014-05-20 14:02 - 00001341 _____ () C:\Users\Mom\Documents\20140520-1016450072-umsatz.csv
2014-05-16 10:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 09:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE

Some content of TEMP:
====================
C:\Users\Mom\AppData\Local\Temp\7-zip.dll
C:\Users\Mom\AppData\Local\Temp\7z.dll
C:\Users\Mom\AppData\Local\Temp\7z.exe
C:\Users\Mom\AppData\Local\Temp\amazonicon_v3.exe
C:\Users\Mom\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Mom\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Mom\AppData\Local\Temp\AskSLib.dll
C:\Users\Mom\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mom\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe11o_p.dll
C:\Users\Mom\AppData\Local\Temp\Installation.exe
C:\Users\Mom\AppData\Local\Temp\Install_CopyTrans_Suite.exe
C:\Users\Mom\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Mom\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Mom\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Mom\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Mom\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Mom\AppData\Local\Temp\ose00000.exe
C:\Users\Mom\AppData\Local\Temp\Quarantine.exe
C:\Users\Mom\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Mom\AppData\Local\Temp\sdapskill.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 08:10

==================== End Of Log ============================
         

Addition.txt

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-06-2014 02
Ran by Mom at 2014-06-15 13:52:08
Running from F:\Trojanher-soft
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security Online (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security Online (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security Online (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audials (HKLM\...\{73ABAA0E-70F0-4048-AD43-A5F5A13A198D}) (Version: 9.1.31900.0 - Audials AG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 140.0.298.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{3091A8EB-386B-46D7-8E19-4139424261DD}) (Version: 1.24.0 - Kovid Goyal)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Classic Silver Drivers (HKLM\...\{8678BD65-D66E-48BB-8531-91D0EF8998A1}) (Version: 4.0.2.6 - Hercules)
Content Manager 2 (HKLM\...\Content Manager 2) (Version: 3.10.0.52790 - NNG Llc.)
Creative Audio-Systemsteuerung (HKLM\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Destinations (Version: 140.0.0.0 - Hewlett-Packard) Hidden
DocProc (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.3 - Dropbox, Inc.)
Eigenschaften von Creative Sound Blaster (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 14.4.20130909 - Landesfinanzdirektion Thüringen)
erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden
FormatFactory 3.2.1.0 (HKLM\...\FormatFactory) (Version: 3.2.1.0 - Free Time)
Free FLV Converter V 7.5.0 (HKLM\...\Free FLV Converter_is1) (Version: 7.5.0.0 - Koyote Soft)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Hercules Classic Silver (HKLM\...\{B1549CC1-EB81-4E7C-9C7C-8B97CD9FD37A}) (Version:  - )
Hercules Webcam Station Evolution SE (HKLM\...\{C3C44248-B8F7-4B20-A5C7-994870B60F55}) (Version: 4.1.1.0 - Hercules)
HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version: 14.5 - HP)
HP Scanjet G3110 (HKLM\...\{6F0EFDE0-EFEB-41CA-9446-ACB7A942911E}) (Version: 14.5 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
hpg3110 (Version: 140.000.000.000 - Ihr Firmenname) Hidden
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Iso2God v1.3.6 (HKLM\...\{AB95979D-85EF-484A-9805-EB28E676E201}_is1) (Version:  - Team 360h)
iTunes (HKLM\...\{A9B3F8D5-DF4F-462B-81B7-4B69EBEDBC5B}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaCoder iPhone Edition 0.8.18 (HKLM\...\MediaCoder iPhone Edition) (Version: 0.8.18 - Broad Intelligence)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Lite (HKLM\...\Nero8Lite_is1) (Version: 8.3.13.0 - UpdatePack.nl)
Network Activity Indicator for Windows 7 (HKLM\...\NetworkIndicator_is1) (Version: 1.6 - IT Samples)
Norton Internet Security (HKLM\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
RoboForm 7-8-3-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-8-3-5 - Siber Systems)
Samsung AnyWeb Print (HKLM\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.75.0 - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver (HKLM\...\Samsung Universal Print Driver) (Version: 2.03.09.00 - Samsung Electronics Co., Ltd.)
Scan (Version: 14.0.1.0 - Hewlett-Packard) Hidden
SDFormatter (HKLM\...\{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}) (Version: 3.0.0 - SD Association)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Streamripper (Remove only) (HKLM\...\Streamripper) (Version:  - )
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
Trojan Killer (HKLM\...\GridinSoft Trojan Killer) (Version: 2.1.9.3 - Gridinsoft LLC)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WebReg (Version: 140.0.297.017 - Hewlett-Packard) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.552  - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xilisoft iPhone to PC Copy (HKLM\...\Xilisoft iPhone to PC Copy) (Version: 5.4.16.20130723 - Xilisoft)
XSBoxGO 1.0.0.0 (HKLM\...\XSBoxGO 1.0.0.0) (Version: 1.0.0.0 - )

==================== Restore Points  =========================

12-06-2014 18:46:42 Windows Update
13-06-2014 19:46:12 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2A3562A4-F3FC-4778-8B40-3461CB70F782} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {3D71B84A-021F-4C4B-9571-698EF7458135} - System32\Tasks\4478 => Wscript.exe C:\Users\Mom\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {4603B0C7-ADE0-4098-B27C-11431DD4A821} - System32\Tasks\Digital Sites => C:\Users\Mom\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {553FDA79-F529-45E3-93AC-F4F446FCD990} - System32\Tasks\DigitalSite => C:\Users\Mom\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {66F8BAC5-B0B0-4B9A-A800-C2D4D51F2497} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {68E9D0CE-2DE2-46B3-AB16-8A395A468181} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-01-22] (Siber Systems)
Task: {73AA706B-4A84-464C-A81E-F42C73EBBCEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3156063637-4183764843-1936028-1000UA => C:\Users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-25] (Google Inc.)
Task: {7BA90721-CA2D-400D-ACE2-23F0D73D1955} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {B2B31963-3648-4643-B2A8-CB81501986F1} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {CF2C49AF-A656-4C7D-852D-10AF562127AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)
Task: {D658BAAD-FEF3-46D9-8CDA-DBC2B2F57A31} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMHMLJJJKMOMGMKMOMCNHMMJIMJMCNLMNMOMNJCNOJLJMJIMCNOMPMKJGMLJMMNMNMPMPMLJHMJNJICMIMCNHMCNMMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMNMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMCLAJCJJNKJCMJNNICMJNDJCMLJKJ"
Task: {D98DCF16-2913-415E-8BC0-2B6D22BC23F9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3156063637-4183764843-1936028-1000Core => C:\Users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-25] (Google Inc.)
Task: {E579D501-E7FA-4C5A-BF4A-6527EDA34555} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Mom\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Mom\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3156063637-4183764843-1936028-1000Core.job => C:\Users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3156063637-4183764843-1936028-1000UA.job => C:\Users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-06-28 20:15 - 2012-08-18 11:31 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2013-01-27 14:31 - 2011-04-11 07:26 - 00024064 _____ () C:\Windows\System32\spd__l.dll
2011-06-21 08:42 - 2011-06-21 08:42 - 00024064 _____ () C:\Windows\System32\sst3cl3.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-22 14:06 - 2009-02-06 19:52 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2013-01-22 14:06 - 2009-07-10 10:07 - 00166912 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2009-04-10 19:29 - 2009-04-10 19:29 - 00037888 _____ () C:\Program Files\Winamp\winampa.exe
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2013-01-08 21:17 - 2013-01-08 21:17 - 00812544 _____ () F:\Iphone\ifunbox.win\ifb_conn.exe
2012-08-04 23:25 - 2012-06-26 06:13 - 20758016 _____ () F:\Iphone\ifunbox.win\libcef.dll
2014-05-01 23:30 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll
2013-01-27 12:50 - 2009-07-20 13:27 - 00017936 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2014-06-15 11:06 - 2014-06-15 11:06 - 00043008 _____ () c:\users\mom\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmbvb_m.dll
2014-06-06 22:18 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Mom\AppData\Roaming\Dropbox\bin\libcef.dll
2013-01-27 21:03 - 2011-10-31 15:31 - 00036864 ____R () C:\Program Files\Hercules\Classic Silver\WebCamKSProxyPlugin.ax
2014-06-14 22:19 - 2014-06-05 15:58 - 00716616 _____ () C:\Users\Mom\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-14 22:19 - 2014-06-05 15:58 - 00126280 _____ () C:\Users\Mom\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-14 22:19 - 2014-06-05 15:58 - 04217672 _____ () C:\Users\Mom\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-14 22:19 - 2014-06-05 15:58 - 00414536 _____ () C:\Users\Mom\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-14 22:19 - 2014-06-05 15:58 - 01732424 _____ () C:\Users\Mom\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-14 22:19 - 2014-06-05 15:58 - 14612296 _____ () C:\Users\Mom\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2014 11:06:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2014 11:06:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleIEDAV.exe, Version: 1.2.12.0, Zeitstempel: 0x52867716
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052d37
ID des fehlerhaften Prozesses: 0xfa0
Startzeit der fehlerhaften Anwendung: 0xAppleIEDAV.exe0
Pfad der fehlerhaften Anwendung: AppleIEDAV.exe1
Pfad des fehlerhaften Moduls: AppleIEDAV.exe2
Berichtskennung: AppleIEDAV.exe3

Error: (06/15/2014 00:06:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/15/2014 00:06:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/15/2014 00:05:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/14/2014 04:59:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/14/2014 04:58:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/14/2014 04:58:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/14/2014 11:54:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2014 11:54:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AppleIEDAV.exe, Version: 1.2.12.0, Zeitstempel: 0x52867716
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052d37
ID des fehlerhaften Prozesses: 0x6f0
Startzeit der fehlerhaften Anwendung: 0xAppleIEDAV.exe0
Pfad der fehlerhaften Anwendung: AppleIEDAV.exe1
Pfad des fehlerhaften Moduls: AppleIEDAV.exe2
Berichtskennung: AppleIEDAV.exe3


System errors:
=============
Error: (06/15/2014 11:05:29 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (06/15/2014 11:05:29 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (06/14/2014 11:53:16 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (06/14/2014 11:53:16 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (06/14/2014 11:51:17 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (06/14/2014 11:51:17 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (06/13/2014 05:06:16 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (06/13/2014 05:06:16 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (06/13/2014 05:06:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎13.‎06.‎2014 um 13:43:34 unerwartet heruntergefahren.

Error: (06/13/2014 01:17:52 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (06/15/2014 11:06:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2014 11:06:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AppleIEDAV.exe1.2.12.052867716ntdll.dll6.1.7601.18247521ea91cc000000500052d37fa001cf88790bf168eeC:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exeC:\Windows\SYSTEM32\ntdll.dll5ac44b50-f46c-11e3-a8e8-00248c592651

Error: (06/15/2014 00:06:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\RapidSolution\Audials 9\tbhsd\tools64\install.exe

Error: (06/15/2014 00:06:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\RapidSolution\Audials 9\tbhsd\tools64\uninstall.exe

Error: (06/15/2014 00:05:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\RapidSolution\Audials 9\tbhsd\tools64\cleanup.exe

Error: (06/14/2014 04:59:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\RapidSolution\Audials 9\tbhsd\tools64\install.exe

Error: (06/14/2014 04:58:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\RapidSolution\Audials 9\tbhsd\tools64\uninstall.exe

Error: (06/14/2014 04:58:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\RapidSolution\Audials 9\tbhsd\tools64\cleanup.exe

Error: (06/14/2014 11:54:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2014 11:54:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AppleIEDAV.exe1.2.12.052867716ntdll.dll6.1.7601.18247521ea91cc000000500052d376f001cf87b69133131fC:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exeC:\Windows\SYSTEM32\ntdll.dlldf196200-f3a9-11e3-90d9-00248c592651


==================== Memory info =========================== 

Percentage of memory in use: 60%
Total physical RAM: 3327.11 MB
Available physical RAM: 1330.82 MB
Total Pagefile: 6652.52 MB
Available Pagefile: 4385.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.97 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:68.36 GB) (Free:18.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:126.96 GB) (Free:93.22 GB) NTFS
Drive e: () (Fixed) (Total:195.31 GB) (Free:74.04 GB) NTFS
Drive f: () (Fixed) (Total:195.31 GB) (Free:53.08 GB) NTFS
Drive g: () (Fixed) (Total:195.31 GB) (Free:63.53 GB) NTFS
Drive h: () (Fixed) (Total:150.26 GB) (Free:54.89 GB) NTFS
Drive i: (DVD_VIDEO_RECORDER) (CDROM) (Total:4.02 GB) (Free:0 GB) UDF
Drive j: (Gemischt Simone) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: DBAFDBAF)
Partition 1: (Active) - (Size=68 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=863 GB) - (Type=OF Extended)

==================== End Of Log ============================
         

Dann habe ich Malwarebytes Anti-Malware benutzt.

mbam.txt

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 15.06.2014
Suchlauf-Zeit: 14:32:15
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.15.02
Rootkit Datenbank: v2014.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Mom

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 260877
Verstrichene Zeit: 18 Min, 0 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 2
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3156063637-4183764843-1936028-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [7e4030489be073c3d20b754b2ad8718f], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3156063637-4183764843-1936028-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [8c32e5939edd3006edfbc313d33058a8], 

Registrierungswerte: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3156063637-4183764843-1936028-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X2O1C0R2R1R, In Quarantäne, [8c32e5939edd3006edfbc313d33058a8]

Registrierungsdaten: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[01bd7efa344779bd5cce4e293ec67a86]

Ordner: 2
PUP.Optional.Updater, C:\Users\Mom\AppData\Roaming\DigitalSites\UpdateProc, In Quarantäne, [6d510d6bd7a4a69069bd437e0bf728d8], 
PUP.Optional.DigitalSite.A, C:\Users\Mom\AppData\Roaming\DigitalSite\UpdateProc, In Quarantäne, [12acb9bf07742115c7da7e454eb4b44c], 

Dateien: 14
PUP.Optional.DigitalSites.A, C:\Users\Mom\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe, In Quarantäne, [912d2d4b5f1cb2844f8a43f1d62bdc24], 
PUP.Optional.Superfish.A, C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, In Quarantäne, [cef04a2e55264fe7987875339b679b65], 
PUP.Optional.Superfish.A, C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [d3ebc5b3631894a227e9792f689a7987], 
PUP.Optional.Updater, C:\Users\Mom\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe, In Quarantäne, [6d510d6bd7a4a69069bd437e0bf728d8], 
PUP.Optional.Updater, C:\Users\Mom\AppData\Roaming\DigitalSites\UpdateProc\config.dat, In Quarantäne, [6d510d6bd7a4a69069bd437e0bf728d8], 
PUP.Optional.Updater, C:\Users\Mom\AppData\Roaming\DigitalSites\UpdateProc\info.dat, In Quarantäne, [6d510d6bd7a4a69069bd437e0bf728d8], 
PUP.Optional.Updater, C:\Users\Mom\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, In Quarantäne, [6d510d6bd7a4a69069bd437e0bf728d8], 
PUP.Optional.Updater, C:\Users\Mom\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, In Quarantäne, [6d510d6bd7a4a69069bd437e0bf728d8], 
PUP.Optional.DigitalSite.A, C:\Users\Mom\AppData\Roaming\DigitalSite\UpdateProc\config.dat, In Quarantäne, [12acb9bf07742115c7da7e454eb4b44c], 
PUP.Optional.DigitalSite.A, C:\Users\Mom\AppData\Roaming\DigitalSite\UpdateProc\info.dat, In Quarantäne, [12acb9bf07742115c7da7e454eb4b44c], 
PUP.Optional.DigitalSite.A, C:\Users\Mom\AppData\Roaming\DigitalSite\UpdateProc\prod.dat, In Quarantäne, [12acb9bf07742115c7da7e454eb4b44c], 
PUP.Optional.DigitalSite.A, C:\Users\Mom\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT, In Quarantäne, [12acb9bf07742115c7da7e454eb4b44c], 
PUP.Optional.DigitalSite.A, C:\Users\Mom\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT, In Quarantäne, [12acb9bf07742115c7da7e454eb4b44c], 
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot.exe, In Quarantäne, [cef02d4b99e2e4523ca57562838023dd], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Dann den AdwCleaner

AdwCleaner[S0].txt

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.212 - Bericht erstellt am 15/06/2014 um 15:23:03
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : Mom - MOM-PC
# Gestartet von : F:\Trojanher-soft\AdwCleaner 3.212\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files\MyPC Backup
Ordner Gelöscht : C:\Users\Mom\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Mom\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\Mom\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Mom\AppData\Roaming\software4u
Ordner Gelöscht : C:\Users\Mom\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\Tasks\Digital Sites.job
Datei Gelöscht : C:\Windows\System32\Tasks\Digital Sites
Datei Gelöscht : C:\Windows\Tasks\DigitalSite.job
Datei Gelöscht : C:\Windows\System32\Tasks\DigitalSite

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4603B0C7-ADE0-4098-B27C-11431DD4A821}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4603B0C7-ADE0-4098-B27C-11431DD4A821}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{553FDA79-F529-45E3-93AC-F4F446FCD990}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{553FDA79-F529-45E3-93AC-F4F446FCD990}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\Software\Speedchecker Limited
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Tarma Installer

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Google Chrome v

[ Datei : C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : mkcedibhemacmilmkpndpkoidlnmgngg

*************************

AdwCleaner[R0].txt - [3605 octets] - [15/06/2014 15:18:57]
AdwCleaner[S0].txt - [3246 octets] - [15/06/2014 15:23:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3306 octets] ##########
         

dann das Junkware Removal Tool

JRT.txt

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x86
Ran by Mom on 15.06.2014 at 15:40:41,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Mom\AppData\Roaming\thinstall"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.06.2014 at 15:44:47,25
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

und noch mal Farbar's Recovery Scan Tool

FRST-2.txt

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02
Ran by Mom (administrator) on MOM-PC on 15-06-2014 15:52:41
Running from F:\Trojanher-soft\Farbar Recovery Scan Tool
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files\Winamp\winampa.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(ITSamples.com) C:\Program Files\NetworkIndicator\NetworkIndicator.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() F:\Iphone\ifunbox.win\ifb_conn.exe
(Spotify Ltd) C:\Users\Mom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Dropbox, Inc.) C:\Users\Mom\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Google Inc.) C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Mom\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [P17RunE] => C:\Windows\system32\P17RunE.dll [14848 2008-03-28] (Creative Technology Ltd.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [37888 2009-04-10] ()
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109336 2013-01-22] (Siber Systems)
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [NetworkIndicator] => C:\Program Files\NetworkIndicator\NetworkIndicator.exe [344064 2010-10-25] (ITSamples.com)
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [iFunBoxConnector] => F:\Iphone\ifunbox.win\ifb_conn.exe [812544 2013-01-08] ()
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [Google Update] => C:\Users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-25] (Google Inc.)
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Run: [Spotify Web Helper] => C:\Users\Mom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-02] (Spotify Ltd)
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\MountPoints2: {c1b01022-70fa-11e2-9807-00248c592651} - L:\.\autorun.exe
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\MountPoints2: {c42abe1a-c128-11e2-a715-00248c592651} - L:\LaunchU3.exe -a
HKU\S-1-5-21-3156063637-4183764843-1936028-1000\...\MountPoints2: {cae506c6-648f-11e2-9e32-00248c592651} - K:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mom\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9C08BD7E9EF8CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.facebook.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=20.4.0.40
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Mom\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Mom\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF [2013-10-09]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ []

Chrome: 
=======
CHR HomePage: chrome://newtab
CHR StartupUrls: "hxxp://www.t-online.de/", "hxxp://www.facebook.de/", "hxxp://forum.gewinnspiele.com/", "hxxp://www.inselatelier.de/index.php/nicole-wenning-borkum/live-uebertragung-von-der-promenade", "hxxp://www.borkum.de/DE/insel/interaktiv/webcams.php"
CHR Extension: (Google Docs) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-05]
CHR Extension: (Google Drive) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-05]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-05-12]
CHR Extension: (YouTube) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-25]
CHR Extension: (Google-Suche) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-05]
CHR Extension: (Google Wallet) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-05]
CHR Extension: (Google Mail) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-05]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-01]

========================== Services (Whitelisted) =================

S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-01-22] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S2 KMService; C:\Windows\system32\srvany.exe [8192 2013-01-22] () [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [129536 2012-04-06] (Samsung Electronics) [File not signed]

==================== Drivers (Whitelisted) ====================

S3 athr; C:\Windows\System32\DRIVERS\athr.sys [1882624 2011-02-08] (Atheros Communications, Inc.) [File not signed]
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1405000.01C\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-11-06] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-11-06] (Symantec Corporation)
R3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [99968 2009-02-09] (Guillemot Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140613.001\IDSvix86.sys [395992 2014-03-26] (Symantec Corporation)
R3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [41752 2007-10-12] (Logitech Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140614.001\NAVENG.SYS [93272 2014-06-09] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140614.001\NAVEX15.SYS [1612376 2014-06-09] (Symantec Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2012-03-26] (Apple Inc.) [File not signed]
R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2014-06-15] (secr9tos) [File not signed]
R3 P17; C:\Windows\System32\drivers\P17.sys [1168896 2009-10-16] (Creative Technology Ltd.)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [490776 2007-10-12] (Logitech Inc.)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-08-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-08-20] (RapidSolution Software AG)
R3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10371072 2007-07-17] (Sonix Co. Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2013-01-22] () [File not signed]
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1405000.01C\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1405000.01C\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1405000.01C\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1405000.01C\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1405000.01C\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1405000.01C\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39016 2012-08-20] (RapidSolution Software AG)
S3 tmnsusbser; C:\Windows\System32\DRIVERS\tmnsusbser.sys [108160 2010-04-21] (Wireless Device)
S3 tmusbnet; C:\Windows\System32\DRIVERS\tmusbnet.sys [109568 2010-04-20] (QUALCOMM Incorporated)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16128 2013-10-11] (Windows (R) Win 7 DDK provider)
U3 ax8bwhf2; C:\Windows\system32\Drivers\ax8bwhf2.sys [0 ] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-15 15:44 - 2014-06-15 15:44 - 00000785 _____ () C:\Users\Mom\Desktop\JRT.txt
2014-06-15 15:32 - 2014-06-15 15:32 - 00000000 ____D () C:\Windows\ERUNT
2014-06-15 15:19 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-15 15:18 - 2014-06-15 15:24 - 00000000 ____D () C:\AdwCleaner
2014-06-15 13:50 - 2014-06-15 15:52 - 00000000 ____D () C:\FRST
2014-06-15 12:15 - 2014-06-15 14:59 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-15 12:15 - 2014-06-15 14:29 - 00001056 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-15 12:15 - 2014-06-15 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-15 12:15 - 2014-06-15 14:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-15 12:15 - 2014-06-15 12:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-15 12:15 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-15 12:15 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-15 12:15 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-13 17:43 - 2014-06-13 17:43 - 00000000 ____D () C:\Users\Mom\AppData\Local\Adobe
2014-06-13 13:23 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-13 13:23 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-13 13:23 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-13 13:23 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-13 13:23 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-13 13:23 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 18:18 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 18:18 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 18:18 - 2014-05-08 11:06 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 18:18 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 18:17 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 18:17 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 18:17 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 18:17 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 18:17 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 18:17 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 18:17 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 18:17 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 18:17 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 18:17 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 18:17 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 18:17 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 18:17 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 18:17 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 18:17 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 18:17 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 18:17 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 18:17 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 18:17 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 18:17 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 18:17 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 18:17 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 18:17 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 18:17 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 18:17 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 18:17 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 18:17 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 18:17 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 19:39 - 2014-06-15 15:40 - 00000000 ___RD () C:\Users\Mom\Dropbox
2014-06-10 19:39 - 2014-06-10 19:39 - 00001035 _____ () C:\Users\Mom\Desktop\Dropbox.lnk
2014-06-07 22:59 - 2014-06-07 22:59 - 00519525 _____ () C:\Users\Mom\Documents\ALG2-Berechnung_V2014-02-28.ods
2014-06-07 10:44 - 2014-06-07 10:49 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-06-06 22:19 - 2014-06-15 15:40 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\DropboxMaster
2014-06-06 22:18 - 2014-06-06 22:18 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-06 22:14 - 2014-06-15 15:40 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Dropbox
2014-06-05 21:38 - 2014-06-05 21:38 - 00630272 _____ () C:\Users\Mom\Documents\sap_work_einkaufsvorgang_beispiel_45B_01.ppt
2014-06-05 21:37 - 2014-06-05 21:37 - 00223232 _____ () C:\Users\Mom\Documents\sap_work_demsystem_einstellungen_01.ppt
2014-06-04 20:10 - 2014-06-04 20:10 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieUserList
2014-06-04 20:10 - 2014-06-04 20:10 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieSiteList
2014-06-03 17:58 - 2014-06-03 17:58 - 00000622 _____ () C:\Users\Mom\Desktop\WBS - Verknüpfung.lnk
2014-05-28 20:45 - 2014-05-28 20:45 - 32087148 _____ () C:\Users\Mom\Downloads\sample.avi
2014-05-28 16:20 - 2014-05-28 16:20 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-28 16:20 - 2014-05-28 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-28 16:18 - 2014-05-28 16:20 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-28 16:18 - 2014-05-28 16:20 - 00000000 ____D () C:\Program Files\iTunes
2014-05-28 16:18 - 2014-05-28 16:18 - 00000000 ____D () C:\Program Files\iPod
2014-05-24 10:15 - 2014-05-24 10:15 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-24 10:15 - 2014-05-24 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-24 10:15 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-24 10:15 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-24 10:15 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-24 10:15 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-21 22:03 - 2014-05-21 22:06 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\.oit
2014-05-21 21:53 - 2014-05-21 22:19 - 00000000 ____D () C:\Program Files\Kroll Ontrack
2014-05-20 14:10 - 2013-05-17 13:43 - 00000000 ____D () C:\Users\Mom\Documents\Horst Lichter – Grossmutters geheime Rezepte
2014-05-20 14:08 - 2014-05-20 14:09 - 51747050 _____ () C:\Users\Mom\Documents\Yls52f5f.rar
2014-05-20 14:04 - 2014-05-20 14:04 - 00001299 _____ () C:\Users\Mom\Documents\20140520-1016450072-umsMT940.txt
2014-05-20 14:02 - 2014-05-20 14:02 - 00001341 _____ () C:\Users\Mom\Documents\20140520-1016450072-umsatz.csv

==================== One Month Modified Files and Folders =======

2014-06-15 15:53 - 2013-01-22 14:02 - 00000000 ____D () C:\Users\Mom\AppData\Local\Temp
2014-06-15 15:52 - 2014-06-15 13:50 - 00000000 ____D () C:\FRST
2014-06-15 15:52 - 2013-07-04 10:14 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-15 15:47 - 2009-07-14 06:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-15 15:47 - 2009-07-14 06:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-15 15:44 - 2014-06-15 15:44 - 00000785 _____ () C:\Users\Mom\Desktop\JRT.txt
2014-06-15 15:40 - 2014-06-10 19:39 - 00000000 ___RD () C:\Users\Mom\Dropbox
2014-06-15 15:40 - 2014-06-06 22:19 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\DropboxMaster
2014-06-15 15:40 - 2014-06-06 22:14 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Dropbox
2014-06-15 15:39 - 2013-07-04 10:14 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-15 15:39 - 2013-01-22 14:00 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys
2014-06-15 15:39 - 2011-05-12 13:53 - 00097806 _____ () C:\Windows\setupact.log
2014-06-15 15:39 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-15 15:38 - 2013-01-22 13:49 - 01512192 _____ () C:\Windows\WindowsUpdate.log
2014-06-15 15:32 - 2014-06-15 15:32 - 00000000 ____D () C:\Windows\ERUNT
2014-06-15 15:28 - 2010-11-20 23:48 - 00119566 _____ () C:\Windows\PFRO.log
2014-06-15 15:24 - 2014-06-15 15:18 - 00000000 ____D () C:\AdwCleaner
2014-06-15 15:23 - 2013-05-25 15:18 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-15 15:23 - 2013-01-22 14:03 - 00001140 _____ () C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-15 15:12 - 2013-05-25 15:17 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3156063637-4183764843-1936028-1000UA.job
2014-06-15 15:00 - 2010-11-20 23:01 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-15 14:59 - 2014-06-15 12:15 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-15 14:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Web
2014-06-15 14:29 - 2014-06-15 12:15 - 00001056 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-15 14:29 - 2014-06-15 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-15 14:29 - 2014-06-15 12:15 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-15 12:15 - 2014-06-15 12:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-15 00:12 - 2013-11-04 16:12 - 00000035 _____ () C:\Users\Mom\AppData\Roaming\WB.CFG
2014-06-14 22:19 - 2013-05-25 15:18 - 00002340 _____ () C:\Users\Mom\Desktop\Google Chrome.lnk
2014-06-14 19:46 - 2013-02-15 00:23 - 00000000 ____D () C:\Users\Mom\AppData\Local\625937AE-53AE-441E-8760-7DD1A270DE96.aplzod
2014-06-13 17:43 - 2014-06-13 17:43 - 00000000 ____D () C:\Users\Mom\AppData\Local\Adobe
2014-06-13 17:11 - 2013-01-26 21:35 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-13 17:11 - 2013-01-26 21:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-13 08:12 - 2013-05-25 15:17 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3156063637-4183764843-1936028-1000Core.job
2014-06-12 21:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-12 20:52 - 2014-05-06 22:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-10 19:39 - 2014-06-10 19:39 - 00001035 _____ () C:\Users\Mom\Desktop\Dropbox.lnk
2014-06-10 19:39 - 2013-01-22 14:02 - 00000000 ____D () C:\Users\Mom
2014-06-08 13:51 - 2013-01-30 08:55 - 00000000 ____D () C:\Users\Mom\Documents\Eigene Scans
2014-06-08 10:48 - 2014-06-12 18:18 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-12 18:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 22:59 - 2014-06-07 22:59 - 00519525 _____ () C:\Users\Mom\Documents\ALG2-Berechnung_V2014-02-28.ods
2014-06-07 10:49 - 2014-06-07 10:44 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-06-06 22:18 - 2014-06-06 22:18 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-05 21:38 - 2014-06-05 21:38 - 00630272 _____ () C:\Users\Mom\Documents\sap_work_einkaufsvorgang_beispiel_45B_01.ppt
2014-06-05 21:37 - 2014-06-05 21:37 - 00223232 _____ () C:\Users\Mom\Documents\sap_work_demsystem_einstellungen_01.ppt
2014-06-04 20:10 - 2014-06-04 20:10 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieUserList
2014-06-04 20:10 - 2014-06-04 20:10 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieSiteList
2014-06-03 17:58 - 2014-06-03 17:58 - 00000622 _____ () C:\Users\Mom\Desktop\WBS - Verknüpfung.lnk
2014-06-01 19:56 - 2013-01-22 20:48 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\vlc
2014-05-30 11:18 - 2014-06-12 18:17 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 11:02 - 2014-06-12 18:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 11:02 - 2014-06-12 18:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 10:44 - 2014-06-12 18:17 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 10:43 - 2014-06-12 18:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 10:42 - 2014-06-12 18:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 18:17 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 10:34 - 2014-06-12 18:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 18:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 10:30 - 2014-06-12 18:17 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 10:28 - 2014-06-12 18:17 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 10:28 - 2014-06-12 18:17 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 10:27 - 2014-06-12 18:17 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 10:21 - 2014-06-12 18:17 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 10:16 - 2014-06-12 18:17 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 18:17 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 18:17 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:04 - 2014-06-12 18:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 18:17 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 09:57 - 2014-06-12 18:17 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 09:56 - 2014-06-12 18:17 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 09:54 - 2014-06-12 18:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 18:17 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 18:17 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 09:40 - 2014-06-12 18:17 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:21 - 2014-06-12 18:17 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:15 - 2014-06-12 18:17 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:13 - 2014-06-12 18:17 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-28 20:45 - 2014-05-28 20:45 - 32087148 _____ () C:\Users\Mom\Downloads\sample.avi
2014-05-28 16:27 - 2013-01-26 11:56 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Winamp
2014-05-28 16:20 - 2014-05-28 16:20 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-28 16:20 - 2014-05-28 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-28 16:20 - 2014-05-28 16:18 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-28 16:20 - 2014-05-28 16:18 - 00000000 ____D () C:\Program Files\iTunes
2014-05-28 16:18 - 2014-05-28 16:18 - 00000000 ____D () C:\Program Files\iPod
2014-05-28 16:18 - 2013-02-15 00:11 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-27 10:09 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-24 10:16 - 2013-10-18 08:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-24 10:15 - 2014-05-24 10:15 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-24 10:15 - 2014-05-24 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-24 10:15 - 2013-10-18 08:44 - 00000000 ____D () C:\Program Files\Java
2014-05-21 22:19 - 2014-05-21 21:53 - 00000000 ____D () C:\Program Files\Kroll Ontrack
2014-05-21 22:19 - 2013-01-22 14:08 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-21 22:06 - 2014-05-21 22:03 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\.oit
2014-05-21 21:52 - 2013-01-22 14:08 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-05-20 14:09 - 2014-05-20 14:08 - 51747050 _____ () C:\Users\Mom\Documents\Yls52f5f.rar
2014-05-20 14:04 - 2014-05-20 14:04 - 00001299 _____ () C:\Users\Mom\Documents\20140520-1016450072-umsMT940.txt
2014-05-20 14:02 - 2014-05-20 14:02 - 00001341 _____ () C:\Users\Mom\Documents\20140520-1016450072-umsatz.csv
2014-05-16 10:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 09:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE

Some content of TEMP:
====================
C:\Users\Mom\AppData\Local\Temp\7-zip.dll
C:\Users\Mom\AppData\Local\Temp\7z.dll
C:\Users\Mom\AppData\Local\Temp\7z.exe
C:\Users\Mom\AppData\Local\Temp\amazonicon_v3.exe
C:\Users\Mom\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Mom\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Mom\AppData\Local\Temp\AskSLib.dll
C:\Users\Mom\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mom\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe11o_p.dll
C:\Users\Mom\AppData\Local\Temp\Installation.exe
C:\Users\Mom\AppData\Local\Temp\Install_CopyTrans_Suite.exe
C:\Users\Mom\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Mom\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Mom\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Mom\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Mom\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Mom\AppData\Local\Temp\ose00000.exe
C:\Users\Mom\AppData\Local\Temp\Quarantine.exe
C:\Users\Mom\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Mom\AppData\Local\Temp\sdapskill.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 08:10

==================== End Of Log ============================
         

so... nun bin ich mir nicht sicher ob das jetzt weg ist.

Muss ich nun den ESET Online Scanner und den SecurityCheck auch noch?
wäre schön wenn mir jemand helfen könnte.

LG
Enomis21

hi,

ja lass noch ESET laufen