Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Awesomehp.com noch da (https://www.trojaner-board.de/149591-awesomehp-com-noch.html)

klempner 10.02.2014 20:22
Awesomehp.com noch da
 
Hallo ,habe mir diesen kleinen aufgefangen ,wo auch immer

Habe die meisten Ratschläge schon befolgt .
Logs sind vorhanden und können nachgereicht werden .

Schritt 1 : Farbar's Recovery Scan Tool
Schritt 2 : adwcleaner.exe
Schritt 3 : Junkware Removal Tool
Schritt 4 : Shortcut Cleaner
Schritt 5 : ESET Online Scanner
Schritt 6 : SecurityCheck
Schritt 7 : Malwarebytes Anti-Malware
Schritt 8 : SystemLook

So das wars erst mal

schrauber 10.02.2014 20:39
Hi,

einfach mal frische FRST logs posten, nach all den Scans.

klempner 10.02.2014 21:20
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014
Ran by Family (ATTENTION: The logged in user is not administrator) on ARBEITSZIMMER on 10-02-2014 21:15:39
Running from D:\Download
Windows 8.1 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(1&1 Mail & Media GmbH) D:\WEB.de\DAVSRV.EXE
(1&1 Mail & Media GmbH) C:\Users\Family\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe
(1&1 Internet AG) D:\WEB.de\1&1\DAVSRV.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Samsung) D:\Allgemein\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wwahost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Microsoft Corporation) C:\WINDOWS\system32\wwahost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [SaiVolume] - C:\Program Files\Saitek\VolumeTracker\SaiVolume.exe [152064 2012-10-15] (Saitek)
HKLM\...\Run: [ProfilerU] - C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-01-31] (Saitek)
HKLM\...\Run: [SaiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-01-31] (Saitek)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-11-05] (LogMeIn, Inc.)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [CLMLServer] - D:\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] - D:\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78312 2012-05-09] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] - D:\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [223096 2012-04-17] (CyberLink Corp.)
HKLM-x32\...\Run: [KiesTrayAgent] - D:\Allgemein\Kies\KiesTrayAgent.exe [311616 2014-02-03] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Seagate Dashboard] - C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79776 2012-10-15] ()
HKLM-x32\...\Run: [PivotSoftware] - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe [694824 2009-03-03] ()
HKLM-x32\...\Run: [DT HPC] - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [123688 2013-01-10] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2857319702-4218976633-708639541-1004\...\Run: [WEB.DE_WEB.DE SmartDrive Manager] - D:\WEB.de\DAVSRV.EXE [1259624 2011-11-21] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-2857319702-4218976633-708639541-1004\...\Run: [] - D:\Allgemein\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-03] (Samsung)
HKU\S-1-5-21-2857319702-4218976633-708639541-1004\...\Run: [Kiespreload] - D:\Allgemein\Kies\Kies.exe [1564992 2014-02-03] (Samsung)
HKU\S-1-5-21-2857319702-4218976633-708639541-1004\...\Run: [KiesAirMessage] - D:\Allgemein\Kies\KiesAirMessage.exe [578560 2014-01-23] (Samsung Electronics)
HKU\S-1-5-21-2857319702-4218976633-708639541-1004\...\Run: [Cloudfogger] - C:\Program Files\Cloudfogger\Cloudfogger.exe [7173456 2013-02-25] (Cloudfogger GmbH)
HKU\S-1-5-21-2857319702-4218976633-708639541-1004\...\Run: [WEB.DE Application {sync-000021}] - C:\Users\Family\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe [875008 2013-09-13] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-2857319702-4218976633-708639541-1004\...\Run: [1&1_1&1 Upload-Manager] - D:\WEB.de\1&1\DAVSRV.EXE [989264 2011-11-21] (1&1 Internet AG)
HKU\S-1-5-21-2857319702-4218976633-708639541-1004\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2857319702-4218976633-708639541-1004\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2857319702-4218976633-708639541-1004\...\Run: [KiesPDLR.exe] - D:\Allgemein\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-03] (Samsung)
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD155375ADAD9CD01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391961579&from=amt&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC823964&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391961579&from=amt&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC823964&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391961579&from=amt&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC823964
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391961579&from=amt&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC823964
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391961579&from=amt&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC823964&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Allgemein\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: FRITZ!Box Addon BHO - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Program Files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Allgemein\Java\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: 54.204.28.26        ajakpekbmnkgnjbpajgkdhimcbeoocam
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\tdfcespa.default-1391984148097
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - D:\Allgemein\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - D:\Allgemein\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\tdfcespa.default-1391984148097\searchplugins\safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: NoScript - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\tdfcespa.default-1391984148097\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-10]
FF Extension: Adblock Plus - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\tdfcespa.default-1391984148097\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-24]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Extension: (Savings Wizard) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajakpekbmnkgnjbpajgkdhimcbeoocam [2014-02-09]
CHR Extension: (Google Docs) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-09]
CHR Extension: (Google Drive) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-09]
CHR Extension: (YouTube) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-09]
CHR Extension: (Google-Suche) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-09]
CHR Extension: (Norton Identity Protection) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-02-09]
CHR Extension: (Google Wallet) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-09]
CHR Extension: (Google Mail) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-09]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-28]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AVMPowerlineService; C:\Program Files (x86)\FRITZ!Powerline\PowerlineService.exe [126976 2013-11-27] (AVM GmbH)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [140072 2013-01-10] (Portrait Displays, Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-01-28] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-01-28] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-11-05] (LogMeIn, Inc.)
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-05] (Symantec Corporation)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 [verify-U]; C:\Program Files (x86)\[verify-U] AVS\[verify-U]-Service.exe [143360 2008-01-28] ()

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-24] (Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-21] (Symantec Corporation)
R1 CBFilterFS; C:\Windows\system32\drivers\cbfltfs.sys [148312 2013-01-07] (EldoS Corporation)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352520 2012-12-04] (EldoS Corporation)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-24] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140207.001\IDSvia64.sys [521944 2014-01-23] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [44992 2012-02-09] ()
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-11-05] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140210.001\ENG64.SYS [126040 2014-01-24] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140210.001\EX64.SYS [2099288 2014-01-24] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 SaiK0728; C:\Windows\system32\DRIVERS\SaiK0728.sys [180584 2012-12-05] (Saitek)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [25120 2013-02-01] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52640 2013-02-01] (Saitek)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [199752 2011-11-21] (1&1 Internet AG)
R1 uiwbrdr; C:\Windows\System32\DRIVERS\uiwbrdr.sys [199752 2011-11-21] (1&1 Mail & Media GmbH)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]
S3 NTIOLib_FastBoot; \??\C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [X]
S3 NTIOLib_MSISMB_CC; \??\D:\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-09 22:01 - 2014-02-10 20:04 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-09 21:59 - 2014-02-09 22:00 - 00000000 ____D () C:\AdwCleaner
2014-02-09 21:40 - 2014-02-09 21:40 - 00000000 ____D () C:\Program Files (x86)\FRITZ!Box
2014-02-09 20:48 - 2014-02-09 20:48 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Malwarebytes
2014-02-09 20:40 - 2014-02-09 20:40 - 00000000 ____D () C:\Users\klemp_000\AppData\Roaming\Malwarebytes
2014-02-09 20:39 - 2014-02-09 20:39 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-09 20:39 - 2014-02-09 20:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 20:39 - 2014-02-09 20:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-09 20:39 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-09 18:49 - 2014-02-09 18:49 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-09 18:37 - 2014-02-10 21:15 - 00000000 ____D () C:\FRST
2014-02-09 17:44 - 2014-02-10 17:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-09 17:44 - 2014-02-09 18:14 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-09 17:44 - 2014-02-09 17:44 - 00001391 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-09 17:44 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-02-09 17:35 - 2014-02-09 17:35 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\stflt.sys
2014-02-09 17:00 - 2014-02-09 17:03 - 00000000 ____D () C:\ProgramData\WPM
2014-02-09 17:00 - 2014-02-09 17:00 - 00000000 ____D () C:\Users\klemp_000\.android
2014-02-09 17:00 - 2014-02-09 17:00 - 00000000 _____ () C:\Users\Family\daemonprocess.txt
2014-02-08 21:00 - 2014-02-08 21:00 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-02-08 20:59 - 2014-02-08 20:59 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-02-07 12:04 - 2014-02-07 12:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-07 12:03 - 2014-02-07 12:03 - 00006597 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-07 12:03 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-02-07 12:03 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-02-07 12:03 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-02-07 12:03 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-02-07 11:57 - 2014-02-07 11:57 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-02-07 11:57 - 2014-02-07 11:57 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-02-07 11:57 - 2014-02-07 11:57 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-02-07 11:57 - 2014-02-07 11:57 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-02-05 21:43 - 2014-02-09 16:15 - 00501737 _____ () C:\Users\Family\Documents\Anno-Rechner.DE - v2.2.1.2464.xlsx
2014-02-04 17:49 - 2014-02-04 17:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-03 21:31 - 2014-02-03 21:31 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-01-25 13:12 - 2014-01-25 13:12 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-25 13:12 - 2014-01-25 13:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-25 13:12 - 2014-01-25 13:12 - 00000000 ____D () C:\Program Files\iTunes
2014-01-25 13:12 - 2014-01-25 13:12 - 00000000 ____D () C:\Program Files\iPod
2014-01-25 13:12 - 2014-01-25 13:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-24 21:20 - 2014-01-24 21:21 - 00001322 _____ () C:\Users\Family\Desktop\Norton-Installationsdateien.lnk
2014-01-24 17:27 - 2014-01-24 17:27 - 00000000 ____D () C:\Users\Family\AppData\Local\Apps\2.0
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2014-01-19 15:17 - 2014-02-09 22:10 - 00075776 ___SH () C:\Users\Family\Desktop\Thumbs.db
2014-01-17 09:38 - 2014-01-17 09:38 - 00000000 ____D () C:\ProgramData\McAfee
2014-01-14 19:06 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-14 19:06 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-14 19:06 - 2013-11-27 11:34 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-14 19:06 - 2013-11-27 10:54 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-14 19:06 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-14 19:06 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-14 19:06 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-14 19:06 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-14 19:06 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-14 19:06 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-14 19:05 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-12 11:39 - 2014-01-12 11:39 - 00000000 ____D () C:\Users\Family\AppData\Roaming\WinRAR
2014-01-12 11:38 - 2014-01-12 11:38 - 00000000 ____D () C:\Program Files\WinRAR
2014-01-11 14:25 - 2014-02-10 18:21 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-01-11 14:25 - 2014-01-28 17:22 - 00107368 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2014-01-11 14:25 - 2014-01-28 17:22 - 00092488 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2014-01-11 14:25 - 2014-01-28 17:22 - 00035656 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2014-01-11 14:25 - 2014-01-28 17:22 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-01-11 14:25 - 2014-01-11 14:25 - 00001024 _____ () C:\.rnd
2014-01-11 14:25 - 2014-01-11 14:25 - 00000000 ____D () C:\Users\Family\AppData\Local\LogMeIn
2014-01-11 14:25 - 2013-12-10 15:15 - 00107368 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll.000.bak
2014-01-11 14:25 - 2013-11-05 16:45 - 00072216 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\LMIRfsDriver.sys

==================== One Month Modified Files and Folders =======

2014-02-10 21:15 - 2014-02-09 18:37 - 00000000 ____D () C:\FRST
2014-02-10 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-10 20:37 - 2013-12-24 14:38 - 01123493 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-10 20:04 - 2014-02-09 22:01 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-10 20:04 - 2013-10-17 16:44 - 00000000 __RDO () C:\Users\klemp_000\SkyDrive
2014-02-10 20:04 - 2013-09-11 15:27 - 00000000 ____D () C:\Users\klemp_000\AppData\Roaming\Cloudfogger
2014-02-10 18:21 - 2014-01-11 14:25 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-02-10 17:46 - 2014-02-09 17:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-09 23:23 - 2013-09-30 05:14 - 01785582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-09 23:23 - 2013-09-30 04:58 - 00767850 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-09 23:23 - 2013-09-30 04:58 - 00160170 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-09 23:16 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-09 23:12 - 2013-03-30 16:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-09 22:10 - 2014-01-19 15:17 - 00075776 ___SH () C:\Users\Family\Desktop\Thumbs.db
2014-02-09 22:00 - 2014-02-09 21:59 - 00000000 ____D () C:\AdwCleaner
2014-02-09 21:44 - 2013-02-05 21:33 - 00000000 ____D () C:\Users\Family\AppData\Local\CrashDumps
2014-02-09 21:40 - 2014-02-09 21:40 - 00000000 ____D () C:\Program Files (x86)\FRITZ!Box
2014-02-09 20:48 - 2014-02-09 20:48 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Malwarebytes
2014-02-09 20:40 - 2014-02-09 20:40 - 00000000 ____D () C:\Users\klemp_000\AppData\Roaming\Malwarebytes
2014-02-09 20:39 - 2014-02-09 20:39 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-09 20:39 - 2014-02-09 20:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 20:39 - 2014-02-09 20:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-09 19:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-09 18:56 - 2013-08-10 17:26 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-09 18:49 - 2014-02-09 18:49 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-09 18:14 - 2014-02-09 17:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-09 17:44 - 2014-02-09 17:44 - 00001391 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-09 17:35 - 2014-02-09 17:35 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\stflt.sys
2014-02-09 17:03 - 2014-02-09 17:00 - 00000000 ____D () C:\ProgramData\WPM
2014-02-09 17:00 - 2014-02-09 17:00 - 00000000 ____D () C:\Users\klemp_000\.android
2014-02-09 17:00 - 2014-02-09 17:00 - 00000000 _____ () C:\Users\Family\daemonprocess.txt
2014-02-09 17:00 - 2013-10-17 17:00 - 00001068 __RSH () C:\ProgramData\ntuser.pol
2014-02-09 17:00 - 2013-10-17 14:45 - 00000000 ____D () C:\Users\klemp_000
2014-02-09 17:00 - 2013-10-17 14:45 - 00000000 ____D () C:\Users\Family
2014-02-09 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-02-09 16:15 - 2014-02-05 21:43 - 00501737 _____ () C:\Users\Family\Documents\Anno-Rechner.DE - v2.2.1.2464.xlsx
2014-02-08 21:02 - 2013-03-18 17:36 - 00000717 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-02-08 21:00 - 2014-02-08 21:00 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-02-08 20:59 - 2014-02-08 20:59 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-02-08 20:59 - 2013-03-18 17:36 - 00000000 ____D () C:\Users\Family\AppData\Roaming\Samsung
2014-02-07 12:04 - 2014-02-07 12:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-07 12:03 - 2014-02-07 12:03 - 00006597 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-07 11:59 - 2013-08-22 15:44 - 00427144 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-07 11:59 - 2013-02-01 22:14 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-07 11:59 - 2013-01-30 23:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-07 11:57 - 2014-02-07 11:57 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-02-07 11:57 - 2014-02-07 11:57 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-02-07 11:57 - 2014-02-07 11:57 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-02-07 11:57 - 2014-02-07 11:57 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-02-05 21:42 - 2013-02-01 20:57 - 00000000 ____D () C:\Users\Family\AppData\Local\Packages
2014-02-04 17:49 - 2014-02-04 17:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-03 21:31 - 2014-02-03 21:31 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-02-02 17:08 - 2013-11-17 16:29 - 00000565 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-02 17:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-02 17:04 - 2013-02-01 18:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-02 17:04 - 2012-07-26 06:26 - 00000076 _____ () C:\WINDOWS\win.ini
2014-02-02 17:02 - 2013-09-20 12:01 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-02 16:53 - 2013-02-01 20:04 - 00000000 ____D () C:\Users\Family\AppData\Local\Microsoft Help
2014-02-02 16:09 - 2013-12-06 20:28 - 00000000 ____D () C:\Users\Family\AppData\Local\DE660BF9-BC94-4AA2-A41D-DD112DE2F0DC.aplzod
2014-01-31 19:25 - 2012-11-15 20:31 - 00000000 ____D () C:\Users\Family\Desktop\Eric
2014-01-30 21:47 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-30 21:47 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-29 11:13 - 2013-03-06 21:02 - 00000000 ____D () C:\Users\Family\AppData\Roaming\HpUpdate
2014-01-29 09:03 - 2013-05-26 18:06 - 00072192 ___SH () C:\Users\Family\Documents\Thumbs.db
2014-01-28 17:22 - 2014-01-11 14:25 - 00107368 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2014-01-28 17:22 - 2014-01-11 14:25 - 00092488 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2014-01-28 17:22 - 2014-01-11 14:25 - 00035656 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2014-01-28 17:22 - 2014-01-11 14:25 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-01-27 17:30 - 2013-10-24 19:20 - 00000000 ____D () C:\Users\Family\WEB.DE Online-Speicher
2014-01-25 13:12 - 2014-01-25 13:12 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-25 13:12 - 2014-01-25 13:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-25 13:12 - 2014-01-25 13:12 - 00000000 ____D () C:\Program Files\iTunes
2014-01-25 13:12 - 2014-01-25 13:12 - 00000000 ____D () C:\Program Files\iPod
2014-01-25 13:12 - 2014-01-25 13:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-25 13:12 - 2013-12-18 17:16 - 00000000 ____D () C:\Users\klemp_000\AppData\Roaming\Apple Computer
2014-01-25 13:11 - 2013-07-31 21:19 - 00000000 ____D () C:\ProgramData\Apple
2014-01-25 13:00 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-01-24 21:34 - 2013-12-19 20:25 - 00002521 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-01-24 21:34 - 2013-12-19 20:24 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64
2014-01-24 21:34 - 2013-02-01 22:30 - 00000000 ____D () C:\ProgramData\Norton
2014-01-24 21:25 - 2013-12-19 20:25 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-01-24 21:25 - 2013-12-19 20:25 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-01-24 21:25 - 2013-12-19 20:24 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-01-24 21:21 - 2014-01-24 21:20 - 00001322 _____ () C:\Users\Family\Desktop\Norton-Installationsdateien.lnk
2014-01-24 21:20 - 2013-03-23 14:05 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-01-24 17:27 - 2014-01-24 17:27 - 00000000 ____D () C:\Users\Family\AppData\Local\Apps\2.0
2014-01-22 22:55 - 2013-02-01 20:09 - 00000000 ____D () C:\Steam
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2014-01-17 09:38 - 2014-01-17 09:38 - 00000000 ____D () C:\ProgramData\McAfee
2014-01-14 23:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-14 23:41 - 2013-08-14 16:42 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-14 23:40 - 2013-01-30 23:40 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-12 11:39 - 2014-01-12 11:39 - 00000000 ____D () C:\Users\Family\AppData\Roaming\WinRAR
2014-01-12 11:38 - 2014-01-12 11:38 - 00000000 ____D () C:\Program Files\WinRAR
2014-01-11 14:25 - 2014-01-11 14:25 - 00001024 _____ () C:\.rnd
2014-01-11 14:25 - 2014-01-11 14:25 - 00000000 ____D () C:\Users\Family\AppData\Local\LogMeIn

Files to move or delete:
====================
C:\ProgramData\SMRResults311.dat


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---
Danke schon mal für die Hilfe
--- --- ---

schrauber 11.02.2014 17:51
FRST bitte als Admin ausführen.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391961579&from=amt&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC823964&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391961579&from=amt&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC823964&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391961579&from=amt&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC823964
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391961579&from=amt&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC823964
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391961579&from=amt&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC823964&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
Hosts: 54.204.28.26        ajakpekbmnkgnjbpajgkdhimcbeoocam
2014-02-09 22:01 - 2014-02-10 20:04 - 00000000 ____D () C:\ProgramData\boost_interprocess

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


klempner 11.02.2014 18:20
Bitte der Log
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-02-2014 01
Ran by klemp_000 at 2014-02-11 18:18:35 Run:1
Running from D:\Download
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391961579&from=amt&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC823964&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391961579&from=amt&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC823964&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391961579&from=amt&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC823964
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391961579&from=amt&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC823964
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391961579&from=amt&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC823964&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
Hosts: 54.204.28.26        ajakpekbmnkgnjbpajgkdhimcbeoocam
2014-02-09 22:01 - 2014-02-10 20:04 - 00000000 ____D () C:\ProgramData\boost_interprocess
*****************

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
C:\ProgramData\boost_interprocess => Moved successfully.

==== End of Fixlog ====

schrauber 12.02.2014 17:45
alles gut? :)

klempner 12.02.2014 17:58
Der ist anscheinend weg ;)

Dann habe ich im Chrom ,noch den Bruder Savings Wizard

Durch Unternehmensrichtlinie installiert .

siehe auch hxxp://www.trojaner-board.de/149003-problem-savings-wizard-awesomehp-lassen-entfernen.html

schrauber 13.02.2014 21:14
Hast Du dafür jetzt nen eigenen Thread eröffnet? ISt der schon in Arbeit?

schrauber 13.02.2014 21:15
Achnee, ist nur ein gleicher Thread oder? Deinstallieren Chrome mal komplett, behalte keine Daten, installiere ihn neu.

klempner 13.02.2014 21:41
Komplett deinstalliert ,mit CC-Cleaner rüber ,
neu gestartet 1 Tag später neu installiert und er ist immer noch da .
Was kann man noch machen ?

Zur Zeit habe ich den Chrome noch nicht wieder installiert .

schrauber 14.02.2014 16:01
Häh?

Zitat:
1 Tag später neu installiert und er ist immer noch da .
Zitat:
Zur Zeit habe ich den Chrome noch nicht wieder installiert .
Versteh ich nit, sorry.

klempner 14.02.2014 16:36
Zitat:
Zitat von schrauber (Beitrag 1252689)
Häh?



Versteh ich nit, sorry.

Also der chrome ist jetzt nicht installaliert ,aus der Registry Google versucht zu löschen .
Teilweiser Erfolg Google Updater läßt sich nicht überzeugen zu verschwinden

schrauber 15.02.2014 15:37
Hier geht es doch um Awesomehp bzw jetzt um

Zitat:
Dann habe ich im Chrom ,noch den Bruder Savings Wizard

Durch Unternehmensrichtlinie installiert .
aber:

Zitat:
Also der chrome ist jetzt nicht installaliert
Sorry, ich kann dir nicht mehr folgen.

Was genau ist jetzt noch an Problemen auf dem System? Was genau? Und wenn da was ist, wo hast Du das? Bite nit abschweifen zu irgend nem andern Zeugs wie Google Update Registry lässt sich nicht löschen (Das lese ich jetzt das erste Mal).

Kurze, schnelle Sätze, Fakten. Mit dem Rest kann ich nix anfangen, sorry. Ich sitze nit vor der Kiste.

klempner 15.02.2014 16:07
Thema kann geschlossen werden ,sorry .
Problem Awesomehp ist weg ,Savings Wizard ist weg.

Alle glücklich .

Habe eben Google Chrom installaliert alles sauber .Hatte gestern die registry bearbeitet .

schrauber 16.02.2014 07:33
ok :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131