Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.07.2013, 21:16   #1
Der Bart
 
Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund - Standard

Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund



Bei Virenprüfung mit Der Software Antivirus von G Data wurde die Outlook.pst Datei als mit Trojan.Agent.AZYH befallen erkannt. Das Protokoll ist als jpg. angehängt.
Löschen oder in Quarantäne verschieben der .Pst Datei ist problematisch.
Wie werde ich den Trojaner wieder los?
Miniaturansicht angehängter Grafiken
Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund-protokoll-g-data-anti-virus.jpg  

Alt 28.07.2013, 21:33   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund - Standard

Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund



Hi,

schwierig. Backup zerlegen, schauen welche Mail durch Prüfung von Hand befallen ist, diese dann löschen.

Je nach Größe und Menge ne Arbeit von nem Jahr


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 29.07.2013, 12:26   #3
Der Bart
 
Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund - Standard

Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund



Hallo Schrauber,

hier die FRST.TXT und die Addition.txt.
Es wäre schön, wenn Du damit etwas anfangen könntest.
Gruß
Der Bart
__________________

Alt 29.07.2013, 15:20   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund - Standard

Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund



Hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.07.2013, 16:38   #5
Der Bart
 
Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund - Standard

Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund



Hallo Schrauber,

die Arbeit erschweren möchte ich Dir natürlich nicht.
Ich hoffe, es passt so besser.

Gruß
Der Bart



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2013
Ran by Klaus (administrator) on 29-07-2013 13:08:45
Running from C:\Users\Klaus\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(G Data Software AG) C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(G Data Software AG) C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink) C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(G DATA Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(RealNetworks, Inc.) C:\Program Files\Real\realplayer\Update\realsched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Dropbox, Inc.) C:\Users\Klaus\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
() C:\Users\Klaus\Qtrax\Player\Notification.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-05-20] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe [104936 2008-07-18] (CyberLink)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7703072 2009-08-04] (Realtek Semiconductor)
HKLM\...\Run: [GDFirewallTray] - C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1124424 2009-09-24] (G DATA Software AG)
HKLM\...\Run: [G DATA AntiVirus Trayapplication] - C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe [924232 2009-09-18] (G Data Software AG)
HKLM\...\Run: [WPCUMI] - C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [273528 2011-11-22] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Runonce: [Del1557529] - cmd.exe /Q /D /c del "C:\Users\Klaus\AppData\Local\Temp\0.del" [x]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files\g data\internetsecurity\avkkid\avkcks.exe
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [929680 2011-09-29] (Samsung)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3508112 2011-09-29] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-09-29] ()
HKCU\...\Run: [EADM] - C:\Program Files\FIFA2013\Origin\Origin.exe [3456080 2013-06-04] (Electronic Arts)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Runonce: [Del1546375] - cmd.exe /Q /D /c del "C:\Users\Klaus\AppData\Local\Temp\0.del" [x]
HKCU\...\RunOnce: [Qtrax] - C:\Program Files\Microsoft Silverlight\sllauncher.exe 3587555624.portal.qtrax.com [387224 2013-05-13] (Microsoft Corporation)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\CurrentVersion\Windows: [Load] c:\users\klaus\dxkpocaw.exe <===== ATTENTION
MountPoints2: {14b25b2f-7a9c-11df-894a-806e6f6e6963} - F:\setup.exe
MountPoints2: {4742cbcf-ba84-11e0-8345-00040e1f080d} - F:\ICM_Manager.exe
MountPoints2: {4be01150-cce8-11e1-a8bf-00040e1f080d} - F:\LGAutoRun.exe
MountPoints2: {87029ea0-c65e-11e0-a72b-00040e1f080d} - F:\setup.exe -a
MountPoints2: {ec03e8a6-37fe-11e2-a87c-00040e1f080d} - F:\LaunchU3.exe -a
HKU\Admin\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2009-07-26] (Microsoft Corporation)
HKU\Admin\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Admin\...\Run: [EA Core] - "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent [x]
HKU\Admin\...\Policies\system: [LogonHoursAction] 2
HKU\Admin\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\Emil\...\Policies\system: [LogonHoursAction] 2
HKU\Emil\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Paul\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Paul\...\Policies\system: [LogonHoursAction] 2
HKU\Paul\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
ShortcutTarget: hpoddt01.exe.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Users\Public\Documents\Phase 6\reminder\reminder.exe (phase-6)
Startup: C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Klaus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=FC3B00040E1F080D&affID=119357&tsp=4958
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKCU - DefaultScope {7E4EC2F1-B2A5-4BE8-A910-653C598B1F29} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=FC3B00040E1F080D&affID=119357&tsp=4958
SearchScopes: HKCU - {7E4EC2F1-B2A5-4BE8-A910-653C598B1F29} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKCU - {A6374038-EFFA-4E55-9D88-4D303FFC381F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=26B608FD-441E-42E8-88BF-8E036C91881A&apn_sauid=4E9EEE95-A884-4F94-BB7D-759A5385BAC3
BHO: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)
BHO: LyricXeeker - {17E58097-6CA5-448B-830F-2A19678248FB} - C:\Program Files\LyriXeeker\125.dll (LyriXeeker Tech)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Programme/AutoCAD%202002%20Deu/AcDcToday.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} file:///C:/Programme/AutoCAD%202002%20Deu/InstBanr.ocx
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Programme/AutoCAD%202002%20Deu/AcPreview.ocx
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Klaus\AppData\Roaming\Mozilla\Firefox\Profiles\p1pve9es.default
FF user.js: detected! => C:\Users\Klaus\AppData\Roaming\Mozilla\Firefox\Profiles\p1pve9es.default\user.js
FF NewTab: hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=FC3B00040E1F080D&affID=119357&tsp=4958
FF SelectedSearchEngine: Delta Search
FF Homepage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=FC3B00040E1F080D&affID=119357&tsp=4958
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=26B608FD-441E-42E8-88BF-8E036C91881A&apn_ptnrs=PV&apn_sauid=4E9EEE95-A884-4F94-BB7D-759A5385BAC3&apn_dtid=YYYYYYYYDE&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.6.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.6.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nprpjplug;version=12.0.1.669 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Klaus\AppData\Roaming\Mozilla\Firefox\Profiles\p1pve9es.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Klaus\AppData\Roaming\Mozilla\Firefox\Profiles\p1pve9es.default\searchplugins\babylon.xml
FF Extension: No Name - C:\Users\Klaus\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Delta Toolbar - C:\Users\Klaus\AppData\Roaming\Mozilla\Firefox\Profiles\p1pve9es.default\Extensions\ffxtlbr@delta.com
FF Extension: No Name - C:\Users\Klaus\AppData\Roaming\Mozilla\Firefox\Profiles\p1pve9es.default\Extensions\toolbar@ask.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Klaus\AppData\Roaming\Mozilla\Firefox\Profiles\p1pve9es.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: No Name - C:\Users\Klaus\AppData\Roaming\Mozilla\Firefox\Profiles\p1pve9es.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: G Data WebFilter - C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files\LyriXeeker\125.xpi
FF Extension: No Name - C:\Program Files\LyriXeeker\125.xpi

========================== Services (Whitelisted) =================

R2 AVKProxy; C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [1128008 2009-12-07] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [397896 2009-08-08] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [1251488 2009-11-25] (G Data Software AG)
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [1547104 2009-11-25] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe [302152 2009-11-26] (G Data Software AG)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2011-09-06] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2011-09-06] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2011-09-06] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [70400 2011-09-16] (LG Electronics Inc.)
R3 AVMUNET; C:\Windows\System32\DRIVERS\avmunet.sys [16384 2004-06-11] (AVM GmbH)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [18120 2011-01-04] (Devguru Co., Ltd)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [42112 2011-01-05] ()
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [28616 2009-12-30] (G Data Software AG)
R3 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [55624 2009-12-30] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [47560 2009-12-30] (G DATA Software AG)
R1 gdwfpcd; C:\Windows\System32\DRIVERS\gdwfpcd32.sys [40904 2010-04-23] (G DATA Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29992 2009-12-30] (G Data Software)
R3 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [35272 2009-12-30] (G Data Software AG)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-12-21] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-12-21] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-12-21] (MCCI Corporation)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [100224 2010-12-21] (MCCI Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-29 13:08 - 2013-07-29 13:08 - 00000000 ____D C:\FRST
2013-07-29 13:07 - 2013-07-29 13:07 - 01221130 _____ (Farbar) C:\Users\Klaus\Downloads\FRST.exe
2013-07-29 13:02 - 2013-07-29 13:02 - 00017198 _____ C:\Users\Klaus\Desktop\get-mirror-server.html
2013-07-29 12:46 - 2013-07-29 12:46 - 00718920 _____ C:\Users\Klaus\Downloads\ZipOpenerSetup(1).exe
2013-07-29 12:46 - 2013-07-29 12:46 - 00718920 _____ C:\Users\Klaus\Desktop\ZipOpenerSetup(1).exe
2013-07-29 12:44 - 2013-07-29 12:44 - 00000000 ____D C:\Users\Klaus\Qtrax
2013-07-29 12:42 - 2013-07-29 12:42 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Zip Opener Packages
2013-07-29 12:41 - 2013-07-29 12:41 - 00000000 ____D C:\Program Files\Delta
2013-07-29 12:40 - 2013-07-29 12:55 - 00000907 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-07-29 12:40 - 2013-07-29 12:41 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\BabSolution
2013-07-29 12:40 - 2013-07-29 12:40 - 00002035 _____ C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-29 12:40 - 2013-07-29 12:40 - 00002005 _____ C:\Users\Klaus\Desktop\Qtrax Player.lnk
2013-07-29 12:40 - 2013-07-29 12:40 - 00000364 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-07-29 12:40 - 2013-07-29 12:40 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\DigitalSite
2013-07-29 12:40 - 2013-07-29 12:40 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Babylon
2013-07-29 12:40 - 2013-07-29 12:40 - 00000000 ____D C:\ProgramData\Babylon
2013-07-29 12:40 - 2013-07-29 12:40 - 00000000 ____D C:\Program Files\OpenIt
2013-07-29 12:40 - 2013-07-29 12:40 - 00000000 ____D C:\Program Files\LyriXeeker
2013-07-29 12:38 - 2013-07-29 12:38 - 00718920 _____ C:\Users\Klaus\Downloads\ZipOpenerSetup.exe
2013-07-29 12:35 - 2013-07-29 12:35 - 00015336 _____ C:\Users\Klaus\Desktop\uC1nRMmX.htm
2013-07-29 12:30 - 2013-07-29 12:30 - 00015337 _____ C:\Users\Klaus\Desktop\H7ahhfut.htm
2013-07-28 20:50 - 2013-07-29 12:16 - 00000000 ____D C:\Users\Klaus\Documents\Virenfund
2013-07-28 13:11 - 2013-07-28 13:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-28 12:10 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-28 12:10 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-28 12:10 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-28 12:10 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-28 12:10 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-28 12:10 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-28 12:10 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-28 12:10 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-28 12:10 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-28 12:10 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-28 12:10 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-28 12:10 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-28 12:10 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-28 12:10 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-28 12:10 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-28 12:10 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 11:28 - 2013-06-04 03:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 11:28 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-12 11:27 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 11:27 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 11:27 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-12 11:27 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-12 11:27 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-12 11:27 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-12 11:27 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-12 11:27 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-12 11:27 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-12 11:27 - 2013-04-17 12:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-11 19:05 - 2013-07-11 19:36 - 00000000 ____D C:\Users\Klaus\Documents\Urlaub
2013-07-06 11:34 - 2013-07-06 11:34 - 00000000 ____D C:\Users\Paul\AppData\Local\Macromedia

==================== One Month Modified Files and Folders =======

2013-07-29 13:08 - 2013-07-29 13:08 - 00000000 ____D C:\FRST
2013-07-29 13:07 - 2013-07-29 13:07 - 01221130 _____ (Farbar) C:\Users\Klaus\Downloads\FRST.exe
2013-07-29 13:02 - 2013-07-29 13:02 - 00017198 _____ C:\Users\Klaus\Desktop\get-mirror-server.html
2013-07-29 13:01 - 2013-06-17 18:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-29 12:58 - 2010-01-25 00:23 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-29 12:55 - 2013-07-29 12:40 - 00000907 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-07-29 12:46 - 2013-07-29 12:46 - 00718920 _____ C:\Users\Klaus\Downloads\ZipOpenerSetup(1).exe
2013-07-29 12:46 - 2013-07-29 12:46 - 00718920 _____ C:\Users\Klaus\Desktop\ZipOpenerSetup(1).exe
2013-07-29 12:44 - 2013-07-29 12:44 - 00000000 ____D C:\Users\Klaus\Qtrax
2013-07-29 12:44 - 2009-12-30 19:19 - 00000000 ____D C:\Users\Klaus
2013-07-29 12:42 - 2013-07-29 12:42 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Zip Opener Packages
2013-07-29 12:41 - 2013-07-29 12:41 - 00000000 ____D C:\Program Files\Delta
2013-07-29 12:41 - 2013-07-29 12:40 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\BabSolution
2013-07-29 12:40 - 2013-07-29 12:40 - 00002035 _____ C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-29 12:40 - 2013-07-29 12:40 - 00002005 _____ C:\Users\Klaus\Desktop\Qtrax Player.lnk
2013-07-29 12:40 - 2013-07-29 12:40 - 00000364 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-07-29 12:40 - 2013-07-29 12:40 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\DigitalSite
2013-07-29 12:40 - 2013-07-29 12:40 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Babylon
2013-07-29 12:40 - 2013-07-29 12:40 - 00000000 ____D C:\ProgramData\Babylon
2013-07-29 12:40 - 2013-07-29 12:40 - 00000000 ____D C:\Program Files\OpenIt
2013-07-29 12:40 - 2013-07-29 12:40 - 00000000 ____D C:\Program Files\LyriXeeker
2013-07-29 12:38 - 2013-07-29 12:38 - 00718920 _____ C:\Users\Klaus\Downloads\ZipOpenerSetup.exe
2013-07-29 12:35 - 2013-07-29 12:35 - 00015336 _____ C:\Users\Klaus\Desktop\uC1nRMmX.htm
2013-07-29 12:30 - 2013-07-29 12:30 - 00015337 _____ C:\Users\Klaus\Desktop\H7ahhfut.htm
2013-07-29 12:29 - 2006-11-02 14:47 - 00004016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-29 12:29 - 2006-11-02 14:47 - 00004016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-29 12:22 - 2009-12-29 19:23 - 01651838 _____ C:\Windows\WindowsUpdate.log
2013-07-29 12:18 - 2012-08-27 15:20 - 00000000 ___RD C:\Users\Klaus\Dropbox
2013-07-29 12:18 - 2012-08-26 22:01 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\Dropbox
2013-07-29 12:17 - 2009-12-30 19:35 - 00000000 ____D C:\Users\Klaus\Tracing
2013-07-29 12:16 - 2013-07-28 20:50 - 00000000 ____D C:\Users\Klaus\Documents\Virenfund
2013-07-29 12:15 - 2010-01-25 00:23 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-29 12:14 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-28 22:25 - 2006-11-02 15:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-28 21:18 - 2009-12-30 23:02 - 00000000 ____D C:\Users\Klaus\AppData\Local\G DATA
2013-07-28 19:13 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-28 18:57 - 2011-05-05 18:17 - 00000000 ____D C:\Users\Klaus\Documents\Paul
2013-07-28 18:56 - 2011-04-10 14:52 - 00000000 ____D C:\Users\Klaus\Documents\Emil
2013-07-28 18:54 - 2009-12-30 23:52 - 00018944 _____ C:\Users\Klaus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-28 18:17 - 2006-11-02 12:33 - 01454146 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-28 18:08 - 2008-01-21 04:47 - 00023682 _____ C:\Windows\PFRO.log
2013-07-28 16:47 - 2006-11-02 14:47 - 00512728 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-28 13:34 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-07-28 13:26 - 2012-05-13 20:40 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-28 13:11 - 2013-07-28 13:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-28 12:22 - 2009-08-11 15:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-28 12:16 - 2006-11-02 12:24 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-07-28 12:14 - 2010-01-10 15:11 - 00000000 ____D C:\Users\Klaus\AppData\Roaming\HpUpdate
2013-07-28 12:09 - 2013-06-17 16:05 - 00000370 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Klaus.job
2013-07-28 11:59 - 2009-08-11 15:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-28 11:58 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 11:45 - 2006-11-02 14:52 - 00226123 _____ C:\Windows\setupact.log
2013-07-11 19:36 - 2013-07-11 19:05 - 00000000 ____D C:\Users\Klaus\Documents\Urlaub
2013-07-08 23:01 - 2013-06-17 16:05 - 00000366 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Klaus.job
2013-07-06 11:34 - 2013-07-06 11:34 - 00000000 ____D C:\Users\Paul\AppData\Local\Macromedia
2013-06-30 16:06 - 2013-06-17 16:06 - 00000376 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Klaus.job

Files to move or delete:
====================
C:\ProgramData\hpothb07.dat
C:\Users\Klaus\hpothb07.dat
C:\Users\Public\hpothb07.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-29 12:20

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-07-2013
Ran by Klaus at 2013-07-29 13:10:57
Running from C:\Users\Klaus\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX (Version: 10.0.42.34)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader 9.5.4 - Deutsch (Version: 9.5.4)
Amazon MP3-Downloader 1.0.17 (Version: 1.0.17)
Ashampoo Cover Studio 2.2.0 (Version: 2.2.0)
Ask Toolbar (Version: 1.14.1.0)
Ask Toolbar Updater (HKCU Version: 1.2.0.19709)
ATI Catalyst Install Manager (Version: 3.0.728.0)
AutoCAD 2002 - Deutsch (Version: 15.0.6.030)
Bing Bar (Version: 7.1.391.0)
Catalyst Control Center Core Implementation (Version: 2009.0520.1631.27815)
Catalyst Control Center Graphics Full Existing (Version: 2009.0520.1631.27815)
Catalyst Control Center Graphics Full New (Version: 2009.0520.1631.27815)
Catalyst Control Center Graphics Light (Version: 2009.0520.1631.27815)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0520.1631.27815)
Catalyst Control Center InstallProxy (Version: 2009.0520.1631.27815)
Catalyst Control Center Localization All (Version: 2009.0520.1631.27815)
CCC Help Danish (Version: 2009.0520.1630.27815)
CCC Help Dutch (Version: 2009.0520.1630.27815)
CCC Help English (Version: 2009.0520.1630.27815)
CCC Help Finnish (Version: 2009.0520.1630.27815)
CCC Help French (Version: 2009.0520.1630.27815)
CCC Help German (Version: 2009.0520.1630.27815)
CCC Help Italian (Version: 2009.0520.1630.27815)
CCC Help Japanese (Version: 2009.0520.1630.27815)
CCC Help Norwegian (Version: 2009.0520.1630.27815)
CCC Help Spanish (Version: 2009.0520.1630.27815)
CCC Help Swedish (Version: 2009.0520.1630.27815)
ccc-core-static (Version: 2009.0520.1631.27815)
ccc-utility (Version: 2009.0520.1631.27815)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Corel Graphics Suite 11 (Version: 11)
Crazy Taxi
CyberLink LabelPrint (Version: 2.5.1616)
CyberLink Power2Go (Version: 6.1.2806)
Delta Chrome Toolbar
Delta toolbar   (Version: 1.8.22.0)
Dropbox (HKCU Version: 2.0.22)
DynaGeo 3.0c
ElsterFormular (Version: 11.5.1.4843)
FIFA 10 (Version: 1.0.0.0)
FIFA 13 (Version: 1.0.0.0)
Free YouTube Download 2.9
G Data InternetSecurity (Version: 20.1.1.0)
GeoGebra 4.2 (Version: 4.2.24.0)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.153)
HP Foto- und Bildbearbeitung 2.0 - All-in-One (Version: 1.10.0000)
HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber  (Version: 1.10.0000)
HP Speicher-Disc (Version: 1.0.4.805)
HP Update (Version: 5.003.001.001)
Intel® Matrix Storage Manager
Java 7 Update 6 (Version: 7.0.60)
Java Auto Updater (Version: 2.1.9.0)
Java(TM) 6 Update 26 (Version: 6.0.260)
JavaFX 2.1.0 (Version: 2.1.0)
Junk Mail filter update (Version: 14.0.8089.726)
Kate's Video Converter 2.8.0
LG United Mobile Drivers (Version: 3.6.0.0)
LyricXeeker
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
MotoHelper 2.0.51 Driver 5.2.0 (Version: 2.0.51)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyFreeCodec
Open It! (Version: 1.1.1)
Origin (Version: 9.0.10.69)
phase-6 2.3.0 (Version: 2.3.0)
Qtrax Connection Manager (HKCU Version: 20.13.07.02)
Qtrax Player
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0007)
Realtek High Definition Audio Driver (Version: 6.0.1.5910)
Samsung Kies (Version: 2.0.0.11011_16)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2300.0)
Skins (Version: 2009.0520.1631.27815)
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Zip Opener
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VBA (2701.01) (Version: 6.03.00.9402)
Volo View Express
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Yahoo! Detect
Zip Opener Packages
Zip Opener Packages 31
Zip Opener Packages 4
 

==================== Restore Points  =========================

03-05-2013 15:49:17 Geplanter Prüfpunkt
04-05-2013 07:59:52 Geplanter Prüfpunkt
05-05-2013 08:06:08 Geplanter Prüfpunkt
07-05-2013 14:20:51 Windows Update
08-05-2013 14:29:13 Geplanter Prüfpunkt
14-05-2013 13:18:53 Windows Update
16-05-2013 14:23:41 Geplanter Prüfpunkt
16-05-2013 16:01:53 Windows Update
21-05-2013 14:25:18 Windows Update
24-05-2013 07:39:30 Geplanter Prüfpunkt
25-05-2013 17:45:24 Geplanter Prüfpunkt
28-05-2013 19:19:44 Windows Update
30-05-2013 15:02:41 Geplanter Prüfpunkt
31-05-2013 08:00:28 Geplanter Prüfpunkt
03-06-2013 18:59:42 Geplanter Prüfpunkt
04-06-2013 16:49:19 Windows Update
08-06-2013 08:43:04 Windows Update
11-06-2013 13:41:38 Windows Update
16-06-2013 15:01:47 Windows Update
17-06-2013 14:10:57 Windows Update
20-06-2013 20:08:19 Geplanter Prüfpunkt
21-06-2013 05:40:33 Windows Update
25-06-2013 15:37:01 Windows Update
28-06-2013 13:14:13 Geplanter Prüfpunkt
30-06-2013 12:49:32 Geplanter Prüfpunkt
02-07-2013 12:05:22 Windows Update
05-07-2013 13:53:32 Windows Update
09-07-2013 11:59:03 Windows Update
12-07-2013 11:05:53 Geplanter Prüfpunkt
28-07-2013 09:55:36 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0703EA73-3696-48EB-A31C-D974CC61D235} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-25] (Google Inc.)
Task: {1773E86C-72CD-43D0-989F-B22321649420} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-01-03] ()
Task: {1C1823AC-713C-4987-9460-2025F5A49FB3} - System32\Tasks\RNUpgradeHelperLogonPrompt_Klaus => C:\Users\Klaus\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-16] (RealNetworks, Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4251FDAB-A039-4B6B-92C9-F0597A93563A} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-04-26] ()
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {48816F9A-04AD-4D6B-A3D5-81DE56C6D498} - System32\Tasks\QtraxPlayer => C:\Program Files\Microsoft Silverlight\sllauncher.exe [2013-05-13] (Microsoft Corporation)
Task: {55824CD1-BF7C-4B5C-9283-00F723DCD32A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1356428508-3884257987-3584552362-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe No File
Task: {5812DAE4-CEA6-4DC9-A47C-1BA7132F4FCD} - System32\Tasks\ReclaimerUpdateFiles_Klaus => C:\Users\Klaus\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-16] (RealNetworks, Inc.)
Task: {67C14EE0-ACE7-4A56-8A89-BB7C7E39C5A2} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1356428508-3884257987-3584552362-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe No File
Task: {6D6FC387-D972-4926-B583-8B8BFA7C13BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-25] (Google Inc.)
Task: {8325D8CF-3E8C-4762-B323-DB3B9DBC2277} - System32\Tasks\ReclaimerUpdateXML_Klaus => C:\Users\Klaus\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-16] (RealNetworks, Inc.)
Task: {85FD4D23-B8FD-4059-B12B-B5B828972392} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1356428508-3884257987-3584552362-1003 => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {8DF4C94F-4A5F-484F-B30E-EC78ABF2FEA3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-17] (Adobe Systems Incorporated)
Task: {960B69BE-86FF-4FE6-B07C-ABBB2A5A1E28} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {BACB1867-AA4B-4E2B-BDB7-F8A664B470E6} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.)
Task: {BC2FE0E7-A199-40E3-9EEB-C269EA01F502} - System32\Tasks\EPUpdater => C:\Users\Klaus\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-06-06] ()
Task: {C175B724-050C-4A1B-A79C-338D40FEDDF1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {CC48F605-6561-4D0A-AED6-E665967B5305} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-04-26] ()
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {E9D914BA-C58E-490B-BBD0-809DB57B8218} - System32\Tasks\LyricXeeker Update => C:\Program Files\LyriXeeker\LyriXupdate.exe [2013-07-27] (LyriXeeker Tech)
Task: {EE2E5CDC-3DFD-4660-9650-C38F3880F6BE} - System32\Tasks\MotoHelper Initial Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-04-26] ()
Task: {F5159B26-E2D5-49F9-9351-401B04909BA1} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-04-26] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\LyricXeeker Update.job => C:\Program Files\LyriXeeker\LyriXupdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Klaus.job => C:\Users\Klaus\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Klaus.job => C:\Users\Klaus\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Klaus.job => C:\Users\Klaus\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2013 00:59:40 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KLAUS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P1PVE9ES.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/29/2013 00:59:40 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KLAUS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P1PVE9ES.DEFAULT\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/29/2013 00:59:40 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KLAUS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P1PVE9ES.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/29/2013 00:59:40 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KLAUS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P1PVE9ES.DEFAULT\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/29/2013 00:59:40 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KLAUS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P1PVE9ES.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/29/2013 00:59:40 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KLAUS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P1PVE9ES.DEFAULT\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/29/2013 00:59:39 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KLAUS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P1PVE9ES.DEFAULT\CACHE\6> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/29/2013 00:59:39 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KLAUS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P1PVE9ES.DEFAULT\CACHE\6> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/29/2013 00:59:39 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KLAUS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P1PVE9ES.DEFAULT\CACHE\5> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/29/2013 00:59:39 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\KLAUS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\P1PVE9ES.DEFAULT\CACHE\5> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (07/28/2013 06:15:58 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (07/28/2013 06:14:05 PM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection

Error: (07/28/2013 04:48:21 PM) (Source: Service Control Manager) (User: )
Description: G Data Personal Firewall

Error: (07/28/2013 00:22:28 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (07/28/2013 00:22:28 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (07/28/2013 00:22:28 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (07/28/2013 00:22:28 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (07/28/2013 00:14:39 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (07/28/2013 00:14:39 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (07/28/2013 00:14:39 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search


Microsoft Office Sessions:
=========================
Error: (12/04/2011 01:56:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/02/2011 09:08:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/02/2011 01:07:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/26/2011 04:16:07 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/05/2011 05:01:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/28/2011 08:06:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/08/2011 09:14:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/02/2011 05:19:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/21/2011 07:09:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/08/2011 11:10:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-07-29 13:08:59.448
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-29 13:08:59.220
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-29 13:08:58.986
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-29 13:08:58.745
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\HookCentre.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 50%
Total physical RAM: 3062.2 MB
Available physical RAM: 1514.88 MB
Total Pagefile: 6337.46 MB
Available Pagefile: 4075.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.28 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:911.5 GB) (Free:611.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:20 GB) (Free:10.43 GB) FAT32
Drive f: (INTENSO) (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT
Drive i: (Elements) (Fixed) (Total:596.02 GB) (Free:506.48 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: F98D6E74)
Partition 1: (Active) - (Size=911 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)

========================================================
Disk: 4 (Size: 596 GB) (Disk ID: ACDD9B22)
Partition 1: (Not Active) - (Size=596 GB) - (Type=0C)

========================================================
Disk: 5 (Size: 984 MB) (Disk ID: 008C426E)
Partition 1: (Active) - (Size=984 MB) - (Type=0E)

==================== End Of Log ============================
         


Alt 29.07.2013, 19:42   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund - Standard

Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund



Nettes Log
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund

Alt 31.07.2013, 13:25   #7
Der Bart
 
Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund - Standard

Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund



Hallo Schrauber,

Danke für Deine Unterstützung.
Das Problem hat sich gelöst.
Gruß Der Bart

Alt 31.07.2013, 19:20   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund - Standard

Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund



ok.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund
agent, antivirus, befallen, data, datei, fund, g data, outlook.pst, protokoll, prüfung, quarantäne, software, troja, trojan, trojan agent, trojan.agent.azyh, trojaner, verschieben, virenprüfung



Ähnliche Themen: Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund


  1. Malwarebytes Fund: Trojan.Agent C:\Windows\SysWOW64\SVKP.sys
    Log-Analyse und Auswertung - 22.08.2015 (15)
  2. Trojan.Agent.UKED in Datei MSTORD.EXE gefunden
    Log-Analyse und Auswertung - 29.04.2015 (7)
  3. G-Data findet Win32.Trojan.Agent.XDJOX7
    Log-Analyse und Auswertung - 22.03.2015 (20)
  4. Trojan Agent - Fund von Malwarebytes
    Log-Analyse und Auswertung - 22.12.2014 (16)
  5. G Data meldet Trojanerfund: Trojan.Agent.BDMI
    Log-Analyse und Auswertung - 01.08.2014 (15)
  6. Outlook mit Hiddenext/worm.gen befallen
    Plagegeister aller Art und deren Bekämpfung - 28.03.2014 (7)
  7. G DATA fund Trojan.bat.autoruns.as
    Plagegeister aller Art und deren Bekämpfung - 26.12.2013 (21)
  8. WinXp Trojan.Agent/Gen-Reputation Stolen.Data Trojan.Agent/Gen-DunDun Win32/Spy.Banker.YPK trojan
    Log-Analyse und Auswertung - 29.10.2013 (7)
  9. Trojan.Agent.Gen Fund von MBAM
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (1)
  10. Trojan.Banker, Trojan.Agent, Stolen.Data, Malware.Trace, was nun?
    Log-Analyse und Auswertung - 07.10.2012 (1)
  11. Avira meldet Fund - Agent.depg.1 (Trojan)
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (34)
  12. G Data Total Care findet Win32:Malware-gen; Trojan.Generic.4880128; Java:Agent-CU[Expl]
    Plagegeister aller Art und deren Bekämpfung - 12.02.2011 (7)
  13. dnschanger, fakealert, kein Fund mit G data, Fund mit antimalwarebytes
    Log-Analyse und Auswertung - 07.06.2010 (11)
  14. 'TR/Agent.ruo' [trojan] in der Datei 'C:\WINDOWS\system32\sysazqkz.dll'
    Plagegeister aller Art und deren Bekämpfung - 31.03.2010 (1)
  15. Antivirus meldet trojan.downloader.win32.agent
    Log-Analyse und Auswertung - 09.04.2009 (7)
  16. Fund mehrerer Trojaner auf Büro-PC (trojan.dropper / .agent / .crypt)
    Plagegeister aller Art und deren Bekämpfung - 03.02.2009 (3)

Zum Thema Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund - Bei Virenprüfung mit Der Software Antivirus von G Data wurde die Outlook.pst Datei als mit Trojan.Agent.AZYH befallen erkannt. Das Protokoll ist als jpg. angehängt. Löschen oder in Quarantäne verschieben der - Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund...
Archiv
Du betrachtest: Trojan Agent AZYH Outlook.PST Datei befallen G Data Antivirus Fund auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.