Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner eingefangen?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 16.02.2014, 14:51   #1
atw10qp4
 
Trojaner eingefangen? - Standard

Trojaner eingefangen?



Hallo,
ich vermute, mir einen Trojaner oder etwas ähnlich Ungutes eingefangen zu haben, da im Browser (verwende FireFox) doppelt unterstrichene blaue Wörter zu finden sind und manchmal ohne mein Zutun irgendwelche Seiten oder PopUps aufgehen. Habe mir eure Anleitung durchgelesen und hänge gleich einmal den frst-Output hier an (FRST.txt und Addition.txt). Allerdings konnte ich GMER nicht erfolgreich ausführen, da folgende Fehlermeldung erscheint: „C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird“. Ich habe alle Programme geschlossen, die ich so schließen konnte. Dann habe ich versucht, meinen Asus-Laptop im abgesicherten Modus zu booten, aber die F8-Taste hat während des Bootens keine Wirkung :-( Ich weiß nicht mehr weiter, könnt ihr mir bitte helfen?
LG, Peter

Alt 16.02.2014, 17:04   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner eingefangen? - Standard

Trojaner eingefangen?



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 22.02.2014, 18:17   #3
atw10qp4
 
Trojaner eingefangen? - Standard

Trojaner eingefangen?



Hallo, Schrauber!
Wollte dir keine unnötige Arbeit machen (bin das erste Mal hier). Hier die beiden Files:

FRST.txt:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by root (administrator) on ASUS-LAPTOP on 16-02-2014 13:29:27
Running from C:\tmp\Trojaner-Abwehr\Programme\2_frst
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Lyrics) C:\program files (x86)\a2zlyrics-1\a2zlyrics-1-bg.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\tmp\Trojaner-Abwehr\Programme\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [BtPreLoad] - C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-31] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS InstantKey] - C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [20456 2012-02-20] (ASUS)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2012-07-03] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2013-02-01] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-08-12] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [NeroFilterCheck] - C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [Philips Device Listener] - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2012-03-19] ()
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-06] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1579230505-512059319-4025757163-1007\...\Run: [iDevice Manager Launcher] - C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IPELauncher.exe [139728 2013-01-09] (Marx Softwareentwicklung - www.software4u.de)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: a2zLyrics-1 - {11111111-1111-1111-1111-110411151154} - C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-bho64.dll (Lyrics)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: a2zLyrics-1 - {11111111-1111-1111-1111-110411151154} - C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-bho.dll (Lyrics)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DNS Error Helper - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\fnlg3prk.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: a2zLyrics-1 - C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\fnlg3prk.default\Extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com [2013-11-28]
FF Extension: No Name - C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\fnlg3prk.default\Extensions\staged [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKLM-x32\...\Firefox\Extensions: [dnshelp@dnshelp.com] - C:\Users\peter\AppData\Roaming\Helper
FF Extension: Helper - C:\Users\peter\AppData\Roaming\Helper [2013-02-04]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 AddonsHelper; C:\Users\peter\AppData\Local\Temp\OCS\Downloads\8895a6ff54aa6156ee6d3370468ad434\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [865792 2013-02-03] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-01] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-08-31] (Qualcomm Atheros Commnucations)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-29] (IvoSoft)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-08-12] (Check Point Software Technologies LTD)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-31] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] ()
S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [284008 2012-10-08] (NVIDIA Corporation)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
U0 msahci; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-16 13:27 - 2014-02-16 13:27 - 00000000 _____ () C:\Users\root\defogger_reenable
2014-02-16 13:25 - 2014-02-16 13:29 - 00000000 ____D () C:\FRST
2014-02-16 13:24 - 2014-02-16 13:24 - 02152960 _____ (Farbar) C:\Users\root\Downloads\FRST64.exe
2014-02-16 12:57 - 2014-02-16 12:57 - 00000242 _____ () C:\Windows\SysWOW64\defogger_enable.log
2014-02-16 12:56 - 2014-02-16 12:56 - 00000470 _____ () C:\Windows\SysWOW64\defogger_disable.log
2014-02-16 12:37 - 2014-02-16 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-10 21:36 - 2014-02-10 21:36 - 00001728 _____ () C:\ProgramData\__wdump.txt
2014-02-10 21:35 - 2014-02-10 21:35 - 00001196 _____ () C:\Users\alina\Desktop\Pinnacle Studio 15.lnk
2014-02-10 21:35 - 2014-02-10 21:35 - 00000000 ____D () C:\Users\alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 15
2014-02-09 15:33 - 2014-02-09 15:33 - 00000000 ____D () C:\Users\alina\AppData\Roaming\NVIDIA
2014-01-19 14:51 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-19 14:51 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-19 14:51 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-19 14:51 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-19 14:51 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-19 14:51 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-19 14:51 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-19 14:51 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-19 14:51 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-19 14:51 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-19 14:51 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-19 14:51 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-19 14:51 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-19 14:51 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-19 14:51 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

==================== One Month Modified Files and Folders =======

2014-02-16 13:29 - 2014-02-16 13:25 - 00000000 ____D () C:\FRST
2014-02-16 13:29 - 2012-10-18 20:37 - 01558033 _____ () C:\Windows\WindowsUpdate.log
2014-02-16 13:29 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-02-16 13:27 - 2014-02-16 13:27 - 00000000 _____ () C:\Users\root\defogger_reenable
2014-02-16 13:27 - 2013-02-07 20:36 - 00000000 ____D () C:\Users\root
2014-02-16 13:26 - 2013-11-10 21:39 - 00050477 _____ () C:\Users\root\Downloads\Defogger.exe
2014-02-16 13:24 - 2014-02-16 13:24 - 02152960 _____ (Farbar) C:\Users\root\Downloads\FRST64.exe
2014-02-16 13:19 - 2013-02-01 20:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-16 13:12 - 2013-02-02 16:37 - 00000000 ____D () C:\tmp
2014-02-16 13:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-02-16 12:57 - 2014-02-16 12:57 - 00000242 _____ () C:\Windows\SysWOW64\defogger_enable.log
2014-02-16 12:56 - 2014-02-16 12:56 - 00000470 _____ () C:\Windows\SysWOW64\defogger_disable.log
2014-02-16 12:45 - 2013-02-12 13:25 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1579230505-512059319-4025757163-1007
2014-02-16 12:40 - 2013-07-16 20:13 - 00000000 ____D () C:\Users\root\AppData\Local\HTC MediaHub
2014-02-16 12:40 - 2013-02-07 20:38 - 00000408 _____ () C:\Users\root\AppData\Roaming\sp_data.sys
2014-02-16 12:39 - 2013-10-06 16:39 - 00001314 _____ () C:\Windows\Tasks\a2zLyrics-1-updater.job
2014-02-16 12:39 - 2013-10-06 16:39 - 00001218 _____ () C:\Windows\Tasks\a2zLyrics-1-codedownloader.job
2014-02-16 12:39 - 2013-10-06 16:39 - 00001118 _____ () C:\Windows\Tasks\a2zLyrics-1-enabler.job
2014-02-16 12:39 - 2013-10-06 16:38 - 00001850 _____ () C:\Windows\Tasks\a2zLyrics-1-firefoxinstaller.job
2014-02-16 12:39 - 2012-10-18 20:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-16 12:39 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-16 12:38 - 2013-02-06 19:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 12:37 - 2014-02-16 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 12:37 - 2013-02-07 18:29 - 00000000 ____D () C:\Users\karin\AppData\Roaming\Skype
2014-02-16 11:58 - 2013-02-07 15:31 - 00000000 ____D () C:\Users\karin\Documents\Bluetooth Folder
2014-02-16 11:56 - 2013-02-07 15:30 - 00000408 _____ () C:\Users\karin\AppData\Roaming\sp_data.sys
2014-02-16 11:55 - 2013-08-13 20:15 - 00000000 ____D () C:\Users\karin\AppData\Local\HTC MediaHub
2014-02-10 21:40 - 2013-02-09 15:19 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1579230505-512059319-4025757163-1006
2014-02-10 21:36 - 2014-02-10 21:36 - 00001728 _____ () C:\ProgramData\__wdump.txt
2014-02-10 21:35 - 2014-02-10 21:35 - 00001196 _____ () C:\Users\alina\Desktop\Pinnacle Studio 15.lnk
2014-02-10 21:35 - 2014-02-10 21:35 - 00000000 ____D () C:\Users\alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 15
2014-02-10 21:35 - 2013-02-04 20:46 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-02-10 21:30 - 2013-03-05 17:58 - 00000000 ____D () C:\Users\fabjana\AppData\Roaming\Skype
2014-02-10 21:20 - 2013-02-21 18:50 - 00006144 _____ () C:\Users\alina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-10 21:20 - 2013-02-17 18:56 - 00000000 ____D () C:\Users\alina\AppData\Roaming\Skype
2014-02-10 20:19 - 2013-03-10 15:27 - 00000000 ____D () C:\Users\alina\AppData\Local\Adobe
2014-02-10 20:19 - 2012-08-17 01:52 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-10 20:12 - 2013-07-01 10:23 - 00000000 ____D () C:\Users\alina\AppData\Local\CrashDumps
2014-02-10 17:04 - 2013-02-09 15:14 - 00000408 _____ () C:\Users\alina\AppData\Roaming\sp_data.sys
2014-02-09 15:38 - 2012-08-03 00:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-02-09 15:38 - 2012-08-03 00:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-02-09 15:38 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-09 15:36 - 2013-02-09 15:13 - 00000000 ____D () C:\Users\alina\AppData\Roaming\Adobe
2014-02-09 15:33 - 2014-02-09 15:33 - 00000000 ____D () C:\Users\alina\AppData\Roaming\NVIDIA
2014-02-09 15:31 - 2013-02-09 16:35 - 00000000 ____D () C:\Users\fabjana\Documents\Bluetooth Folder
2014-02-08 21:01 - 2013-02-09 16:18 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1579230505-512059319-4025757163-1005
2014-02-08 20:57 - 2013-02-01 20:31 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-08 20:55 - 2013-02-09 16:13 - 00000408 _____ () C:\Users\fabjana\AppData\Roaming\sp_data.sys
2014-02-08 20:52 - 2013-02-01 18:31 - 00000000 ____D () C:\Users\peter\AppData\Roaming\Skype
2014-02-08 20:52 - 2013-01-31 04:32 - 00000408 _____ () C:\Users\peter\AppData\Roaming\sp_data.sys
2014-02-08 20:40 - 2013-09-14 07:04 - 00000000 ____D () C:\Users\fabjana\AppData\Local\HTC MediaHub
2014-02-08 20:37 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-02-08 18:59 - 2013-01-31 04:37 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1579230505-512059319-4025757163-1002
2014-02-08 18:49 - 2013-07-24 18:49 - 00000000 ____D () C:\Users\peter\AppData\Local\HTC MediaHub
2014-02-08 18:41 - 2013-08-12 15:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-08 18:41 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-02-08 18:38 - 2013-02-01 07:13 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-30 22:10 - 2013-11-20 23:40 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-30 22:10 - 2013-11-20 23:40 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\alina\AppData\Local\Temp\avgnt.exe
C:\Users\fabjana\AppData\Local\Temp\avgnt.exe
C:\Users\karin\AppData\Local\Temp\avgnt.exe
C:\Users\karin\AppData\Local\Temp\COMAP.EXE
C:\Users\peter\AppData\Local\Temp\a2zLyrics_1060-8102_v122.exe
C:\Users\peter\AppData\Local\Temp\AskSLib.dll
C:\Users\peter\AppData\Local\Temp\avgnt.exe
C:\Users\peter\AppData\Local\Temp\COMAP.EXE
C:\Users\peter\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\peter\AppData\Local\Temp\Execute2App.exe
C:\Users\peter\AppData\Local\Temp\MSETUP4.EXE
C:\Users\peter\AppData\Local\Temp\msvcp90.dll
C:\Users\peter\AppData\Local\Temp\msvcr90.dll
C:\Users\peter\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\peter\AppData\Local\Temp\SAV2RemoveAll.exe
C:\Users\peter\AppData\Local\Temp\tmp93C.tmp.exe
C:\Users\peter\AppData\Local\Temp\tmpA756.tmp.exe
C:\Users\peter\AppData\Local\Temp\uninstall.exe
C:\Users\peter\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\root\AppData\Local\Temp\avgnt.exe
C:\Users\root\AppData\Local\Temp\COMAP.EXE
C:\Users\root\AppData\Local\Temp\DeltaTB.exe
C:\Users\root\AppData\Local\Temp\filebulldogTb_1.0.0.8.exe
C:\Users\root\AppData\Local\Temp\IDMSetup_1.5.0.0.exe
C:\Users\root\AppData\Local\Temp\OptimizerPro.exe
C:\Users\root\AppData\Local\Temp\tmp32C7.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 18:34

==================== End Of Log ============================
         
--- --- ---


Addition.txt:
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
Ran by root at 2014-02-16 13:29:49
Running from C:\tmp\Trojaner-Abwehr\Programme\2_frst
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Disabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

a2zLyrics-1 (x32 Version: 1.28.153.3 - Lyrics) <==== ATTENTION
Adobe AIR (x32 Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (x32 Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 Extension - Flash Lite STI others (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 STI-other (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Application Feature Set Files (Roman) (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Common Base Files (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Dolby (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (x32 Version: 1.1 - Adobe Systems Incorporated)
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Alcor Micro USB Card Reader (x32 Version: 3.8.142.61628 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.8.142.61628 - Alcor Micro Corp.) Hidden
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (x32 Version: 1.2.8 - ASUS)
ASUS Instant Key (x32 Version: 1.0.5 - ASUS)
ASUS InstantOn (x32 Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (x32 Version: 3.1.5 - ASUS)
ASUS Live Update (x32 Version: 3.1.8 - ASUS)
ASUS N Series Demo (x32 Version: 1.0.0002 - ASUS)
ASUS Power4Gear Hybrid (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (x32 Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.03.0004 - ASUS)
ASUS Tutor (x32 Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (x32 Version: 2.1.4 - ASUS)
ASUS Video Magic (x32 Version: 6.0.4712 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4712 - CyberLink Corp.) Hidden
ASUS WebStorage Sync Agent (x32 Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (x32 Version: 2.0.10.168 - ASUSTEK)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (x32 Version: 1.0.0022 - ASUS)
Audiograbber 1.83 SE  (x32 Version: 1.83 SE  - Audiograbber)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Beyond Compare Version 2.5.3 (x32 Version:  - Scooter Software)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Bulk Rename Utility 2.7.1.2 (Version:  - TGRMN Software)
Bundled software uninstaller (x32 Version:  - ) <==== ATTENTION
Canon G.726 WMP-Decoder (x32 Version: 1.1.0.4 - )
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.3.1.5 - )
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.5.1.4 - )
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 2.4.0.14 - )
Canon RAW Image Task for ZoomBrowser EX (x32 Version: 2.6.0.13 - )
Canon Utilities ImageBrowser EX (x32 Version: 1.1.1.19 - Canon Inc.)
Canon Utilities PhotoStitch (x32 Version: 3.1.19.43 - )
Canon Utilities ZoomBrowser EX (x32 Version: 5.8.0.74 - )
Classic Shell (Version: 3.6.5 - IvoSoft)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3019_44673 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3019_44673 - CyberLink Corp.) Hidden
CyberLink PowerDirector (x32 Version: 8.0.4905d - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.4905d - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Desktop Icon für Amazon (Version: 1.0.1 (de) - )
EasyBCD 2.2 (x32 Version: 2.2 - NeoSmart Technologies)
FilesFrog Update Checker (x32 Version:  - ) <==== ATTENTION
FireJump (x32 Version: 1.0.2.5 - FireJump.net)
Free CD Ripper V2.0 (x32 Version: 2.0.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.12.0.128 (x32 Version: 3.12.0.128 - DVDVideoSoft Ltd.)
HTC Driver Installer (x32 Version: 4.2.0.001 - HTC Corporation)
HTC Sync Manager (x32 Version: 2.0.61.0 - HTC)
iDevice Manager (x32 Version: 3.0.0.3 - Marx Softwareentwicklung)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IPTInstaller (x32 Version: 4.0.8 - HTC)
iTunes (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 25 (x32 Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Knoll Light Factory EZ Studio 15 (x32 Version:  - )
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Magic Bullet Looks Studio 15 (x32 Version:  - )
Microsoft Office (x32 Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Project MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Project 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Project Professional 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visio 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft)
Microsoft Visio Premium 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (x32 Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0.1 - Mozilla)
Mp3tag v2.54 (x32 Version: v2.54 - Florian Heidenreich)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
Nero 11 DiscSpeed (x32 Version: 11.0.00400 - Nero AG)
Nero 6 Demo (x32 Version:  - )
Nero Core Components 11 (x32 Version: 11.0.15401.1.15 - Nero AG) Hidden
Nero DiscSpeed 11 (x32 Version: 7.0.10400.2.100 - Nero AG) Hidden
Nero DiscSpeed 11 Help (CHM) (x32 Version: 11.0.10000 - Nero AG) Hidden
nero.prerequisites.msi (x32 Version: 11.0.20008 - Nero AG) Hidden
Nokia Connectivity Cable Driver (x32 Version: 7.1.78.0 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
NVIDIA 3D Vision Treiber 306.97 (Version: 306.97 - NVIDIA Corporation)
NVIDIA Grafiktreiber 306.97 (Version: 306.97 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0613 (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0697 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Paint.NET v3.5.10 (Version: 3.60.0 - dotPDN LLC)
PC Connectivity Solution (x32 Version: 12.0.27.0 - Nokia)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.1.0 (x32 Version:  - PDF24.org)
PDF-Viewer (Version: 2.5.209.0 - Tracker Software Products Ltd)
Philips Songbird (x32 Version: 6.1.2265 (2265) - Koninklijke Philips Electronics N.V.)
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pinnacle Studio 15 (x32 Version: 15.0.0.7593 - Pinnacle Systems)
Pinnacle Studio 15 Ultimate Collection Plugins (x32 Version: 15.0.0.7593 - Pinnacle Systems)
Pinnacle Studio Bonus Content (x32 Version: 15.0.0.51 - Pinnacle Systems)
Pinnacle Video Treiber (Version: 12.1.0.030 - Pinnacle Systems)
Preispilot für Firefox (x32 Version: 2.0 - Preispilot)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.208 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0 - Qualcomm Atheros)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Red Giant ToonIt Studio 15 (x32 Version:  - )
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Skype™ 6.1 (x32 Version: 6.1.129 - Skype Technologies S.A.)
Stellarium 0.12.0 (Version: 0.12.0 - Stellarium team)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
SureThing Express Labeler (x32 Version:  - MicroVision Development, Inc.)
T-Mobile Internet Manager (x32 Version: 11.301.05.39.55 - Huawei Technologies Co.,Ltd)
TomTom HOME (x32 Version: 2.9.3 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2 - TomTom International B.V.)
Trapcode 3DStroke Studio 15 (x32 Version:  - )
Trapcode Particular Studio (x32 Version:  - )
Trapcode Shine Studio 15 (x32 Version:  - )
TreeSize Professional 5.1.2 (x32 Version:  - )
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VLC media player 2.0.5 (Version: 2.0.5 - VideoLAN)
Windows-Treiberpaket - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (Version: 10/29/2012 1.0.0.148 - ASUS)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinFlash (x32 Version: 2.41.1 - ASUS)
WinSCP 5.1.3 (x32 Version: 5.1.3 - Martin Prikryl)
WinZip (x32 Version:  9.0  (6028) - WinZip Computing, Inc.)
ZoneAlarm Firewall (x32 Version: 11.0.780.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (x32 Version: 11.0.780.000 - Check Point)
ZoneAlarm LTD Toolbar (Version:  - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 11.0.780.000 - Check Point Software Technologies Ltd.) Hidden

==================== Restore Points  =========================

19-01-2014 19:00:15 Windows Update
08-02-2014 17:38:10 Windows Update

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0B388C5E-A507-4AC2-98B8-960CAD453C66} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3DED79E6-F6B2-4173-8505-16A53E30F74B} - System32\Tasks\BtvStack => C:\Program
Task: {46785A24-84F5-43B8-AFD7-AF60A4E5050D} - System32\Tasks\a2zLyrics-1-codedownloader => C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-codedownloader.exe [2013-10-06] (Lyrics) <==== ATTENTION
Task: {5907D24C-F3C2-4AEE-9C5B-409DF35685C4} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: {7BBCBFA6-E87D-43A2-BE39-E1A3FB565E9C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {8DCD7671-43D5-49D6-BE9F-863C2DCA0DAE} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {92EA533C-40C4-4189-8030-6B0F36D64D36} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-08] (Adobe Systems Incorporated)
Task: {936EA498-C280-4D6A-8BBD-05455EC3E66A} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {9BF72BC0-9F19-4603-97BA-C09C0D961A3A} - System32\Tasks\BtTray => C:\Program
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B750498F-A829-4679-8236-0707CE7A368B} - System32\Tasks\a2zLyrics-1-enabler => C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-enabler.exe [2013-10-06] (Lyrics) <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CB625FDA-FCAF-4618-9779-3A23E22CC032} - System32\Tasks\a2zLyrics-1-updater => C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-updater.exe [2013-10-06] (Lyrics) <==== ATTENTION
Task: {CFFE89DE-F8EF-41E2-B1D8-E8439CA53F6C} - System32\Tasks\DSite => C:\Users\peter\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {D24E9F0F-6B3E-489B-BE66-30C04DB7CA36} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {E55DBE54-CEA7-48FC-92DB-08B6A5E1A8ED} - System32\Tasks\a2zLyrics-1-firefoxinstaller => C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-firefoxinstaller.exe [2013-10-06] (Lyrics) <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FAD7601C-094E-4C82-9380-D25393AB0DEE} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: C:\Windows\Tasks\a2zLyrics-1-codedownloader.job => C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\a2zLyrics-1-enabler.job => C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\a2zLyrics-1-firefoxinstaller.job => C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\a2zLyrics-1-updater.job => C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-10-18 20:16 - 2012-07-31 17:02 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-08-31 16:44 - 2012-08-31 16:44 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-31 16:38 - 2012-08-31 16:38 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-05-17 11:43 - 2013-05-17 11:43 - 00169312 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2012-08-30 13:46 - 2012-11-27 13:48 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2012-08-30 14:27 - 2012-08-15 18:52 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2012-03-19 11:23 - 2012-03-19 11:23 - 00380416 _____ () C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
2013-02-01 21:19 - 2013-02-01 21:15 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-02-03 11:07 - 2013-02-03 11:07 - 00865792 _____ () C:\Users\peter\AppData\Local\Temp\OCS\Downloads\8895a6ff54aa6156ee6d3370468ad434\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-17 11:42 - 2013-05-17 11:42 - 00030056 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-05-17 11:42 - 2013-05-17 11:42 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-05-17 11:42 - 2013-05-17 11:42 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-05-17 11:42 - 2013-05-17 11:42 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-05-17 11:43 - 2013-05-17 11:43 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-05-17 11:47 - 2013-05-17 11:47 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-07-16 20:12 - 2012-12-07 16:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2012-10-18 20:34 - 2009-04-17 11:01 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-10-18 20:16 - 2012-07-31 17:02 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-02-16 12:37 - 2014-02-16 12:37 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-08-24 17:17 - 2012-08-24 17:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2012-08-30 13:39 - 2012-11-27 13:38 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2012-10-18 20:13 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-02-03 11:07 - 2013-02-03 11:07 - 00111616 _____ () C:\ProgramData\DNSErrorHelper\bho.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2014 00:36:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 647343

Error: (02/16/2014 00:36:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 647343

Error: (02/16/2014 00:36:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/16/2014 00:26:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1500

Error: (02/16/2014 00:26:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1500

Error: (02/16/2014 00:26:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/16/2014 11:54:59 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: wiaservc.dll, Version: 6.2.9200.16384, Zeitstempel: 0x501094f4
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000000000004139e
ID des fehlerhaften Prozesses: 0xce4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_stisvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_stisvc5

Error: (02/10/2014 08:12:46 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7
Name des fehlerhaften Moduls: a2zLyrics-1-bho.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5208ae68
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0606ba3d
ID des fehlerhaften Prozesses: 0x1dcc
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (02/10/2014 08:12:46 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7
Name des fehlerhaften Moduls: a2zLyrics-1-bho.dll, Version: 1.0.0.1, Zeitstempel: 0x5208ae68
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e10b
ID des fehlerhaften Prozesses: 0x1dcc
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (02/10/2014 08:10:40 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7
Name des fehlerhaften Moduls: a2zLyrics-1-bho.dll, Version: 1.0.0.1, Zeitstempel: 0x5208ae68
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e10b
ID des fehlerhaften Prozesses: 0x2078
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5


System errors:
=============
Error: (02/16/2014 11:55:54 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/08/2014 06:41:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2903938)

Error: (01/19/2014 08:05:29 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.2
registriert werden. Der Computer mit IP-Adresse 10.0.0.23 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/19/2014 08:00:18 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.2
registriert werden. Der Computer mit IP-Adresse 10.0.0.23 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/19/2014 02:41:16 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.2
registriert werden. Der Computer mit IP-Adresse 10.0.0.23 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/19/2014 02:36:06 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.2
registriert werden. Der Computer mit IP-Adresse 10.0.0.23 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/19/2014 02:30:54 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.2
registriert werden. Der Computer mit IP-Adresse 10.0.0.23 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/19/2014 02:27:48 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.2
registriert werden. Der Computer mit IP-Adresse 10.0.0.23 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/06/2014 11:59:25 AM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.2
registriert werden. Der Computer mit IP-Adresse 10.0.0.23 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/06/2014 11:58:17 AM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.2
registriert werden. Der Computer mit IP-Adresse 10.0.0.23 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.


Microsoft Office Sessions:
=========================
Error: (02/16/2014 00:36:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 647343

Error: (02/16/2014 00:36:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 647343

Error: (02/16/2014 00:36:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/16/2014 00:26:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1500

Error: (02/16/2014 00:26:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1500

Error: (02/16/2014 00:26:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/16/2014 11:54:59 AM) (Source: Application Error)(User: )
Description: svchost.exe_stisvc6.2.9200.16420505a9a4ewiaservc.dll6.2.9200.16384501094f4c0000409000000000004139ece401cf2b057f26fd94C:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dllc736325c-96f8-11e3-bef0-dc85de69baec

Error: (02/10/2014 08:12:46 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16537512347f7a2zLyrics-1-bho.dll_unloaded0.0.0.05208ae68c00000050606ba3d1dcc01cf2693eef4c7cfC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEa2zLyrics-1-bho.dll52a8ec06-9287-11e3-beef-dc85de69baec

Error: (02/10/2014 08:12:46 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16537512347f7a2zLyrics-1-bho.dll1.0.0.15208ae68c00000050002e10b1dcc01cf2693eef4c7cfC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-bho.dll52878aa5-9287-11e3-beef-dc85de69baec

Error: (02/10/2014 08:10:40 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16537512347f7a2zLyrics-1-bho.dll1.0.0.15208ae68c00000050002e10b207801cf2693a234a208C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-bho.dll077443d6-9287-11e3-beef-dc85de69baec


CodeIntegrity Errors:
===================================
  Date: 2013-07-13 13:57:15.719
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-13 13:57:13.656
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-13 13:57:11.592
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-13 13:57:09.523
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-13 13:57:07.460
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-13 13:57:05.396
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-01 17:47:08.195
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-01 17:39:02.816
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-01 17:04:49.894
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-01 16:22:44.335
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 8077.47 MB
Available physical RAM: 5206.4 MB
Total Pagefile: 9293.47 MB
Available Pagefile: 6055.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:43.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:398.17 GB) (Free:270.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: CDFAD22C)

Partition: GPT Partition Type
==================== End Of Log ============================
         
--- --- ---


Hoffe, es passt jetzt.

LG, Peter
__________________

Alt 23.02.2014, 16:32   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner eingefangen? - Standard

Trojaner eingefangen?



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.02.2014, 18:23   #5
atw10qp4
 
Trojaner eingefangen? - Standard

Trojaner eingefangen?



Hallo, Schrauber!

Danke für die nächsten Anleitungsschritte. Zu deiner Anweisung "Beende bitte Deine Schutzsoftware" würde ich gerne wissen, was du damit meinst: Antivirusprogramm, Firewall, ...?

LG, Peter


Alt 01.03.2014, 12:39   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner eingefangen? - Standard

Trojaner eingefangen?



Antivirus Programm
__________________
--> Trojaner eingefangen?

Alt 01.03.2014, 14:14   #7
atw10qp4
 
Trojaner eingefangen? - Standard

Trojaner eingefangen?



Hallo, Schrauber!

Hier das Log von mbam:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.27.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
root :: ASUS-LAPTOP [Administrator]

27.02.2014 20:33:40
mbam-log-2014-02-27 (20-33-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 348671
Laufzeit: 5 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-updater.exe (PUP.Optional.Lyrics.A) -> 3472 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 14
HKCR\CLSID\{11111111-1111-1111-1111-110411151154} (PUP.Optional.Lyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{44444444-4444-4444-4444-440444154454} (PUP.Optional.Lyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{55555555-5555-5555-5555-550455155554} (PUP.Optional.Lyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0041554.BHO.1 (PUP.Optional.Lyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411151154} (PUP.Optional.Lyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411151154} (PUP.Optional.Lyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{562B9316-C08A-444A-9482-62080DD851AE} (PUP.Optional.SpeedAnalysis3.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0041554.BHO (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0041554.Sandbox (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0041554.Sandbox.1 (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\a2zLyrics-1 (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a2zLyrics-1 (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Users\peter\AppData\Local\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\a2zLyrics-1 (PUP.Optional.A2ZLyrics.A) -> Löschen bei Neustart.

Infizierte Dateien: 34
C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-updater.exe (PUP.Optional.Lyrics.A) -> Löschen bei Neustart.
C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-bho.dll (PUP.Optional.Lyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-bho64.dll (PUP.Optional.Lyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\peter\AppData\Local\Temp\a2zLyrics_1060-8102_v122.exe (PUP.Optional.Bundler) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\peter\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\peter\AppData\Local\Temp\is357113909\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\peter\AppData\Local\Temp\is357113909\yontoo-c2.exe (PUP.Optional.Yontoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\root\AppData\Local\Temp\DeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\root\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\peter\Downloads\SoftonicDownloader_fuer_free-cd-ripper.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\peter\Downloads\SoftonicDownloader_fuer_pdf-xchange-viewer.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\peter\AppData\Local\FilesFrog Update Checker\uninstall.exe (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\peter\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\a2zLyrics-1-codedownloader.job (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\a2zLyrics-1-enabler.job (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\a2zLyrics-1-firefoxinstaller.job (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\a2zLyrics-1-updater.job (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk (PUP.Optional.FilesFrog.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk (PUP.Optional.FilesFrog.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\a2zLyrics-1\41554.xpi (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-bg.exe (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-buttonutil.dll (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-buttonutil.exe (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-buttonutil64.dll (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-buttonutil64.exe (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-codedownloader.exe (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-enabler.exe (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-firefoxinstaller.exe (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-helper.exe (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1.ico (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\a2zLyrics-1\background.html (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\a2zLyrics-1\Installer.log (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\a2zLyrics-1\Uninstall.exe (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\a2zLyrics-1\utils.exe (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Hier das Log von AdwCleaner:

Code:
ATTFilter
# AdwCleaner v3.020 - Bericht erstellt am 01/03/2014 um 10:24:03
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : root - ASUS-LAPTOP
# Gestartet von : C:\tmp\Trojaner-Abwehr\Programme\5_AdwCleaner\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : AddonsHelper

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\DNSErrorHelper
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\software4u
Ordner Gelöscht : C:\Users\peter\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\peter\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\peter\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\peter\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\peter\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\peter\AppData\Roaming\HELPER
Ordner Gelöscht : C:\Users\peter\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\peter\AppData\Roaming\software4u
Ordner Gelöscht : C:\Users\root\AppData\Roaming\software4u
Ordner Gelöscht : C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0h8hlzq.default\Extensions\firejump@firejump.net
Datei Gelöscht : C:\Users\peter\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0h8hlzq.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\DSite

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [dnshelp@dnshelp.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422152254}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466156654}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{721061FB-EB79-4568-A03C-3CE26D68DAE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422152254}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466156654}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16798


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0h8hlzq.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "1418e95c96435fce023ddb2cf986c6d4");

[ Datei : C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\gii4zyed.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "1420a2e9b512cdf3616711ea28ef536b");

[ Datei : C:\Users\fabjana\AppData\Roaming\Mozilla\Firefox\Profiles\wucqlutg.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "14198b8a1a3f79500a4bdc742c3fa94a");

[ Datei : C:\Users\alina\AppData\Roaming\Mozilla\Firefox\Profiles\9n1ei4i2.default\prefs.js ]


[ Datei : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\fnlg3prk.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "14243b544e376bb193450d686f64fc1e");

*************************

AdwCleaner[R0].txt - [6574 octets] - [28/02/2014 18:32:44]
AdwCleaner[S0].txt - [6384 octets] - [01/03/2014 10:24:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6444 octets] ##########
         
Hier das Log von JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by root on 01.03.2014 at 13:11:20,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\fnlg3prk.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.03.2014 at 13:18:23,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Und hier das aktuelle FRST Log:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by root (administrator) on ASUS-LAPTOP on 01-03-2014 14:04:05
Running from C:\tmp\Trojaner-Abwehr\Programme\2_frst
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\system32\igfxpers.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\avcenter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [BtPreLoad] - C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-31] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS InstantKey] - C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [20456 2012-02-20] (ASUS)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2012-07-03] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2013-02-01] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-08-12] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [NeroFilterCheck] - C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [Philips Device Listener] - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2012-03-19] ()
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-06] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1579230505-512059319-4025757163-1007\...\Run: [iDevice Manager Launcher] - "C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IPELauncher.exe" /run
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [18856 2012-10-02] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit.dll [17288 2012-10-02] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: a2zLyrics-1 - {11111111-1111-1111-1111-110411151154} - C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-bho64.dll No File
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DNS Error Helper - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\fnlg3prk.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: a2zLyrics-1 - C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\fnlg3prk.default\Extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-23] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-08-31] (Qualcomm Atheros Commnucations)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-29] (IvoSoft)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-08-12] (Check Point Software Technologies LTD)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-31] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] ()
S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [284008 2012-10-08] (NVIDIA Corporation)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
U0 msahci; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-01 13:18 - 2014-03-01 13:18 - 00000741 _____ () C:\Users\root\Desktop\JRT.txt
2014-03-01 13:11 - 2014-03-01 13:11 - 00000000 ____D () C:\Windows\ERUNT
2014-03-01 10:40 - 2014-03-01 10:40 - 01037734 _____ (Thisisu) C:\Users\root\Downloads\JRT.exe
2014-02-28 18:32 - 2014-03-01 10:24 - 00000000 ____D () C:\AdwCleaner
2014-02-28 18:29 - 2014-02-28 18:29 - 01244192 _____ () C:\Users\root\Downloads\adwcleaner.exe
2014-02-28 00:47 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-28 00:47 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-28 00:47 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-28 00:47 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-28 00:47 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-28 00:47 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-28 00:47 - 2013-11-27 01:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml
2014-02-28 00:47 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-02-28 00:47 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-28 00:46 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 00:46 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 00:46 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 00:46 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-28 00:46 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-28 00:46 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-28 00:46 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 00:46 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 00:46 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 00:46 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-28 00:46 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 00:46 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 00:46 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-28 00:46 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 00:46 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 00:46 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 00:46 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 00:46 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 00:46 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-28 00:46 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 00:46 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 00:46 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 00:46 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 00:46 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-28 00:46 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 00:46 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 00:46 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-28 00:46 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 00:46 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 00:46 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 00:46 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-28 00:46 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 00:46 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-02-28 00:46 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-28 00:46 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-28 00:46 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-28 00:46 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-27 20:30 - 2014-02-27 20:30 - 00000000 ____D () C:\Users\root\AppData\Roaming\Malwarebytes
2014-02-27 20:29 - 2014-02-27 20:29 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-27 20:29 - 2014-02-27 20:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-27 20:29 - 2014-02-27 20:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-27 20:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-27 20:28 - 2014-02-27 20:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\root\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-23 20:45 - 2014-02-23 20:46 - 00000000 ____D () C:\Users\peter\AppData\Local\Sony
2014-02-23 20:45 - 2014-02-23 20:45 - 00001887 _____ () C:\Users\Public\Desktop\Media Go.lnk
2014-02-23 20:45 - 2014-02-23 20:45 - 00000000 ____D () C:\Users\peter\Podcasts
2014-02-23 20:45 - 2014-02-23 20:45 - 00000000 ____D () C:\Users\peter\Documents\Media Go
2014-02-23 20:45 - 2014-02-23 20:45 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-02-23 20:44 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-02-23 20:43 - 2014-02-23 20:46 - 00000000 ____D () C:\Users\peter\AppData\Roaming\Sony
2014-02-23 20:43 - 2014-02-23 20:44 - 00000000 ____D () C:\Program Files (x86)\Sony Media Go Install
2014-02-23 20:34 - 2014-02-23 20:34 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_11_00.Wdf
2014-02-23 20:28 - 2014-02-23 20:28 - 00002100 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-02-23 20:27 - 2014-02-23 20:45 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-02-23 20:27 - 2014-02-23 20:27 - 00000000 ____D () C:\ProgramData\Sony
2014-02-16 13:31 - 2014-02-16 13:31 - 00380416 _____ () C:\Users\root\Downloads\Gmer-19357.exe
2014-02-16 13:27 - 2014-02-16 13:27 - 00000000 _____ () C:\Users\root\defogger_reenable
2014-02-16 13:25 - 2014-03-01 14:04 - 00000000 ____D () C:\FRST
2014-02-16 13:24 - 2014-03-01 14:03 - 02155520 _____ (Farbar) C:\Users\root\Downloads\FRST64.exe
2014-02-16 12:57 - 2014-02-16 12:57 - 00000242 _____ () C:\Windows\SysWOW64\defogger_enable.log
2014-02-16 12:56 - 2014-02-16 12:56 - 00000470 _____ () C:\Windows\SysWOW64\defogger_disable.log
2014-02-16 12:37 - 2014-02-16 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-10 21:36 - 2014-02-10 21:36 - 00001728 _____ () C:\ProgramData\__wdump.txt
2014-02-10 21:35 - 2014-02-10 21:35 - 00001196 _____ () C:\Users\alina\Desktop\Pinnacle Studio 15.lnk
2014-02-10 21:35 - 2014-02-10 21:35 - 00000000 ____D () C:\Users\alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 15
2014-02-09 15:33 - 2014-02-09 15:33 - 00000000 ____D () C:\Users\alina\AppData\Roaming\NVIDIA

==================== One Month Modified Files and Folders =======

2014-03-01 14:04 - 2014-02-16 13:25 - 00000000 ____D () C:\FRST
2014-03-01 14:03 - 2014-02-16 13:24 - 02155520 _____ (Farbar) C:\Users\root\Downloads\FRST64.exe
2014-03-01 14:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-01 13:19 - 2013-02-01 20:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-01 13:18 - 2014-03-01 13:18 - 00000741 _____ () C:\Users\root\Desktop\JRT.txt
2014-03-01 13:11 - 2014-03-01 13:11 - 00000000 ____D () C:\Windows\ERUNT
2014-03-01 10:44 - 2013-02-12 13:25 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1579230505-512059319-4025757163-1007
2014-03-01 10:40 - 2014-03-01 10:40 - 01037734 _____ (Thisisu) C:\Users\root\Downloads\JRT.exe
2014-03-01 10:34 - 2013-07-16 20:13 - 00000000 ____D () C:\Users\root\AppData\Local\HTC MediaHub
2014-03-01 10:34 - 2013-02-07 20:38 - 00000408 _____ () C:\Users\root\AppData\Roaming\sp_data.sys
2014-03-01 10:25 - 2012-10-18 20:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-01 10:25 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-01 10:24 - 2014-02-28 18:32 - 00000000 ____D () C:\AdwCleaner
2014-03-01 10:24 - 2013-02-01 21:12 - 00000000 ____D () C:\Users\peter\AppData\Roaming\CheckPoint
2014-03-01 03:18 - 2012-10-18 20:37 - 01765719 _____ () C:\Windows\WindowsUpdate.log
2014-03-01 03:05 - 2013-08-12 15:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-01 03:00 - 2013-02-01 07:13 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-28 18:32 - 2013-09-29 15:37 - 00000000 ____D () C:\Users\root\AppData\Local\CrashDumps
2014-02-28 18:29 - 2014-02-28 18:29 - 01244192 _____ () C:\Users\root\Downloads\adwcleaner.exe
2014-02-28 14:57 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-02-28 14:30 - 2012-08-02 14:24 - 00161076 _____ () C:\Windows\PFRO.log
2014-02-28 03:27 - 2013-02-02 13:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-28 03:22 - 2012-07-26 06:26 - 00000199 _____ () C:\Windows\win.ini
2014-02-28 03:21 - 2013-02-02 14:17 - 00000039 _____ () C:\Windows\vbaddin.ini
2014-02-28 01:27 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-02-27 20:30 - 2014-02-27 20:30 - 00000000 ____D () C:\Users\root\AppData\Roaming\Malwarebytes
2014-02-27 20:29 - 2014-02-27 20:29 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-27 20:29 - 2014-02-27 20:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-27 20:29 - 2014-02-27 20:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-27 20:28 - 2014-02-27 20:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\root\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-27 19:42 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-02-27 19:39 - 2013-02-01 18:31 - 00000000 ____D () C:\Users\peter\AppData\Roaming\Skype
2014-02-23 21:03 - 2013-01-31 04:37 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1579230505-512059319-4025757163-1002
2014-02-23 20:54 - 2013-02-04 20:46 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-02-23 20:51 - 2013-07-24 18:49 - 00000000 ____D () C:\Users\peter\AppData\Local\HTC MediaHub
2014-02-23 20:51 - 2013-01-31 04:32 - 00000408 _____ () C:\Users\peter\AppData\Roaming\sp_data.sys
2014-02-23 20:46 - 2014-02-23 20:45 - 00000000 ____D () C:\Users\peter\AppData\Local\Sony
2014-02-23 20:46 - 2014-02-23 20:43 - 00000000 ____D () C:\Users\peter\AppData\Roaming\Sony
2014-02-23 20:45 - 2014-02-23 20:45 - 00001887 _____ () C:\Users\Public\Desktop\Media Go.lnk
2014-02-23 20:45 - 2014-02-23 20:45 - 00000000 ____D () C:\Users\peter\Podcasts
2014-02-23 20:45 - 2014-02-23 20:45 - 00000000 ____D () C:\Users\peter\Documents\Media Go
2014-02-23 20:45 - 2014-02-23 20:45 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-02-23 20:45 - 2014-02-23 20:27 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-02-23 20:45 - 2013-01-31 04:30 - 00000000 ____D () C:\Users\peter
2014-02-23 20:44 - 2014-02-23 20:43 - 00000000 ____D () C:\Program Files (x86)\Sony Media Go Install
2014-02-23 20:44 - 2013-02-02 13:10 - 00000000 ____D () C:\Users\peter\AppData\Local\Downloaded Installations
2014-02-23 20:40 - 2012-07-26 08:21 - 00048802 _____ () C:\Windows\setupact.log
2014-02-23 20:34 - 2014-02-23 20:34 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_11_00.Wdf
2014-02-23 20:30 - 2012-10-18 20:19 - 00249842 _____ () C:\Windows\DPINST.LOG
2014-02-23 20:28 - 2014-02-23 20:28 - 00002100 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-02-23 20:27 - 2014-02-23 20:27 - 00000000 ____D () C:\ProgramData\Sony
2014-02-23 20:27 - 2012-10-18 20:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-23 20:21 - 2013-08-18 20:11 - 00015360 _____ () C:\Users\peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-23 20:02 - 2013-02-06 21:52 - 00000000 ____D () C:\Users\peter\AppData\Roaming\vlc
2014-02-23 19:19 - 2013-02-01 20:31 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-17 23:03 - 2013-11-20 23:40 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-17 23:03 - 2013-11-20 23:40 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-16 13:31 - 2014-02-16 13:31 - 00380416 _____ () C:\Users\root\Downloads\Gmer-19357.exe
2014-02-16 13:27 - 2014-02-16 13:27 - 00000000 _____ () C:\Users\root\defogger_reenable
2014-02-16 13:27 - 2013-02-07 20:36 - 00000000 ____D () C:\Users\root
2014-02-16 13:26 - 2013-11-10 21:39 - 00050477 _____ () C:\Users\root\Downloads\Defogger.exe
2014-02-16 13:12 - 2013-02-02 16:37 - 00000000 ____D () C:\tmp
2014-02-16 12:57 - 2014-02-16 12:57 - 00000242 _____ () C:\Windows\SysWOW64\defogger_enable.log
2014-02-16 12:56 - 2014-02-16 12:56 - 00000470 _____ () C:\Windows\SysWOW64\defogger_disable.log
2014-02-16 12:38 - 2013-02-06 19:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 12:37 - 2014-02-16 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 12:37 - 2013-02-07 18:29 - 00000000 ____D () C:\Users\karin\AppData\Roaming\Skype
2014-02-16 11:58 - 2013-02-07 15:31 - 00000000 ____D () C:\Users\karin\Documents\Bluetooth Folder
2014-02-16 11:56 - 2013-02-07 15:30 - 00000408 _____ () C:\Users\karin\AppData\Roaming\sp_data.sys
2014-02-16 11:55 - 2013-08-13 20:15 - 00000000 ____D () C:\Users\karin\AppData\Local\HTC MediaHub
2014-02-10 21:40 - 2013-02-09 15:19 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1579230505-512059319-4025757163-1006
2014-02-10 21:36 - 2014-02-10 21:36 - 00001728 _____ () C:\ProgramData\__wdump.txt
2014-02-10 21:35 - 2014-02-10 21:35 - 00001196 _____ () C:\Users\alina\Desktop\Pinnacle Studio 15.lnk
2014-02-10 21:35 - 2014-02-10 21:35 - 00000000 ____D () C:\Users\alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 15
2014-02-10 21:30 - 2013-03-05 17:58 - 00000000 ____D () C:\Users\fabjana\AppData\Roaming\Skype
2014-02-10 21:20 - 2013-02-21 18:50 - 00006144 _____ () C:\Users\alina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-10 21:20 - 2013-02-17 18:56 - 00000000 ____D () C:\Users\alina\AppData\Roaming\Skype
2014-02-10 20:19 - 2013-03-10 15:27 - 00000000 ____D () C:\Users\alina\AppData\Local\Adobe
2014-02-10 20:19 - 2012-08-17 01:52 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-10 20:12 - 2013-07-01 10:23 - 00000000 ____D () C:\Users\alina\AppData\Local\CrashDumps
2014-02-10 17:04 - 2013-02-09 15:14 - 00000408 _____ () C:\Users\alina\AppData\Roaming\sp_data.sys
2014-02-09 15:38 - 2012-08-03 00:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-02-09 15:38 - 2012-08-03 00:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-02-09 15:38 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-09 15:36 - 2013-02-09 15:13 - 00000000 ____D () C:\Users\alina\AppData\Roaming\Adobe
2014-02-09 15:33 - 2014-02-09 15:33 - 00000000 ____D () C:\Users\alina\AppData\Roaming\NVIDIA
2014-02-09 15:31 - 2013-02-09 16:35 - 00000000 ____D () C:\Users\fabjana\Documents\Bluetooth Folder
2014-02-08 21:01 - 2013-02-09 16:18 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1579230505-512059319-4025757163-1005
2014-02-08 20:55 - 2013-02-09 16:13 - 00000408 _____ () C:\Users\fabjana\AppData\Roaming\sp_data.sys
2014-02-08 20:40 - 2013-09-14 07:04 - 00000000 ____D () C:\Users\fabjana\AppData\Local\HTC MediaHub
2014-02-08 18:41 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-02-01 10:20 - 2014-02-28 00:46 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-28 00:46 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-01 10:19 - 2014-02-28 00:46 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-01 10:19 - 2014-02-28 00:46 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-01 10:19 - 2014-02-28 00:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-01 10:18 - 2014-02-28 00:46 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-28 00:46 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-28 00:46 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-28 00:46 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-28 00:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-01 10:18 - 2014-02-28 00:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-28 00:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-01 10:18 - 2014-02-28 00:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-28 00:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-28 00:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-28 00:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-28 00:46 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-28 00:46 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-01 08:58 - 2014-02-28 00:46 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-01 08:57 - 2014-02-28 00:46 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-28 00:46 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-28 00:46 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-28 00:46 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-28 00:46 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-28 00:46 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-28 00:46 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-28 00:46 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-28 00:46 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-28 00:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-28 00:46 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-28 00:46 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-28 00:46 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-01 06:08 - 2014-02-28 00:46 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\alina\AppData\Local\Temp\avgnt.exe
C:\Users\fabjana\AppData\Local\Temp\avgnt.exe
C:\Users\karin\AppData\Local\Temp\avgnt.exe
C:\Users\karin\AppData\Local\Temp\COMAP.EXE
C:\Users\peter\AppData\Local\Temp\AskSLib.dll
C:\Users\peter\AppData\Local\Temp\avgnt.exe
C:\Users\peter\AppData\Local\Temp\COMAP.EXE
C:\Users\peter\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\peter\AppData\Local\Temp\Execute2App.exe
C:\Users\peter\AppData\Local\Temp\MSETUP4.EXE
C:\Users\peter\AppData\Local\Temp\msvcp90.dll
C:\Users\peter\AppData\Local\Temp\msvcr90.dll
C:\Users\peter\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\peter\AppData\Local\Temp\SAV2RemoveAll.exe
C:\Users\peter\AppData\Local\Temp\tmp93C.tmp.exe
C:\Users\peter\AppData\Local\Temp\tmpA756.tmp.exe
C:\Users\root\AppData\Local\Temp\avgnt.exe
C:\Users\root\AppData\Local\Temp\COMAP.EXE
C:\Users\root\AppData\Local\Temp\filebulldogTb_1.0.0.8.exe
C:\Users\root\AppData\Local\Temp\IDMSetup_1.5.0.0.exe
C:\Users\root\AppData\Local\Temp\Quarantine.exe
C:\Users\root\AppData\Local\Temp\tmp32C7.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 03:03

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Scheinbar ist also doch einiges gelöscht worden, allerdings ist der Rechner offenbar immer noch infiziert, da nach wie vor im Browser irgendwelche Wörter doppelt unterstrichen sind und auch weiterhin irgendwelche PopUps aufgehen ...

LG, Peter

Alt 02.03.2014, 08:20   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner eingefangen? - Standard

Trojaner eingefangen?



In welchem Browser?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.03.2014, 09:12   #9
atw10qp4
 
Trojaner eingefangen? - Standard

Trojaner eingefangen?



Firefox 27.0.1
Im IE 10 ist alles sauber.
Soll ich den FF de- und wieder neu installieren?
LG, Peter

Alt 03.03.2014, 08:17   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner eingefangen? - Standard

Trojaner eingefangen?



Genau, dabei keine Daten behalten, dann:

https://support.mozilla.org/de/kb/fi...einfach-loesen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Trojaner eingefangen?
abgesicherten, blaue wörter, datei, firefox, nicht mehr, pup.optional.a2zlyrics.a, pup.optional.babylon.a, pup.optional.bundler, pup.optional.crossrider.a, pup.optional.delta.a, pup.optional.filesfrog.a, pup.optional.lyrics.a, pup.optional.optimizepro.a, pup.optional.softonic.a, pup.optional.somoto.a, pup.optional.speedanalysis3.a, pup.optional.yontoo.a, schließen, seiten, system, trojaner, windows




Ähnliche Themen: Trojaner eingefangen?


  1. Trojaner eingefangen?
    Log-Analyse und Auswertung - 17.10.2015 (13)
  2. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (10)
  3. GVU Trojaner eingefangen...
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (43)
  4. Viren eingefangen (JAVA/dldr.lamar.TP), auch Trojaner (Polizei.Trojaner) gefunden
    Log-Analyse und Auswertung - 07.05.2013 (15)
  5. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (6)
  6. GVU Trojaner eingefangen!
    Log-Analyse und Auswertung - 17.10.2012 (2)
  7. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (17)
  8. Gvu Trojaner 2.07 Eingefangen
    Log-Analyse und Auswertung - 21.08.2012 (6)
  9. GVU Trojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (11)
  10. GVU-Trojaner 2.07 eingefangen
    Log-Analyse und Auswertung - 25.07.2012 (11)
  11. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.07.2012 (19)
  12. 50€ Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (21)
  13. Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (1)
  14. Trojaner eingefangen....
    Log-Analyse und Auswertung - 27.04.2011 (1)
  15. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (2)
  16. Trojaner eingefangen?
    Log-Analyse und Auswertung - 03.03.2009 (0)
  17. Trojaner VX2 eingefangen
    Log-Analyse und Auswertung - 03.05.2005 (8)

Zum Thema Trojaner eingefangen? - Hallo, ich vermute, mir einen Trojaner oder etwas ähnlich Ungutes eingefangen zu haben, da im Browser (verwende FireFox) doppelt unterstrichene blaue Wörter zu finden sind und manchmal ohne mein Zutun - Trojaner eingefangen?...
Archiv
Du betrachtest: Trojaner eingefangen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.