|
Log-Analyse und Auswertung: Trojaner eingefangen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.02.2014, 14:51 | #1 |
| Trojaner eingefangen? Hallo, ich vermute, mir einen Trojaner oder etwas ähnlich Ungutes eingefangen zu haben, da im Browser (verwende FireFox) doppelt unterstrichene blaue Wörter zu finden sind und manchmal ohne mein Zutun irgendwelche Seiten oder PopUps aufgehen. Habe mir eure Anleitung durchgelesen und hänge gleich einmal den frst-Output hier an (FRST.txt und Addition.txt). Allerdings konnte ich GMER nicht erfolgreich ausführen, da folgende Fehlermeldung erscheint: „C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird“. Ich habe alle Programme geschlossen, die ich so schließen konnte. Dann habe ich versucht, meinen Asus-Laptop im abgesicherten Modus zu booten, aber die F8-Taste hat während des Bootens keine Wirkung :-( Ich weiß nicht mehr weiter, könnt ihr mir bitte helfen? LG, Peter |
16.02.2014, 17:04 | #2 |
/// the machine /// TB-Ausbilder | Trojaner eingefangen? Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
22.02.2014, 18:17 | #3 |
| Trojaner eingefangen? Hallo, Schrauber!
__________________Wollte dir keine unnötige Arbeit machen (bin das erste Mal hier). Hier die beiden Files: FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01 Ran by root (administrator) on ASUS-LAPTOP on 16-02-2014 13:29:27 Running from C:\tmp\Trojaner-Abwehr\Programme\2_frst Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (Intel Corporation) C:\Windows\system32\igfxpers.exe (Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe () C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Lyrics) C:\program files (x86)\a2zlyrics-1\a2zlyrics-1-bg.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe () C:\tmp\Trojaner-Abwehr\Programme\Defogger.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor) HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS) HKLM\...\Run: [BtPreLoad] - C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-31] () HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ASUS InstantKey] - C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [20456 2012-02-20] (ASUS) HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2012-07-03] (CyberLink Corp.) HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation) HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2013-02-01] (Huawei Technologies Co., Ltd.) HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-08-12] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-21] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [NeroFilterCheck] - C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM-x32\...\Run: [Philips Device Listener] - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2012-03-19] () HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.) HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-06] (Geek Software GmbH) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1579230505-512059319-4025757163-1007\...\Run: [iDevice Manager Launcher] - C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IPELauncher.exe [139728 2013-01-09] (Marx Softwareentwicklung - www.software4u.de) AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation) AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM-x32 - DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197 SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM-x32 - {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197 SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: a2zLyrics-1 - {11111111-1111-1111-1111-110411151154} - C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-bho64.dll (Lyrics) BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: a2zLyrics-1 - {11111111-1111-1111-1111-110411151154} - C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-bho.dll (Lyrics) BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: DNS Error Helper - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll () BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\fnlg3prk.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: a2zLyrics-1 - C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\fnlg3prk.default\Extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com [2013-11-28] FF Extension: No Name - C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\fnlg3prk.default\Extensions\staged [2014-02-16] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] FF HKLM-x32\...\Firefox\Extensions: [dnshelp@dnshelp.com] - C:\Users\peter\AppData\Roaming\Helper FF Extension: Helper - C:\Users\peter\AppData\Roaming\Helper [2013-02-04] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK ==================== Services (Whitelisted) ================= R2 AddonsHelper; C:\Users\peter\AppData\Local\Temp\OCS\Downloads\8895a6ff54aa6156ee6d3370468ad434\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [865792 2013-02-03] () R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-01] (Avira Operations GmbH & Co. KG) R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-08-31] (Qualcomm Atheros Commnucations) R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-29] (IvoSoft) R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] () R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-08-12] (Check Point Software Technologies LTD) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-31] (Atheros) ==================== Drivers (Whitelisted) ==================== R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-21] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-21] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-31] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] () S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [284008 2012-10-08] (NVIDIA Corporation) R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.) U0 msahci; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-16 13:27 - 2014-02-16 13:27 - 00000000 _____ () C:\Users\root\defogger_reenable 2014-02-16 13:25 - 2014-02-16 13:29 - 00000000 ____D () C:\FRST 2014-02-16 13:24 - 2014-02-16 13:24 - 02152960 _____ (Farbar) C:\Users\root\Downloads\FRST64.exe 2014-02-16 12:57 - 2014-02-16 12:57 - 00000242 _____ () C:\Windows\SysWOW64\defogger_enable.log 2014-02-16 12:56 - 2014-02-16 12:56 - 00000470 _____ () C:\Windows\SysWOW64\defogger_disable.log 2014-02-16 12:37 - 2014-02-16 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-10 21:36 - 2014-02-10 21:36 - 00001728 _____ () C:\ProgramData\__wdump.txt 2014-02-10 21:35 - 2014-02-10 21:35 - 00001196 _____ () C:\Users\alina\Desktop\Pinnacle Studio 15.lnk 2014-02-10 21:35 - 2014-02-10 21:35 - 00000000 ____D () C:\Users\alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 15 2014-02-09 15:33 - 2014-02-09 15:33 - 00000000 ____D () C:\Users\alina\AppData\Roaming\NVIDIA 2014-01-19 14:51 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-01-19 14:51 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-01-19 14:51 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-01-19 14:51 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-01-19 14:51 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll 2014-01-19 14:51 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll 2014-01-19 14:51 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll 2014-01-19 14:51 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys 2014-01-19 14:51 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2014-01-19 14:51 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2014-01-19 14:51 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys 2014-01-19 14:51 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-01-19 14:51 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-01-19 14:51 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2014-01-19 14:51 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll ==================== One Month Modified Files and Folders ======= 2014-02-16 13:29 - 2014-02-16 13:25 - 00000000 ____D () C:\FRST 2014-02-16 13:29 - 2012-10-18 20:37 - 01558033 _____ () C:\Windows\WindowsUpdate.log 2014-02-16 13:29 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-02-16 13:27 - 2014-02-16 13:27 - 00000000 _____ () C:\Users\root\defogger_reenable 2014-02-16 13:27 - 2013-02-07 20:36 - 00000000 ____D () C:\Users\root 2014-02-16 13:26 - 2013-11-10 21:39 - 00050477 _____ () C:\Users\root\Downloads\Defogger.exe 2014-02-16 13:24 - 2014-02-16 13:24 - 02152960 _____ (Farbar) C:\Users\root\Downloads\FRST64.exe 2014-02-16 13:19 - 2013-02-01 20:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-16 13:12 - 2013-02-02 16:37 - 00000000 ____D () C:\tmp 2014-02-16 13:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru 2014-02-16 12:57 - 2014-02-16 12:57 - 00000242 _____ () C:\Windows\SysWOW64\defogger_enable.log 2014-02-16 12:56 - 2014-02-16 12:56 - 00000470 _____ () C:\Windows\SysWOW64\defogger_disable.log 2014-02-16 12:45 - 2013-02-12 13:25 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1579230505-512059319-4025757163-1007 2014-02-16 12:40 - 2013-07-16 20:13 - 00000000 ____D () C:\Users\root\AppData\Local\HTC MediaHub 2014-02-16 12:40 - 2013-02-07 20:38 - 00000408 _____ () C:\Users\root\AppData\Roaming\sp_data.sys 2014-02-16 12:39 - 2013-10-06 16:39 - 00001314 _____ () C:\Windows\Tasks\a2zLyrics-1-updater.job 2014-02-16 12:39 - 2013-10-06 16:39 - 00001218 _____ () C:\Windows\Tasks\a2zLyrics-1-codedownloader.job 2014-02-16 12:39 - 2013-10-06 16:39 - 00001118 _____ () C:\Windows\Tasks\a2zLyrics-1-enabler.job 2014-02-16 12:39 - 2013-10-06 16:38 - 00001850 _____ () C:\Windows\Tasks\a2zLyrics-1-firefoxinstaller.job 2014-02-16 12:39 - 2012-10-18 20:17 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-02-16 12:39 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-16 12:38 - 2013-02-06 19:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-16 12:37 - 2014-02-16 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-16 12:37 - 2013-02-07 18:29 - 00000000 ____D () C:\Users\karin\AppData\Roaming\Skype 2014-02-16 11:58 - 2013-02-07 15:31 - 00000000 ____D () C:\Users\karin\Documents\Bluetooth Folder 2014-02-16 11:56 - 2013-02-07 15:30 - 00000408 _____ () C:\Users\karin\AppData\Roaming\sp_data.sys 2014-02-16 11:55 - 2013-08-13 20:15 - 00000000 ____D () C:\Users\karin\AppData\Local\HTC MediaHub 2014-02-10 21:40 - 2013-02-09 15:19 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1579230505-512059319-4025757163-1006 2014-02-10 21:36 - 2014-02-10 21:36 - 00001728 _____ () C:\ProgramData\__wdump.txt 2014-02-10 21:35 - 2014-02-10 21:35 - 00001196 _____ () C:\Users\alina\Desktop\Pinnacle Studio 15.lnk 2014-02-10 21:35 - 2014-02-10 21:35 - 00000000 ____D () C:\Users\alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 15 2014-02-10 21:35 - 2013-02-04 20:46 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI 2014-02-10 21:30 - 2013-03-05 17:58 - 00000000 ____D () C:\Users\fabjana\AppData\Roaming\Skype 2014-02-10 21:20 - 2013-02-21 18:50 - 00006144 _____ () C:\Users\alina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-10 21:20 - 2013-02-17 18:56 - 00000000 ____D () C:\Users\alina\AppData\Roaming\Skype 2014-02-10 20:19 - 2013-03-10 15:27 - 00000000 ____D () C:\Users\alina\AppData\Local\Adobe 2014-02-10 20:19 - 2012-08-17 01:52 - 00000000 ____D () C:\ProgramData\Adobe 2014-02-10 20:12 - 2013-07-01 10:23 - 00000000 ____D () C:\Users\alina\AppData\Local\CrashDumps 2014-02-10 17:04 - 2013-02-09 15:14 - 00000408 _____ () C:\Users\alina\AppData\Roaming\sp_data.sys 2014-02-09 15:38 - 2012-08-03 00:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat 2014-02-09 15:38 - 2012-08-03 00:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat 2014-02-09 15:38 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-09 15:36 - 2013-02-09 15:13 - 00000000 ____D () C:\Users\alina\AppData\Roaming\Adobe 2014-02-09 15:33 - 2014-02-09 15:33 - 00000000 ____D () C:\Users\alina\AppData\Roaming\NVIDIA 2014-02-09 15:31 - 2013-02-09 16:35 - 00000000 ____D () C:\Users\fabjana\Documents\Bluetooth Folder 2014-02-08 21:01 - 2013-02-09 16:18 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1579230505-512059319-4025757163-1005 2014-02-08 20:57 - 2013-02-01 20:31 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-08 20:55 - 2013-02-09 16:13 - 00000408 _____ () C:\Users\fabjana\AppData\Roaming\sp_data.sys 2014-02-08 20:52 - 2013-02-01 18:31 - 00000000 ____D () C:\Users\peter\AppData\Roaming\Skype 2014-02-08 20:52 - 2013-01-31 04:32 - 00000408 _____ () C:\Users\peter\AppData\Roaming\sp_data.sys 2014-02-08 20:40 - 2013-09-14 07:04 - 00000000 ____D () C:\Users\fabjana\AppData\Local\HTC MediaHub 2014-02-08 20:37 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-02-08 18:59 - 2013-01-31 04:37 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1579230505-512059319-4025757163-1002 2014-02-08 18:49 - 2013-07-24 18:49 - 00000000 ____D () C:\Users\peter\AppData\Local\HTC MediaHub 2014-02-08 18:41 - 2013-08-12 15:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-08 18:41 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore 2014-02-08 18:38 - 2013-02-01 07:13 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-30 22:10 - 2013-11-20 23:40 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-01-30 22:10 - 2013-11-20 23:40 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Files to move or delete: ==================== C:\ProgramData\SetStretch.exe Some content of TEMP: ==================== C:\Users\alina\AppData\Local\Temp\avgnt.exe C:\Users\fabjana\AppData\Local\Temp\avgnt.exe C:\Users\karin\AppData\Local\Temp\avgnt.exe C:\Users\karin\AppData\Local\Temp\COMAP.EXE C:\Users\peter\AppData\Local\Temp\a2zLyrics_1060-8102_v122.exe C:\Users\peter\AppData\Local\Temp\AskSLib.dll C:\Users\peter\AppData\Local\Temp\avgnt.exe C:\Users\peter\AppData\Local\Temp\COMAP.EXE C:\Users\peter\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\peter\AppData\Local\Temp\Execute2App.exe C:\Users\peter\AppData\Local\Temp\MSETUP4.EXE C:\Users\peter\AppData\Local\Temp\msvcp90.dll C:\Users\peter\AppData\Local\Temp\msvcr90.dll C:\Users\peter\AppData\Local\Temp\pdf24-creator-update.exe C:\Users\peter\AppData\Local\Temp\SAV2RemoveAll.exe C:\Users\peter\AppData\Local\Temp\tmp93C.tmp.exe C:\Users\peter\AppData\Local\Temp\tmpA756.tmp.exe C:\Users\peter\AppData\Local\Temp\uninstall.exe C:\Users\peter\AppData\Local\Temp\UpdateCheckerSetup.exe C:\Users\root\AppData\Local\Temp\avgnt.exe C:\Users\root\AppData\Local\Temp\COMAP.EXE C:\Users\root\AppData\Local\Temp\DeltaTB.exe C:\Users\root\AppData\Local\Temp\filebulldogTb_1.0.0.8.exe C:\Users\root\AppData\Local\Temp\IDMSetup_1.5.0.0.exe C:\Users\root\AppData\Local\Temp\OptimizerPro.exe C:\Users\root\AppData\Local\Temp\tmp32C7.tmp.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-08 18:34 ==================== End Of Log ============================ Addition.txt: FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01 Ran by root at 2014-02-16 13:29:49 Running from C:\tmp\Trojaner-Abwehr\Programme\2_frst Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avira Desktop (Disabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Disabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B} ==================== Installed Programs ====================== a2zLyrics-1 (x32 Version: 1.28.153.3 - Lyrics) <==== ATTENTION Adobe AIR (x32 Version: 1.1.0.5790 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Asset Services CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color NA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Creative Suite 4 Master Collection (x32 Version: 4.0 - Adobe Systems Incorporated) Adobe Creative Suite 4 Master Collection (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden Adobe Dreamweaver CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Adobe Drive CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Dynamiclink Support (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe Encore CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Flash CS4 Extension - Flash Lite STI others (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden Adobe Flash CS4 STI-other (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS4 Application Feature Set Files (Roman) (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS4 Common Base Files (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe Media Encoder CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Media Encoder CS4 Additional Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Media Encoder CS4 Dolby (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe Media Player (x32 Version: 1.1 - Adobe Systems Incorporated) Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7 - Adobe Systems Incorporated) Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Alcor Micro USB Card Reader (x32 Version: 3.8.142.61628 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 3.8.142.61628 - Alcor Micro Corp.) Hidden Apple Application Support (x32 Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.) ASUS Instant Connect (x32 Version: 1.2.8 - ASUS) ASUS Instant Key (x32 Version: 1.0.5 - ASUS) ASUS InstantOn (x32 Version: 3.0.2 - ASUS) ASUS LifeFrame3 (x32 Version: 3.1.5 - ASUS) ASUS Live Update (x32 Version: 3.1.8 - ASUS) ASUS N Series Demo (x32 Version: 1.0.0002 - ASUS) ASUS Power4Gear Hybrid (Version: 2.0.4 - ASUS) ASUS Smart Gesture (x32 Version: 1.0.35 - ASUS) ASUS Splendid Video Enhancement Technology (x32 Version: 1.03.0004 - ASUS) ASUS Tutor (x32 Version: 1.0.7 - ASUS) ASUS USB Charger Plus (x32 Version: 2.1.4 - ASUS) ASUS Video Magic (x32 Version: 6.0.4712 - CyberLink Corp.) ASUS Video Magic (x32 Version: 6.0.4712 - CyberLink Corp.) Hidden ASUS WebStorage Sync Agent (x32 Version: 1.1.9.120 - ASUS Cloud Corporation) ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden AsusVibe2.0 (x32 Version: 2.0.10.168 - ASUSTEK) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7 - Atheros Communications Inc.) ATK Package (x32 Version: 1.0.0022 - ASUS) Audiograbber 1.83 SE (x32 Version: 1.83 SE - Audiograbber) Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira) Beyond Compare Version 2.5.3 (x32 Version: - Scooter Software) Bonjour (Version: 3.0.0.10 - Apple Inc.) Bulk Rename Utility 2.7.1.2 (Version: - TGRMN Software) Bundled software uninstaller (x32 Version: - ) <==== ATTENTION Canon G.726 WMP-Decoder (x32 Version: 1.1.0.4 - ) CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.3.1.5 - ) Canon Internet Library for ZoomBrowser EX (x32 Version: 1.5.1.4 - ) Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 2.4.0.14 - ) Canon RAW Image Task for ZoomBrowser EX (x32 Version: 2.6.0.13 - ) Canon Utilities ImageBrowser EX (x32 Version: 1.1.1.19 - Canon Inc.) Canon Utilities PhotoStitch (x32 Version: 3.1.19.43 - ) Canon Utilities ZoomBrowser EX (x32 Version: 5.8.0.74 - ) Classic Shell (Version: 3.6.5 - IvoSoft) Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3019_44673 - CyberLink Corp.) CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3019_44673 - CyberLink Corp.) Hidden CyberLink PowerDirector (x32 Version: 8.0.4905d - CyberLink Corp.) CyberLink PowerDirector (x32 Version: 8.0.4905d - CyberLink Corp.) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft) Desktop Icon für Amazon (Version: 1.0.1 (de) - ) EasyBCD 2.2 (x32 Version: 2.2 - NeoSmart Technologies) FilesFrog Update Checker (x32 Version: - ) <==== ATTENTION FireJump (x32 Version: 1.0.2.5 - FireJump.net) Free CD Ripper V2.0 (x32 Version: 2.0.0.0 - Koyote Soft) Free YouTube to MP3 Converter version 3.12.0.128 (x32 Version: 3.12.0.128 - DVDVideoSoft Ltd.) HTC Driver Installer (x32 Version: 4.2.0.001 - HTC Corporation) HTC Sync Manager (x32 Version: 2.0.61.0 - HTC) iDevice Manager (x32 Version: 3.0.0.3 - Marx Softwareentwicklung) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (x32 Version: 9.17.10.2828 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden IPTInstaller (x32 Version: 4.0.8 - HTC) iTunes (Version: 11.1.0.126 - Apple Inc.) Java 7 Update 25 (x32 Version: 7.0.250 - Oracle) Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden Knoll Light Factory EZ Studio 15 (x32 Version: - ) kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Magic Bullet Looks Studio 15 (x32 Version: - ) Microsoft Office (x32 Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Project MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Project Professional 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Visio 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Visio MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Project 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Microsoft Project Professional 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Visio 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Microsoft Visio Premium 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 27.0.1 (x86 de) (x32 Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (x32 Version: 27.0.1 - Mozilla) Mp3tag v2.54 (x32 Version: v2.54 - Florian Heidenreich) MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden Nero 11 DiscSpeed (x32 Version: 11.0.00400 - Nero AG) Nero 6 Demo (x32 Version: - ) Nero Core Components 11 (x32 Version: 11.0.15401.1.15 - Nero AG) Hidden Nero DiscSpeed 11 (x32 Version: 7.0.10400.2.100 - Nero AG) Hidden Nero DiscSpeed 11 Help (CHM) (x32 Version: 11.0.10000 - Nero AG) Hidden nero.prerequisites.msi (x32 Version: 11.0.20008 - Nero AG) Hidden Nokia Connectivity Cable Driver (x32 Version: 7.1.78.0 - Nokia) Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden NVIDIA 3D Vision Treiber 306.97 (Version: 306.97 - NVIDIA Corporation) NVIDIA Grafiktreiber 306.97 (Version: 306.97 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.12.0613 (Version: 9.12.0613 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0697 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden Paint.NET v3.5.10 (Version: 3.60.0 - dotPDN LLC) PC Connectivity Solution (x32 Version: 12.0.27.0 - Nokia) PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden PDF24 Creator 6.1.0 (x32 Version: - PDF24.org) PDF-Viewer (Version: 2.5.209.0 - Tracker Software Products Ltd) Philips Songbird (x32 Version: 6.1.2265 (2265) - Koninklijke Philips Electronics N.V.) Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden Pinnacle Studio 15 (x32 Version: 15.0.0.7593 - Pinnacle Systems) Pinnacle Studio 15 Ultimate Collection Plugins (x32 Version: 15.0.0.7593 - Pinnacle Systems) Pinnacle Studio Bonus Content (x32 Version: 15.0.0.51 - Pinnacle Systems) Pinnacle Video Treiber (Version: 12.1.0.030 - Pinnacle Systems) Preispilot für Firefox (x32 Version: 2.0 - Preispilot) Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.208 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (x32 Version: 10.0 - Qualcomm Atheros) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6710 - Realtek Semiconductor Corp.) Red Giant ToonIt Studio 15 (x32 Version: - ) Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.) Shared C Run-time for x64 (Version: 10.0.0 - McAfee) Skype™ 6.1 (x32 Version: 6.1.129 - Skype Technologies S.A.) Stellarium 0.12.0 (Version: 0.12.0 - Stellarium team) Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden SureThing Express Labeler (x32 Version: - MicroVision Development, Inc.) T-Mobile Internet Manager (x32 Version: 11.301.05.39.55 - Huawei Technologies Co.,Ltd) TomTom HOME (x32 Version: 2.9.3 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2 - TomTom International B.V.) Trapcode 3DStroke Studio 15 (x32 Version: - ) Trapcode Particular Studio (x32 Version: - ) Trapcode Shine Studio 15 (x32 Version: - ) TreeSize Professional 5.1.2 (x32 Version: - ) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2553065) (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2566458) (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft) VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden VLC media player 2.0.5 (Version: 2.0.5 - VideoLAN) Windows-Treiberpaket - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (Version: 10/29/2012 1.0.0.148 - ASUS) Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (Version: 02/25/2011 4.7 - Nokia) Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9 - Nokia) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0 - Nokia) WinFlash (x32 Version: 2.41.1 - ASUS) WinSCP 5.1.3 (x32 Version: 5.1.3 - Martin Prikryl) WinZip (x32 Version: 9.0 (6028) - WinZip Computing, Inc.) ZoneAlarm Firewall (x32 Version: 11.0.780.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Free Firewall (x32 Version: 11.0.780.000 - Check Point) ZoneAlarm LTD Toolbar (Version: - Check Point Software Technologies) ZoneAlarm Security (x32 Version: 11.0.780.000 - Check Point Software Technologies Ltd.) Hidden ==================== Restore Points ========================= 19-01-2014 19:00:15 Windows Update 08-02-2014 17:38:10 Windows Update ==================== Hosts content: ========================== 2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0B388C5E-A507-4AC2-98B8-960CAD453C66} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {3DED79E6-F6B2-4173-8505-16A53E30F74B} - System32\Tasks\BtvStack => C:\Program Task: {46785A24-84F5-43B8-AFD7-AF60A4E5050D} - System32\Tasks\a2zLyrics-1-codedownloader => C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-codedownloader.exe [2013-10-06] (Lyrics) <==== ATTENTION Task: {5907D24C-F3C2-4AEE-9C5B-409DF35685C4} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS) Task: {7BBCBFA6-E87D-43A2-BE39-E1A3FB565E9C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS) Task: {8DCD7671-43D5-49D6-BE9F-863C2DCA0DAE} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {92EA533C-40C4-4189-8030-6B0F36D64D36} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-08] (Adobe Systems Incorporated) Task: {936EA498-C280-4D6A-8BBD-05455EC3E66A} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.) Task: {9BF72BC0-9F19-4603-97BA-C09C0D961A3A} - System32\Tasks\BtTray => C:\Program Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {B750498F-A829-4679-8236-0707CE7A368B} - System32\Tasks\a2zLyrics-1-enabler => C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-enabler.exe [2013-10-06] (Lyrics) <==== ATTENTION Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {CB625FDA-FCAF-4618-9779-3A23E22CC032} - System32\Tasks\a2zLyrics-1-updater => C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-updater.exe [2013-10-06] (Lyrics) <==== ATTENTION Task: {CFFE89DE-F8EF-41E2-B1D8-E8439CA53F6C} - System32\Tasks\DSite => C:\Users\peter\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {D24E9F0F-6B3E-489B-BE66-30C04DB7CA36} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {E55DBE54-CEA7-48FC-92DB-08B6A5E1A8ED} - System32\Tasks\a2zLyrics-1-firefoxinstaller => C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-firefoxinstaller.exe [2013-10-06] (Lyrics) <==== ATTENTION Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {FAD7601C-094E-4C82-9380-D25393AB0DEE} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek) Task: C:\Windows\Tasks\a2zLyrics-1-codedownloader.job => C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\a2zLyrics-1-enabler.job => C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-enabler.exe <==== ATTENTION Task: C:\Windows\Tasks\a2zLyrics-1-firefoxinstaller.job => C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-firefoxinstaller.exe <==== ATTENTION Task: C:\Windows\Tasks\a2zLyrics-1-updater.job => C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-updater.exe <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2012-10-18 20:16 - 2012-07-31 17:02 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2012-08-31 16:44 - 2012-08-31 16:44 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2012-08-31 16:38 - 2012-08-31 16:38 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll 2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2013-05-17 11:43 - 2013-05-17 11:43 - 00169312 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe 2012-08-30 13:46 - 2012-11-27 13:48 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe 2012-08-30 14:27 - 2012-08-15 18:52 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll 2012-03-19 11:23 - 2012-03-19 11:23 - 00380416 _____ () C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe 2013-02-01 21:19 - 2013-02-01 21:15 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2013-02-03 11:07 - 2013-02-03 11:07 - 00865792 _____ () C:\Users\peter\AppData\Local\Temp\OCS\Downloads\8895a6ff54aa6156ee6d3370468ad434\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe 2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-05-17 11:42 - 2013-05-17 11:42 - 00030056 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll 2013-05-17 11:42 - 2013-05-17 11:42 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll 2013-05-17 11:42 - 2013-05-17 11:42 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll 2013-05-17 11:42 - 2013-05-17 11:42 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll 2013-05-17 11:43 - 2013-05-17 11:43 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll 2013-05-17 11:47 - 2013-05-17 11:47 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll 2013-07-16 20:12 - 2012-12-07 16:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2012-10-18 20:34 - 2009-04-17 11:01 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2012-10-18 20:16 - 2012-07-31 17:02 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2014-02-16 12:37 - 2014-02-16 12:37 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2012-08-24 17:17 - 2012-08-24 17:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll 2012-08-30 13:39 - 2012-11-27 13:38 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll 2012-10-18 20:13 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2013-02-03 11:07 - 2013-02-03 11:07 - 00111616 _____ () C:\ProgramData\DNSErrorHelper\bho.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/16/2014 00:36:58 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 647343 Error: (02/16/2014 00:36:58 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 647343 Error: (02/16/2014 00:36:58 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/16/2014 00:26:12 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1500 Error: (02/16/2014 00:26:12 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1500 Error: (02/16/2014 00:26:12 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/16/2014 11:54:59 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e Name des fehlerhaften Moduls: wiaservc.dll, Version: 6.2.9200.16384, Zeitstempel: 0x501094f4 Ausnahmecode: 0xc0000409 Fehleroffset: 0x000000000004139e ID des fehlerhaften Prozesses: 0xce4 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0 Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1 Pfad des fehlerhaften Moduls: svchost.exe_stisvc2 Berichtskennung: svchost.exe_stisvc3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_stisvc4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_stisvc5 Error: (02/10/2014 08:12:46 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: a2zLyrics-1-bho.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5208ae68 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0606ba3d ID des fehlerhaften Prozesses: 0x1dcc Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (02/10/2014 08:12:46 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: a2zLyrics-1-bho.dll, Version: 1.0.0.1, Zeitstempel: 0x5208ae68 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e10b ID des fehlerhaften Prozesses: 0x1dcc Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 Error: (02/10/2014 08:10:40 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537, Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: a2zLyrics-1-bho.dll, Version: 1.0.0.1, Zeitstempel: 0x5208ae68 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e10b ID des fehlerhaften Prozesses: 0x2078 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5 System errors: ============= Error: (02/16/2014 11:55:54 AM) (Source: Service Control Manager) (User: ) Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (02/08/2014 06:41:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2903938) Error: (01/19/2014 08:05:29 PM) (Source: NetBT) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.2 registriert werden. Der Computer mit IP-Adresse 10.0.0.23 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (01/19/2014 08:00:18 PM) (Source: NetBT) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.2 registriert werden. Der Computer mit IP-Adresse 10.0.0.23 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (01/19/2014 02:41:16 PM) (Source: NetBT) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.2 registriert werden. Der Computer mit IP-Adresse 10.0.0.23 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (01/19/2014 02:36:06 PM) (Source: NetBT) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.2 registriert werden. Der Computer mit IP-Adresse 10.0.0.23 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (01/19/2014 02:30:54 PM) (Source: NetBT) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.2 registriert werden. Der Computer mit IP-Adresse 10.0.0.23 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (01/19/2014 02:27:48 PM) (Source: NetBT) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.2 registriert werden. Der Computer mit IP-Adresse 10.0.0.23 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (01/06/2014 11:59:25 AM) (Source: NetBT) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.2 registriert werden. Der Computer mit IP-Adresse 10.0.0.23 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (01/06/2014 11:58:17 AM) (Source: NetBT) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.2 registriert werden. Der Computer mit IP-Adresse 10.0.0.23 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Microsoft Office Sessions: ========================= Error: (02/16/2014 00:36:58 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 647343 Error: (02/16/2014 00:36:58 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 647343 Error: (02/16/2014 00:36:58 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/16/2014 00:26:12 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1500 Error: (02/16/2014 00:26:12 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1500 Error: (02/16/2014 00:26:12 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/16/2014 11:54:59 AM) (Source: Application Error)(User: ) Description: svchost.exe_stisvc6.2.9200.16420505a9a4ewiaservc.dll6.2.9200.16384501094f4c0000409000000000004139ece401cf2b057f26fd94C:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dllc736325c-96f8-11e3-bef0-dc85de69baec Error: (02/10/2014 08:12:46 PM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7a2zLyrics-1-bho.dll_unloaded0.0.0.05208ae68c00000050606ba3d1dcc01cf2693eef4c7cfC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEa2zLyrics-1-bho.dll52a8ec06-9287-11e3-beef-dc85de69baec Error: (02/10/2014 08:12:46 PM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7a2zLyrics-1-bho.dll1.0.0.15208ae68c00000050002e10b1dcc01cf2693eef4c7cfC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-bho.dll52878aa5-9287-11e3-beef-dc85de69baec Error: (02/10/2014 08:10:40 PM) (Source: Application Error)(User: ) Description: IEXPLORE.EXE10.0.9200.16537512347f7a2zLyrics-1-bho.dll1.0.0.15208ae68c00000050002e10b207801cf2693a234a208C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-bho.dll077443d6-9287-11e3-beef-dc85de69baec CodeIntegrity Errors: =================================== Date: 2013-07-13 13:57:15.719 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-13 13:57:13.656 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-13 13:57:11.592 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-13 13:57:09.523 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-13 13:57:07.460 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-13 13:57:05.396 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-02-01 17:47:08.195 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-02-01 17:39:02.816 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-02-01 17:04:49.894 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-02-01 16:22:44.335 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 35% Total physical RAM: 8077.47 MB Available physical RAM: 5206.4 MB Total Pagefile: 9293.47 MB Available Pagefile: 6055.1 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:43.17 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Data) (Fixed) (Total:398.17 GB) (Free:270.79 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 699 GB) (Disk ID: CDFAD22C) Partition: GPT Partition Type ==================== End Of Log ============================ Hoffe, es passt jetzt. LG, Peter |
23.02.2014, 16:32 | #4 |
/// the machine /// TB-Ausbilder | Trojaner eingefangen? Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
28.02.2014, 18:23 | #5 |
| Trojaner eingefangen? Hallo, Schrauber! Danke für die nächsten Anleitungsschritte. Zu deiner Anweisung "Beende bitte Deine Schutzsoftware" würde ich gerne wissen, was du damit meinst: Antivirusprogramm, Firewall, ...? LG, Peter |
01.03.2014, 12:39 | #6 |
/// the machine /// TB-Ausbilder | Trojaner eingefangen? Antivirus Programm
__________________ --> Trojaner eingefangen? |
01.03.2014, 14:14 | #7 |
| Trojaner eingefangen? Hallo, Schrauber! Hier das Log von mbam: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.27.08 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16750 root :: ASUS-LAPTOP [Administrator] 27.02.2014 20:33:40 mbam-log-2014-02-27 (20-33-40).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 348671 Laufzeit: 5 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-updater.exe (PUP.Optional.Lyrics.A) -> 3472 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 14 HKCR\CLSID\{11111111-1111-1111-1111-110411151154} (PUP.Optional.Lyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{44444444-4444-4444-4444-440444154454} (PUP.Optional.Lyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{55555555-5555-5555-5555-550455155554} (PUP.Optional.Lyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0041554.BHO.1 (PUP.Optional.Lyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411151154} (PUP.Optional.Lyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411151154} (PUP.Optional.Lyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{562B9316-C08A-444A-9482-62080DD851AE} (PUP.Optional.SpeedAnalysis3.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0041554.BHO (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0041554.Sandbox (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0041554.Sandbox.1 (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\a2zLyrics-1 (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a2zLyrics-1 (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Users\peter\AppData\Local\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\a2zLyrics-1 (PUP.Optional.A2ZLyrics.A) -> Löschen bei Neustart. Infizierte Dateien: 34 C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-updater.exe (PUP.Optional.Lyrics.A) -> Löschen bei Neustart. C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-bho.dll (PUP.Optional.Lyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-bho64.dll (PUP.Optional.Lyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\peter\AppData\Local\Temp\a2zLyrics_1060-8102_v122.exe (PUP.Optional.Bundler) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\peter\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\peter\AppData\Local\Temp\is357113909\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\peter\AppData\Local\Temp\is357113909\yontoo-c2.exe (PUP.Optional.Yontoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\root\AppData\Local\Temp\DeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\root\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\peter\Downloads\SoftonicDownloader_fuer_free-cd-ripper.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\peter\Downloads\SoftonicDownloader_fuer_pdf-xchange-viewer.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\peter\AppData\Local\FilesFrog Update Checker\uninstall.exe (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\peter\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\a2zLyrics-1-codedownloader.job (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\a2zLyrics-1-enabler.job (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\a2zLyrics-1-firefoxinstaller.job (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\a2zLyrics-1-updater.job (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk (PUP.Optional.FilesFrog.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk (PUP.Optional.FilesFrog.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\a2zLyrics-1\41554.xpi (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-bg.exe (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-buttonutil.dll (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-buttonutil.exe (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-buttonutil64.dll (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-buttonutil64.exe (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-codedownloader.exe (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-enabler.exe (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-firefoxinstaller.exe (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-helper.exe (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1.ico (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\a2zLyrics-1\background.html (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\a2zLyrics-1\Installer.log (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\a2zLyrics-1\Uninstall.exe (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\a2zLyrics-1\utils.exe (PUP.Optional.A2ZLyrics.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.020 - Bericht erstellt am 01/03/2014 um 10:24:03 # Aktualisiert 27/02/2014 von Xplode # Betriebssystem : Windows 8 (64 bits) # Benutzername : root - ASUS-LAPTOP # Gestartet von : C:\tmp\Trojaner-Abwehr\Programme\5_AdwCleaner\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** Dienst Gelöscht : AddonsHelper ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\DNSErrorHelper Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec Ordner Gelöscht : C:\Program Files (x86)\myfree codec Ordner Gelöscht : C:\Program Files (x86)\software4u Ordner Gelöscht : C:\Users\peter\AppData\Local\Temp\OCS Ordner Gelöscht : C:\Users\peter\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar Ordner Gelöscht : C:\Users\peter\AppData\Roaming\DesktopIconForAmazon Ordner Gelöscht : C:\Users\peter\AppData\Roaming\DSite Ordner Gelöscht : C:\Users\peter\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\peter\AppData\Roaming\HELPER Ordner Gelöscht : C:\Users\peter\AppData\Roaming\OCS Ordner Gelöscht : C:\Users\peter\AppData\Roaming\software4u Ordner Gelöscht : C:\Users\root\AppData\Roaming\software4u Ordner Gelöscht : C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0h8hlzq.default\Extensions\firejump@firejump.net Datei Gelöscht : C:\Users\peter\AppData\Local\Temp\Uninstall.exe Datei Gelöscht : C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0h8hlzq.default\user.js Datei Gelöscht : C:\Windows\System32\Tasks\DSite ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [dnshelp@dnshelp.com] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422152254} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466156654} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{721061FB-EB79-4568-A03C-3CE26D68DAE9} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422152254} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466156654} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Myfree Codec Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKLM\Software\Myfree Codec Schlüssel Gelöscht : HKLM\Software\PIP Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16798 -\\ Mozilla Firefox v27.0.1 (de) [ Datei : C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0h8hlzq.default\prefs.js ] Zeile gelöscht : user_pref("extensions.crossrider.bic", "1418e95c96435fce023ddb2cf986c6d4"); [ Datei : C:\Users\karin\AppData\Roaming\Mozilla\Firefox\Profiles\gii4zyed.default\prefs.js ] Zeile gelöscht : user_pref("extensions.crossrider.bic", "1420a2e9b512cdf3616711ea28ef536b"); [ Datei : C:\Users\fabjana\AppData\Roaming\Mozilla\Firefox\Profiles\wucqlutg.default\prefs.js ] Zeile gelöscht : user_pref("extensions.crossrider.bic", "14198b8a1a3f79500a4bdc742c3fa94a"); [ Datei : C:\Users\alina\AppData\Roaming\Mozilla\Firefox\Profiles\9n1ei4i2.default\prefs.js ] [ Datei : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\fnlg3prk.default\prefs.js ] Zeile gelöscht : user_pref("extensions.crossrider.bic", "14243b544e376bb193450d686f64fc1e"); ************************* AdwCleaner[R0].txt - [6574 octets] - [28/02/2014 18:32:44] AdwCleaner[S0].txt - [6384 octets] - [01/03/2014 10:24:03] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6444 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 8 x64 Ran by root on 01.03.2014 at 13:11:20,15 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\fnlg3prk.default\minidumps [3 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 01.03.2014 at 13:18:23,41 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02 Ran by root (administrator) on ASUS-LAPTOP on 01-03-2014 14:04:05 Running from C:\tmp\Trojaner-Abwehr\Programme\2_frst Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Microsoft Corporation) C:\Windows\system32\dashost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (Intel Corporation) C:\Windows\system32\igfxpers.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe () C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\avcenter.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor) HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS) HKLM\...\Run: [BtPreLoad] - C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-31] () HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ASUS InstantKey] - C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [20456 2012-02-20] (ASUS) HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2012-07-03] (CyberLink Corp.) HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation) HKLM-x32\...\Run: [DataCardMonitor] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2013-02-01] (Huawei Technologies Co., Ltd.) HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-08-12] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-23] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [NeroFilterCheck] - C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM-x32\...\Run: [Philips Device Listener] - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2012-03-19] () HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.) HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-06] (Geek Software GmbH) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1579230505-512059319-4025757163-1007\...\Run: [iDevice Manager Launcher] - "C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IPELauncher.exe" /run AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [18856 2012-10-02] (NVIDIA Corporation) AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation) AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit.dll [17288 2012-10-02] (NVIDIA Corporation) AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: a2zLyrics-1 - {11111111-1111-1111-1111-110411151154} - C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-bho64.dll No File BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: DNS Error Helper - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll No File BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\fnlg3prk.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: a2zLyrics-1 - C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\fnlg3prk.default\Extensions\536c2ac1-a17c-4de1-a3f2-1b869a3be96c@2f6608a0-8c65-4bfe-8e2f-c65b5cc757cb.com [2014-02-16] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-23] (Avira Operations GmbH & Co. KG) R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-08-31] (Qualcomm Atheros Commnucations) R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-29] (IvoSoft) R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] () R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-08-12] (Check Point Software Technologies LTD) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-31] (Atheros) ==================== Drivers (Whitelisted) ==================== R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-21] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-21] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-31] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] () S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [284008 2012-10-08] (NVIDIA Corporation) R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD) S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.) U0 msahci; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-01 13:18 - 2014-03-01 13:18 - 00000741 _____ () C:\Users\root\Desktop\JRT.txt 2014-03-01 13:11 - 2014-03-01 13:11 - 00000000 ____D () C:\Windows\ERUNT 2014-03-01 10:40 - 2014-03-01 10:40 - 01037734 _____ (Thisisu) C:\Users\root\Downloads\JRT.exe 2014-02-28 18:32 - 2014-03-01 10:24 - 00000000 ____D () C:\AdwCleaner 2014-02-28 18:29 - 2014-02-28 18:29 - 01244192 _____ () C:\Users\root\Downloads\adwcleaner.exe 2014-02-28 00:47 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-28 00:47 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-28 00:47 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-28 00:47 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-28 00:47 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-28 00:47 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-02-28 00:47 - 2013-11-27 01:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml 2014-02-28 00:47 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2014-02-28 00:47 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-02-28 00:46 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-28 00:46 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-28 00:46 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-28 00:46 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-02-28 00:46 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-02-28 00:46 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-28 00:46 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-28 00:46 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-28 00:46 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-28 00:46 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-28 00:46 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-28 00:46 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-28 00:46 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-02-28 00:46 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-28 00:46 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-28 00:46 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-28 00:46 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-28 00:46 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-28 00:46 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-02-28 00:46 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-28 00:46 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-28 00:46 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-28 00:46 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-28 00:46 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-02-28 00:46 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-28 00:46 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-28 00:46 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-02-28 00:46 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-28 00:46 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-28 00:46 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-28 00:46 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-28 00:46 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-28 00:46 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-02-28 00:46 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-28 00:46 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-02-28 00:46 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-28 00:46 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-02-27 20:30 - 2014-02-27 20:30 - 00000000 ____D () C:\Users\root\AppData\Roaming\Malwarebytes 2014-02-27 20:29 - 2014-02-27 20:29 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-27 20:29 - 2014-02-27 20:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-27 20:29 - 2014-02-27 20:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-27 20:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-27 20:28 - 2014-02-27 20:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\root\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-23 20:45 - 2014-02-23 20:46 - 00000000 ____D () C:\Users\peter\AppData\Local\Sony 2014-02-23 20:45 - 2014-02-23 20:45 - 00001887 _____ () C:\Users\Public\Desktop\Media Go.lnk 2014-02-23 20:45 - 2014-02-23 20:45 - 00000000 ____D () C:\Users\peter\Podcasts 2014-02-23 20:45 - 2014-02-23 20:45 - 00000000 ____D () C:\Users\peter\Documents\Media Go 2014-02-23 20:45 - 2014-02-23 20:45 - 00000000 ____D () C:\ProgramData\Sony Corporation 2014-02-23 20:44 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2014-02-23 20:43 - 2014-02-23 20:46 - 00000000 ____D () C:\Users\peter\AppData\Roaming\Sony 2014-02-23 20:43 - 2014-02-23 20:44 - 00000000 ____D () C:\Program Files (x86)\Sony Media Go Install 2014-02-23 20:34 - 2014-02-23 20:34 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_11_00.Wdf 2014-02-23 20:28 - 2014-02-23 20:28 - 00002100 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2014-02-23 20:27 - 2014-02-23 20:45 - 00000000 ____D () C:\Program Files (x86)\Sony 2014-02-23 20:27 - 2014-02-23 20:27 - 00000000 ____D () C:\ProgramData\Sony 2014-02-16 13:31 - 2014-02-16 13:31 - 00380416 _____ () C:\Users\root\Downloads\Gmer-19357.exe 2014-02-16 13:27 - 2014-02-16 13:27 - 00000000 _____ () C:\Users\root\defogger_reenable 2014-02-16 13:25 - 2014-03-01 14:04 - 00000000 ____D () C:\FRST 2014-02-16 13:24 - 2014-03-01 14:03 - 02155520 _____ (Farbar) C:\Users\root\Downloads\FRST64.exe 2014-02-16 12:57 - 2014-02-16 12:57 - 00000242 _____ () C:\Windows\SysWOW64\defogger_enable.log 2014-02-16 12:56 - 2014-02-16 12:56 - 00000470 _____ () C:\Windows\SysWOW64\defogger_disable.log 2014-02-16 12:37 - 2014-02-16 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-10 21:36 - 2014-02-10 21:36 - 00001728 _____ () C:\ProgramData\__wdump.txt 2014-02-10 21:35 - 2014-02-10 21:35 - 00001196 _____ () C:\Users\alina\Desktop\Pinnacle Studio 15.lnk 2014-02-10 21:35 - 2014-02-10 21:35 - 00000000 ____D () C:\Users\alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 15 2014-02-09 15:33 - 2014-02-09 15:33 - 00000000 ____D () C:\Users\alina\AppData\Roaming\NVIDIA ==================== One Month Modified Files and Folders ======= 2014-03-01 14:04 - 2014-02-16 13:25 - 00000000 ____D () C:\FRST 2014-03-01 14:03 - 2014-02-16 13:24 - 02155520 _____ (Farbar) C:\Users\root\Downloads\FRST64.exe 2014-03-01 14:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru 2014-03-01 13:19 - 2013-02-01 20:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-01 13:18 - 2014-03-01 13:18 - 00000741 _____ () C:\Users\root\Desktop\JRT.txt 2014-03-01 13:11 - 2014-03-01 13:11 - 00000000 ____D () C:\Windows\ERUNT 2014-03-01 10:44 - 2013-02-12 13:25 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1579230505-512059319-4025757163-1007 2014-03-01 10:40 - 2014-03-01 10:40 - 01037734 _____ (Thisisu) C:\Users\root\Downloads\JRT.exe 2014-03-01 10:34 - 2013-07-16 20:13 - 00000000 ____D () C:\Users\root\AppData\Local\HTC MediaHub 2014-03-01 10:34 - 2013-02-07 20:38 - 00000408 _____ () C:\Users\root\AppData\Roaming\sp_data.sys 2014-03-01 10:25 - 2012-10-18 20:17 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-01 10:25 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-01 10:24 - 2014-02-28 18:32 - 00000000 ____D () C:\AdwCleaner 2014-03-01 10:24 - 2013-02-01 21:12 - 00000000 ____D () C:\Users\peter\AppData\Roaming\CheckPoint 2014-03-01 03:18 - 2012-10-18 20:37 - 01765719 _____ () C:\Windows\WindowsUpdate.log 2014-03-01 03:05 - 2013-08-12 15:11 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-01 03:00 - 2013-02-01 07:13 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-28 18:32 - 2013-09-29 15:37 - 00000000 ____D () C:\Users\root\AppData\Local\CrashDumps 2014-02-28 18:29 - 2014-02-28 18:29 - 01244192 _____ () C:\Users\root\Downloads\adwcleaner.exe 2014-02-28 14:57 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache 2014-02-28 14:30 - 2012-08-02 14:24 - 00161076 _____ () C:\Windows\PFRO.log 2014-02-28 03:27 - 2013-02-02 13:55 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-02-28 03:22 - 2012-07-26 06:26 - 00000199 _____ () C:\Windows\win.ini 2014-02-28 03:21 - 2013-02-02 14:17 - 00000039 _____ () C:\Windows\vbaddin.ini 2014-02-28 01:27 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-02-27 20:30 - 2014-02-27 20:30 - 00000000 ____D () C:\Users\root\AppData\Roaming\Malwarebytes 2014-02-27 20:29 - 2014-02-27 20:29 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-02-27 20:29 - 2014-02-27 20:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-27 20:29 - 2014-02-27 20:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-02-27 20:28 - 2014-02-27 20:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\root\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-27 19:42 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-02-27 19:39 - 2013-02-01 18:31 - 00000000 ____D () C:\Users\peter\AppData\Roaming\Skype 2014-02-23 21:03 - 2013-01-31 04:37 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1579230505-512059319-4025757163-1002 2014-02-23 20:54 - 2013-02-04 20:46 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI 2014-02-23 20:51 - 2013-07-24 18:49 - 00000000 ____D () C:\Users\peter\AppData\Local\HTC MediaHub 2014-02-23 20:51 - 2013-01-31 04:32 - 00000408 _____ () C:\Users\peter\AppData\Roaming\sp_data.sys 2014-02-23 20:46 - 2014-02-23 20:45 - 00000000 ____D () C:\Users\peter\AppData\Local\Sony 2014-02-23 20:46 - 2014-02-23 20:43 - 00000000 ____D () C:\Users\peter\AppData\Roaming\Sony 2014-02-23 20:45 - 2014-02-23 20:45 - 00001887 _____ () C:\Users\Public\Desktop\Media Go.lnk 2014-02-23 20:45 - 2014-02-23 20:45 - 00000000 ____D () C:\Users\peter\Podcasts 2014-02-23 20:45 - 2014-02-23 20:45 - 00000000 ____D () C:\Users\peter\Documents\Media Go 2014-02-23 20:45 - 2014-02-23 20:45 - 00000000 ____D () C:\ProgramData\Sony Corporation 2014-02-23 20:45 - 2014-02-23 20:27 - 00000000 ____D () C:\Program Files (x86)\Sony 2014-02-23 20:45 - 2013-01-31 04:30 - 00000000 ____D () C:\Users\peter 2014-02-23 20:44 - 2014-02-23 20:43 - 00000000 ____D () C:\Program Files (x86)\Sony Media Go Install 2014-02-23 20:44 - 2013-02-02 13:10 - 00000000 ____D () C:\Users\peter\AppData\Local\Downloaded Installations 2014-02-23 20:40 - 2012-07-26 08:21 - 00048802 _____ () C:\Windows\setupact.log 2014-02-23 20:34 - 2014-02-23 20:34 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_11_00.Wdf 2014-02-23 20:30 - 2012-10-18 20:19 - 00249842 _____ () C:\Windows\DPINST.LOG 2014-02-23 20:28 - 2014-02-23 20:28 - 00002100 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2014-02-23 20:27 - 2014-02-23 20:27 - 00000000 ____D () C:\ProgramData\Sony 2014-02-23 20:27 - 2012-10-18 20:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-02-23 20:21 - 2013-08-18 20:11 - 00015360 _____ () C:\Users\peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-23 20:02 - 2013-02-06 21:52 - 00000000 ____D () C:\Users\peter\AppData\Roaming\vlc 2014-02-23 19:19 - 2013-02-01 20:31 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-17 23:03 - 2013-11-20 23:40 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-17 23:03 - 2013-11-20 23:40 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-16 13:31 - 2014-02-16 13:31 - 00380416 _____ () C:\Users\root\Downloads\Gmer-19357.exe 2014-02-16 13:27 - 2014-02-16 13:27 - 00000000 _____ () C:\Users\root\defogger_reenable 2014-02-16 13:27 - 2013-02-07 20:36 - 00000000 ____D () C:\Users\root 2014-02-16 13:26 - 2013-11-10 21:39 - 00050477 _____ () C:\Users\root\Downloads\Defogger.exe 2014-02-16 13:12 - 2013-02-02 16:37 - 00000000 ____D () C:\tmp 2014-02-16 12:57 - 2014-02-16 12:57 - 00000242 _____ () C:\Windows\SysWOW64\defogger_enable.log 2014-02-16 12:56 - 2014-02-16 12:56 - 00000470 _____ () C:\Windows\SysWOW64\defogger_disable.log 2014-02-16 12:38 - 2013-02-06 19:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-16 12:37 - 2014-02-16 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-16 12:37 - 2013-02-07 18:29 - 00000000 ____D () C:\Users\karin\AppData\Roaming\Skype 2014-02-16 11:58 - 2013-02-07 15:31 - 00000000 ____D () C:\Users\karin\Documents\Bluetooth Folder 2014-02-16 11:56 - 2013-02-07 15:30 - 00000408 _____ () C:\Users\karin\AppData\Roaming\sp_data.sys 2014-02-16 11:55 - 2013-08-13 20:15 - 00000000 ____D () C:\Users\karin\AppData\Local\HTC MediaHub 2014-02-10 21:40 - 2013-02-09 15:19 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1579230505-512059319-4025757163-1006 2014-02-10 21:36 - 2014-02-10 21:36 - 00001728 _____ () C:\ProgramData\__wdump.txt 2014-02-10 21:35 - 2014-02-10 21:35 - 00001196 _____ () C:\Users\alina\Desktop\Pinnacle Studio 15.lnk 2014-02-10 21:35 - 2014-02-10 21:35 - 00000000 ____D () C:\Users\alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 15 2014-02-10 21:30 - 2013-03-05 17:58 - 00000000 ____D () C:\Users\fabjana\AppData\Roaming\Skype 2014-02-10 21:20 - 2013-02-21 18:50 - 00006144 _____ () C:\Users\alina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-10 21:20 - 2013-02-17 18:56 - 00000000 ____D () C:\Users\alina\AppData\Roaming\Skype 2014-02-10 20:19 - 2013-03-10 15:27 - 00000000 ____D () C:\Users\alina\AppData\Local\Adobe 2014-02-10 20:19 - 2012-08-17 01:52 - 00000000 ____D () C:\ProgramData\Adobe 2014-02-10 20:12 - 2013-07-01 10:23 - 00000000 ____D () C:\Users\alina\AppData\Local\CrashDumps 2014-02-10 17:04 - 2013-02-09 15:14 - 00000408 _____ () C:\Users\alina\AppData\Roaming\sp_data.sys 2014-02-09 15:38 - 2012-08-03 00:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat 2014-02-09 15:38 - 2012-08-03 00:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat 2014-02-09 15:38 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-09 15:36 - 2013-02-09 15:13 - 00000000 ____D () C:\Users\alina\AppData\Roaming\Adobe 2014-02-09 15:33 - 2014-02-09 15:33 - 00000000 ____D () C:\Users\alina\AppData\Roaming\NVIDIA 2014-02-09 15:31 - 2013-02-09 16:35 - 00000000 ____D () C:\Users\fabjana\Documents\Bluetooth Folder 2014-02-08 21:01 - 2013-02-09 16:18 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1579230505-512059319-4025757163-1005 2014-02-08 20:55 - 2013-02-09 16:13 - 00000408 _____ () C:\Users\fabjana\AppData\Roaming\sp_data.sys 2014-02-08 20:40 - 2013-09-14 07:04 - 00000000 ____D () C:\Users\fabjana\AppData\Local\HTC MediaHub 2014-02-08 18:41 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore 2014-02-01 10:20 - 2014-02-28 00:46 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-01 10:19 - 2014-02-28 00:46 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-01 10:19 - 2014-02-28 00:46 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-01 10:19 - 2014-02-28 00:46 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-02-01 10:19 - 2014-02-28 00:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-02-01 10:18 - 2014-02-28 00:46 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-01 10:18 - 2014-02-28 00:46 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-01 10:18 - 2014-02-28 00:46 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-01 10:18 - 2014-02-28 00:46 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-01 10:18 - 2014-02-28 00:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-01 10:18 - 2014-02-28 00:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-01 10:18 - 2014-02-28 00:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-01 10:18 - 2014-02-28 00:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-02-01 10:18 - 2014-02-28 00:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-01 10:18 - 2014-02-28 00:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-01 10:18 - 2014-02-28 00:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-01 08:58 - 2014-02-28 00:46 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-01 08:58 - 2014-02-28 00:46 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-01 08:58 - 2014-02-28 00:46 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-02-01 08:57 - 2014-02-28 00:46 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-01 08:57 - 2014-02-28 00:46 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-01 08:57 - 2014-02-28 00:46 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-01 08:57 - 2014-02-28 00:46 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-01 08:57 - 2014-02-28 00:46 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-02-01 08:57 - 2014-02-28 00:46 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-01 08:57 - 2014-02-28 00:46 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-01 08:57 - 2014-02-28 00:46 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-02-01 08:57 - 2014-02-28 00:46 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-01 08:57 - 2014-02-28 00:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-01 08:57 - 2014-02-28 00:46 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-01 08:40 - 2014-02-28 00:46 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-01 08:34 - 2014-02-28 00:46 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-01 06:08 - 2014-02-28 00:46 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll Files to move or delete: ==================== C:\ProgramData\SetStretch.exe Some content of TEMP: ==================== C:\Users\alina\AppData\Local\Temp\avgnt.exe C:\Users\fabjana\AppData\Local\Temp\avgnt.exe C:\Users\karin\AppData\Local\Temp\avgnt.exe C:\Users\karin\AppData\Local\Temp\COMAP.EXE C:\Users\peter\AppData\Local\Temp\AskSLib.dll C:\Users\peter\AppData\Local\Temp\avgnt.exe C:\Users\peter\AppData\Local\Temp\COMAP.EXE C:\Users\peter\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\peter\AppData\Local\Temp\Execute2App.exe C:\Users\peter\AppData\Local\Temp\MSETUP4.EXE C:\Users\peter\AppData\Local\Temp\msvcp90.dll C:\Users\peter\AppData\Local\Temp\msvcr90.dll C:\Users\peter\AppData\Local\Temp\pdf24-creator-update.exe C:\Users\peter\AppData\Local\Temp\SAV2RemoveAll.exe C:\Users\peter\AppData\Local\Temp\tmp93C.tmp.exe C:\Users\peter\AppData\Local\Temp\tmpA756.tmp.exe C:\Users\root\AppData\Local\Temp\avgnt.exe C:\Users\root\AppData\Local\Temp\COMAP.EXE C:\Users\root\AppData\Local\Temp\filebulldogTb_1.0.0.8.exe C:\Users\root\AppData\Local\Temp\IDMSetup_1.5.0.0.exe C:\Users\root\AppData\Local\Temp\Quarantine.exe C:\Users\root\AppData\Local\Temp\tmp32C7.tmp.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-28 03:03 ==================== End Of Log ============================ --- --- --- Scheinbar ist also doch einiges gelöscht worden, allerdings ist der Rechner offenbar immer noch infiziert, da nach wie vor im Browser irgendwelche Wörter doppelt unterstrichen sind und auch weiterhin irgendwelche PopUps aufgehen ... LG, Peter |
02.03.2014, 08:20 | #8 |
/// the machine /// TB-Ausbilder | Trojaner eingefangen? In welchem Browser?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.03.2014, 09:12 | #9 |
| Trojaner eingefangen? Firefox 27.0.1 Im IE 10 ist alles sauber. Soll ich den FF de- und wieder neu installieren? LG, Peter |
03.03.2014, 08:17 | #10 |
/// the machine /// TB-Ausbilder | Trojaner eingefangen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |