Jump to content

Recommended Posts

Hi,

since a few days all my browser are really slow without any obvious reason (CPU-Load etc.).

I used malwarebytes which resolved some issues but that didn't fix the problem.

When I run Hijackthis it tells me that I have "O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll"

Please find attached the Hijackthis log and the FRST log,

any help would be greatly appreciated.

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:26-11-2015
durchgeführt von Admin (Administrator) auf NIELSH (27-11-2015 10:06:16)
Gestartet von C:\Users\Admin\Desktop
Geladene Profile: Admin (Verfügbare Profile: Niels & Admin & Gast)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\nis.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\nis.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-08-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-03-13] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-03-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-10-24] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Atheros Communications)
HKU\S-1-5-21-796861960-4226784817-673387836-1005\...\Run: [Pokki] => C:\Users\Admin\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe [9275720 2014-11-14] (Pokki)
HKU\S-1-5-21-796861960-4226784817-673387836-1005\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2901584 2015-10-14] (Valve Corporation)
HKU\S-1-5-21-796861960-4226784817-673387836-1005\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-796861960-4226784817-673387836-1005\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-796861960-4226784817-673387836-1005\...\MountPoints2: {3317d6b2-aa98-11e3-8250-806e6f6e6963} - "F:\setup.exe"
AppInit_DLLs-x32: C:/PROGRA~3/{554CB~1/193~1.1/salo.dll => Keine Datei
IFEO\appvlp.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\htcsyncmanager.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\lync.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\msoev.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\msotd.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\msouc.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nitropdf.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\ocpubmgr.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\onenotem.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\origin.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\pdvdlaunchpolicy.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\setlang.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\spotify.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\vfconfig.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.14\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.14\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.14\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
Startup: C:\Users\Artur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2015-10-29]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office 15\root\office15\groove.exe (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 08 C:\WINDOWS\SysWOW64\wlidNSP.dll [50176 2014-10-29] (Microsoft Corporation)
Winsock: Catalog5 09 C:\WINDOWS\SysWOW64\wlidNSP.dll [50176 2014-10-29] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\WINDOWS\system32\wlidnsp.dll [74240 2014-10-29] (Microsoft Corporation)
Winsock: Catalog5-x64 09 C:\WINDOWS\system32\wlidnsp.dll [74240 2014-10-29] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 139.153.30.1 139.153.30.2
Tcpip\..\Interfaces\{0210E6BD-4DDB-4F89-9D7D-3908C843EA99}: [DhcpNameServer] 139.153.30.1 139.153.30.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.6.0.32
HKU\S-1-5-21-796861960-4226784817-673387836-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.6.0.32
HKU\S-1-5-21-796861960-4226784817-673387836-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-796861960-4226784817-673387836-1005\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-796861960-4226784817-673387836-1005\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {109AB16F-E87E-4E47-997D-629ED4E9CA56} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.14\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-11-22] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-11-22] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-11-17] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-11-17] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.14\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-08-23] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yfgubnq2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2014-11-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-11-22] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-11-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2014-08-23] (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2014-10-24] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yfgubnq2.default\user.js [2015-11-04]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon [2015-11-19] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon [2015-11-19] [ist nicht signiert]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.de/
CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-23]
CHR Extension: (Norton Security Toolbar) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-08-28]
CHR Extension: (Norton Identity Safe) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-01]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-28]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\Exts\Chrome.crx [2015-11-18]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\Exts\Chrome.crx [2015-11-18]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider) [Datei ist nicht signiert]
S4 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-29] (ELAN Microelectronics Corp.)
S4 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\NIS.exe [282016 2015-11-12] (Symantec Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-08-01] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [418312 2014-08-01] ()
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099720 2015-11-15] (Electronic Arts)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2015-01-30] () [Datei ist nicht signiert]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2014-11-28] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [Datei ist nicht signiert]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software)
S4 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-03-13] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [Datei ist nicht signiert]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20151113.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605050.00E\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [31648 2014-08-24] (REALiX)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20151125.001\IDSvia64.sys [767224 2015-10-20] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20151126.001\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20151126.001\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605050.00E\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605050.00E\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605050.00E\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1605050.00E\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605050.00E\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605050.00E\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [31144 2015-06-04] (TuneUp Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WsAudio_Device(1); C:\Windows\system32\drivers\VirtualAudio1.sys [31080 2014-11-26] (Wondershare)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 cpuz138; \??\C:\WINDOWS\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-27 10:06 - 2015-11-27 10:06 - 00026976 _____ C:\Users\Admin\Desktop\FRST.txt
2015-11-27 10:06 - 2015-11-27 10:06 - 00000000 ____D C:\Users\Admin\AppData\Local\Macromedia
2015-11-27 10:05 - 2015-11-27 10:05 - 02348544 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-11-26 21:50 - 2015-11-25 12:52 - 00020226 _____ C:\Users\Artur\Desktop\Week n.xlsx
2015-11-26 21:13 - 2015-11-26 21:14 - 00049791 _____ C:\Users\Artur\Downloads\Addition.txt
2015-11-26 21:09 - 2015-11-26 21:09 - 00000085 _____ C:\WINDOWS\wininit.ini
2015-11-26 21:09 - 2015-11-26 21:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2015-11-26 21:06 - 2015-11-27 10:06 - 00000000 ____D C:\FRST
2015-11-26 21:06 - 2015-11-26 21:14 - 00059901 _____ C:\Users\Artur\Downloads\FRST.txt
2015-11-26 21:03 - 2015-11-26 21:03 - 02348544 _____ (Farbar) C:\Users\Artur\Downloads\FRST64.exe
2015-11-26 20:41 - 2015-11-26 20:47 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-26 20:41 - 2015-11-26 20:41 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-26 20:41 - 2015-11-26 20:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-26 20:41 - 2015-11-26 20:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-26 20:41 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-26 20:41 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-26 20:41 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-26 20:39 - 2015-11-26 20:39 - 22908888 _____ (Malwarebytes ) C:\Users\Artur\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-26 20:30 - 2015-11-26 21:09 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-26 20:29 - 2015-11-26 20:29 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Artur\Downloads\spybot-2.4.exe
2015-11-26 20:27 - 2015-11-26 20:27 - 00186880 _____ (CEXX.ORG) C:\Users\Artur\Downloads\LSPFix.exe
2015-11-26 20:25 - 2015-11-26 20:25 - 00000000 ____D C:\Users\Artur\Downloads\backups
2015-11-26 20:18 - 2015-11-26 20:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\Artur\Downloads\HijackThis_2.0.5.exe
2015-11-26 16:15 - 2015-11-26 22:04 - 00000000 ____D C:\Users\Artur\Desktop\mama
2015-11-24 15:13 - 2015-11-24 15:13 - 01653445 _____ C:\Users\Artur\Desktop\Termaxx_Stirling_Catalogue_-_Nov_2015_v0_1_1.pdf
2015-11-19 23:30 - 2015-11-19 23:30 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2015-11-19 23:29 - 2015-11-19 23:29 - 00003234 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-11-17 16:58 - 2015-11-17 16:58 - 00002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-17 16:58 - 2015-11-17 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-17 16:57 - 2015-11-26 22:27 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-17 16:57 - 2015-11-26 22:27 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-17 16:57 - 2015-11-26 21:28 - 00004096 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-17 16:57 - 2015-11-26 21:28 - 00003860 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-17 15:23 - 2015-11-17 15:57 - 00001890 _____ C:\Users\Artur\Desktop\work.lnk
2015-11-14 01:05 - 2015-11-14 01:05 - 00111616 _____ C:\Users\Artur\Downloads\Final_Resultsv3.xls
2015-11-13 22:39 - 2015-11-13 22:39 - 00000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2015-11-11 11:52 - 2015-11-11 11:52 - 00013095 _____ C:\Users\Artur\Downloads\export.pdf
2015-11-10 20:34 - 2015-10-15 16:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 20:34 - 2015-10-15 15:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 20:34 - 2015-10-14 23:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 20:34 - 2015-10-14 23:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-10 20:34 - 2015-10-14 23:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-10 20:34 - 2015-10-14 23:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-10 20:34 - 2015-10-14 23:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-10 20:34 - 2015-10-13 17:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 20:34 - 2015-10-13 17:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 20:34 - 2015-10-13 15:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-10 20:34 - 2015-10-13 15:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-10 20:34 - 2015-10-13 15:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-10 20:34 - 2015-10-13 15:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-10 20:34 - 2015-10-13 15:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-10 20:34 - 2015-10-13 15:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-10 20:34 - 2015-10-11 06:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-10 20:34 - 2015-10-11 06:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-10 20:34 - 2015-10-10 18:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-10 20:34 - 2015-10-10 18:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-10 20:34 - 2015-10-10 18:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-10 20:34 - 2015-10-10 17:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-10 20:34 - 2015-10-10 17:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-10 20:34 - 2015-10-10 17:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-10 20:34 - 2015-10-10 16:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-10 20:33 - 2015-10-20 21:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-10 20:33 - 2015-10-20 14:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-10 20:33 - 2015-10-20 14:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-10 20:33 - 2015-10-20 14:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-10 20:33 - 2015-10-20 14:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-10 20:33 - 2015-10-20 14:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-10 20:33 - 2015-10-20 14:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-10 20:33 - 2015-10-20 14:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-10 20:33 - 2015-10-20 14:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-10 20:33 - 2015-10-20 14:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-10 20:33 - 2015-10-20 14:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-10 20:33 - 2015-10-20 14:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-10 20:32 - 2015-10-30 23:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 20:32 - 2015-10-30 23:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 20:32 - 2015-10-30 23:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-10 20:32 - 2015-10-30 23:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-10 20:32 - 2015-10-30 23:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 20:32 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 20:32 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-10 20:32 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 20:32 - 2015-10-30 22:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-10 20:32 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 20:32 - 2015-10-30 22:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-10 20:32 - 2015-10-30 22:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-10 20:32 - 2015-10-30 22:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 20:32 - 2015-10-30 22:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-10 20:32 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-10 20:32 - 2015-10-30 22:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-10 20:32 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-10 20:32 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 20:32 - 2015-10-30 22:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 20:32 - 2015-10-30 21:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-10 20:32 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-10 20:32 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 20:32 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-10 20:32 - 2015-10-17 14:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-10 20:32 - 2015-10-08 16:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-09 11:16 - 2015-11-09 11:16 - 00001016 _____ C:\Users\Artur\Desktop\metro2033.lnk
2015-11-09 11:16 - 2015-11-09 11:16 - 00000000 ____D C:\Users\Artur\Documents\4A Games
2015-11-09 11:15 - 2015-11-09 11:15 - 00000000 ____D C:\Users\Artur\AppData\Local\4A Games
2015-11-08 23:14 - 2015-11-08 23:14 - 00000000 ____D C:\Users\Admin\Documents\4A Games
2015-11-08 23:13 - 2015-11-08 23:13 - 00000000 ____D C:\Users\Admin\AppData\Local\4A Games
2015-11-08 23:11 - 2015-11-08 23:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
2015-11-07 11:53 - 2015-11-07 11:53 - 00000000 ____D C:\Users\Admin\AppData\Local\Deployment
2015-11-07 11:53 - 2015-11-07 11:53 - 00000000 ____D C:\Users\Admin\AppData\Local\Apps\2.0
2015-11-07 11:35 - 2015-11-07 11:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 22:21 - 2015-11-06 22:21 - 00001176 _____ C:\Users\Artur\Desktop\BBC iPlayer Downloads.lnk
2015-11-06 22:21 - 2015-11-06 22:21 - 00000000 ____D C:\Users\Artur\AppData\Local\BBC
2015-10-29 13:54 - 2015-10-29 13:57 - 00000000 ___RD C:\Users\Artur\OneDrive - University of Stirling
2015-10-28 11:21 - 2015-10-28 19:44 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Raptr

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-27 10:06 - 2014-08-24 15:03 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-796861960-4226784817-673387836-1005
2015-11-27 10:04 - 2014-06-21 15:49 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2015-11-27 10:00 - 2013-08-22 14:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-27 09:59 - 2014-11-01 11:16 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-27 09:59 - 2014-06-21 12:36 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-11-27 09:59 - 2013-08-22 13:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-27 09:52 - 2014-03-13 19:06 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-11-27 09:52 - 2014-03-13 19:06 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-11-27 09:52 - 2013-10-07 18:27 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-27 09:52 - 2013-08-22 13:36 - 00000000 ____D C:\WINDOWS\Inf
2015-11-27 09:51 - 2014-06-19 09:48 - 00000000 __RDO C:\Users\Artur\SkyDrive
2015-11-26 22:45 - 2014-08-25 16:52 - 00000000 ___RD C:\Users\Artur\Desktop\system
2015-11-26 22:45 - 2013-08-22 13:36 - 00000000 ____D C:\Windows
2015-11-26 22:35 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-26 22:28 - 2013-08-22 13:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-11-26 22:26 - 2013-08-22 15:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-11-26 22:24 - 2014-09-13 19:34 - 00000000 ____D C:\ProgramData\APN
2015-11-26 22:24 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Resources
2015-11-26 22:23 - 2014-06-18 20:05 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-796861960-4226784817-673387836-1002
2015-11-26 21:52 - 2014-12-11 11:34 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Spotify
2015-11-26 21:51 - 2014-06-18 19:58 - 00000000 ____D C:\Users\Artur\AppData\Local\Packages
2015-11-26 21:47 - 2014-12-11 11:35 - 00000000 ____D C:\Users\Artur\AppData\Local\Spotify
2015-11-26 21:28 - 2014-09-07 20:59 - 00003160 _____ C:\WINDOWS\System32\Tasks\{CFC27592-3071-4525-9E0A-7F4CB63E26EC}
2015-11-26 21:18 - 2014-09-07 21:00 - 00000000 ____D C:\Users\Artur\AppData\Roaming\Skype
2015-11-26 21:06 - 2014-06-20 14:49 - 00000000 ____D C:\Users\Artur\AppData\Local\CrashDumps
2015-11-26 20:37 - 2015-07-22 20:38 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-26 16:51 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-26 16:50 - 2014-06-19 17:27 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-26 16:35 - 2015-08-28 11:39 - 00000000 ____D C:\Users\Artur\Documents\_rowing
2015-11-26 16:35 - 2014-09-26 10:21 - 11930624 _____ C:\Users\Artur\AppData\Local\pq.db
2015-11-26 16:26 - 2014-09-26 10:21 - 00193391 _____ C:\Users\Artur\AppData\Local\pq.log.0
2015-11-26 16:25 - 2014-09-26 10:21 - 00000000 _____ C:\Users\Artur\AppData\Local\pq.log.0.lck
2015-11-25 11:55 - 2014-06-18 20:00 - 00000000 ____D C:\Users\Artur\Documents\Bluetooth Folder
2015-11-25 11:33 - 2015-10-18 10:09 - 00000000 ____D C:\Users\Artur\Documents\_work
2015-11-25 11:32 - 2014-09-28 18:30 - 00069737 _____ C:\Users\Artur\AppData\Local\pq.log.0.1
2015-11-25 11:32 - 2014-09-28 18:30 - 00000000 _____ C:\Users\Artur\AppData\Local\pq.log.0.1.lck
2015-11-23 20:54 - 2015-05-05 21:27 - 00000000 ____D C:\Users\Artur\AppData\Roaming\vlc
2015-11-19 23:29 - 2015-08-28 12:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-11-19 23:29 - 2015-08-28 12:04 - 00002450 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK
2015-11-19 23:29 - 2014-06-18 20:06 - 00000000 ____D C:\WINDOWS\system32\Drivers\NISx64
2015-11-19 22:35 - 2015-03-13 19:34 - 00000000 ____D C:\Users\Artur\AppData\Roaming\uTorrent
2015-11-17 16:57 - 2014-06-18 20:18 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-17 16:45 - 2015-04-16 09:01 - 00929872 _____ (Google Inc.) C:\Users\Artur\Downloads\ChromeSetup.exe
2015-11-16 21:07 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-16 19:28 - 2014-09-07 21:00 - 00000000 ____D C:\ProgramData\Skype
2015-11-15 20:54 - 2014-10-06 12:24 - 00000000 ____D C:\ProgramData\Origin
2015-11-15 20:46 - 2014-11-27 17:35 - 00348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2015-11-15 20:46 - 2014-11-27 17:35 - 00280904 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2015-11-15 20:46 - 2014-10-26 15:21 - 00348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2015-11-15 20:20 - 2014-10-06 12:24 - 00000000 ____D C:\Program Files (x86)\Origin
2015-11-15 20:18 - 2014-06-19 11:06 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-15 18:44 - 2013-08-22 14:44 - 05157016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-15 18:32 - 2014-06-19 09:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-15 18:32 - 2013-08-22 15:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-15 18:15 - 2014-06-19 09:57 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-13 21:19 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-11-11 17:59 - 2014-11-01 11:16 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-09 19:48 - 2014-06-18 19:58 - 00000000 ____D C:\Users\Artur
2015-11-09 16:49 - 2014-06-19 17:07 - 00000000 ____D C:\Users\Admin
2015-11-07 12:17 - 2014-09-30 13:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-07 11:57 - 2014-08-25 14:07 - 00002774 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-11-07 11:52 - 2014-11-26 18:27 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-11-07 11:52 - 2014-06-21 15:47 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieUserList
2015-11-07 11:52 - 2014-06-21 15:47 - 00000000 __SHD C:\Users\Admin\AppData\Local\EmieSiteList
2015-11-07 11:48 - 2015-02-12 17:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
2015-11-04 22:03 - 2015-03-07 18:36 - 00011264 ____H C:\Users\Artur\Desktop\photothumb.db
2015-11-04 21:11 - 2014-03-13 11:08 - 00000000 ____D C:\ProgramData\install_clap
2015-11-04 21:11 - 2013-10-07 19:23 - 00000000 ____D C:\WINDOWS\Panther
2015-11-03 16:51 - 2014-10-24 10:34 - 00000000 ____D C:\Users\Artur\AppData\Local\Microsoft Help
2015-11-03 00:23 - 2015-07-04 13:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-03 00:23 - 2015-02-12 10:34 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-02 18:10 - 2015-03-22 22:09 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BioShock
2015-11-02 18:06 - 2014-03-13 11:30 - 00003060 _____ C:\WINDOWS\System32\Tasks\PDVDServ Task
2015-11-02 18:05 - 2014-03-13 11:31 - 00025088 _____ C:\WINDOWS\system32\VfService.trf
2015-11-01 19:04 - 2015-06-26 11:16 - 00000000 ____D C:\Users\Artur\AppData\Local\HTC MediaHub
2015-11-01 18:56 - 2013-08-22 15:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-10-30 13:18 - 2014-12-25 15:17 - 00000000 ____D C:\Users\Artur\Documents\_finance
2015-10-29 16:08 - 2014-06-18 20:18 - 00000000 ____D C:\Users\Artur\AppData\Local\Deployment
2015-10-29 16:04 - 2014-09-26 10:21 - 02048090 _____ C:\Users\Artur\AppData\Local\pq.log.1

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-10-24 10:28 - 2014-10-24 10:29 - 0001767 _____ () C:\Users\Admin\AppData\Local\opensource-licenses.txt
2014-10-24 10:27 - 2014-10-24 10:27 - 0000000 _____ () C:\Users\Admin\AppData\Local\pq.db
2014-10-24 10:27 - 2014-10-24 10:29 - 0009796 _____ () C:\Users\Admin\AppData\Local\pq.log.0
2014-12-12 18:51 - 2015-10-04 16:02 - 0007598 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2014-03-13 10:50 - 2014-03-13 10:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Artur\AppData\Local\Temp\proxy_vole4224226306858883767.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-19 13:00

==================== Ende von FRST.txt ============================

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:08:52, on 27.11.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 42.0 (x86 de)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\NIS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
C:\Users\Admin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.6.0.32
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\coIEPlg.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\coIEPlg.dll
O4 - HKLM\..\Run: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Pokki] "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: RefGrab-It - {8B44F824-7A95-4ccf-9B65-56FC12408E2C} - (no file)
O9 - Extra button: (no name) - {F6C144AC-EA6A-446d-90D7-68D71B60750F} - (no file)
O9 - Extra 'Tools' menuitem: RefGrab-It Preferences - {F6C144AC-EA6A-446d-90D7-68D71B60750F} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
O20 - AppInit_DLLs: C:/PROGRA~3/{554CB~1/193~1.1/salo.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: @C:\WINDOWS\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\WINDOWS\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: LSCWinService - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.14\NIS.exe
O23 - Service: NitroPDFDriverCreatorReadSpool9 (NitroDriverReadSpool9) - Nitro PDF Software - C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
O23 - Service: NitroUpdateService - Unknown owner - C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\WINDOWS\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 11115 bytes
 

 

 

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;autoclean;emptyclsid;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Upload it in your next reply.
Link to post
Share on other sites

Since there are no more problems, we can declare this PC clean thumbs_up_smiley.gif

Now, we can proceed with post-cleanup procedures. Let's remove my tools and create a new, non infected restore point concurrently deleting old ones.

Step 1. - Creation of system restore point and tools removal.

Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt). I don't need it for review.
Tool deletes old system restore points and creates a fresh system restore point after cleaning.

Step 2. - Tips and tricks to keep your computer clean, safe and in a good shape.

Security tips - highly recommended reading:

Maintenance tips:Additional software that I personally use and install on all my clients devices:
  • Malwarebytes' Anti-Malware (paid version highly recommended) - to scan your system from time to time in search for malware.
  • Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
  • McShield - to prevent infections spread by removable media.
  • Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
  • Adblock - to surf the web without annoying ads!
  • Qualys BrowserCheck - cloud service that scans your browsers and plugins to see if they’re all up-to-date.

My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: btn_donateCC_LG.gif

Thank you!

Stay safe,

TwinHeadedEagle :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.