| |
| |||||||
Log-Analyse und Auswertung: Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAMWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
10.08.2013, 06:58
| #1 |
 |  Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM Ich habe mir vor 2 Tagen diesen Virus/Trojaner eingefangen. Selbstverschulden: nicht aktuelle KasperskyIS, JRE6. Zum Hergang: eigentlich Opera User, habe ich wegen Seitenaufbauproblemen eine Seite im MS IE gestartet. Soweit ich es überblicken kann, hat sich über JRE oder AcrobatReader ein Packer installiert, sich dann mithilfe eines Flash-Installers in der Registry ausgetobt und sich als "Google Update" eingenistet ("gupdate"), ähnelt diesem hier: http://www.trojaner-board.de/139061-...entfernen.html Dazu die Installation des "Internet Security Pro" fakes. Da ich das flashplayer-update zum entsprechenden Zeitpunkt für legitim hielt, habe ich ein paar Aktionen zugelassen, die mir KIS angezeigt hat.  Beim checken des Protokolls von KIS wurde mir einiges klarer. Code:
ATTFilter 07.08.2013 17:51:24 Gepackt: PE_Patch.EPProt Nicht vorhanden hxxp://jnowjjlij.no-ip.biz//v48e562/?2067077427d2e2025748530c050c0e020006030c0455070f0702060506010f00;2;2
07.08.2013 17:51:24 Gepackt: PE_Patch.EPProt Nicht vorhanden hxxp://jnowjjlij.no-ip.biz//v48e562/?078305f427d2e202554f5d08050e5f0202010d080457560f0505080106035e00;2;1
07.08.2013 17:51:25 Gepackt: PE_Patch Nicht vorhanden hxxp://jnowjjlij.no-ip.biz//v48e562/?078305f427d2e202554f5d08050e5f0202010d080457560f0505080106035e00;2;1//PE_Patch.EPProt
07.08.2013 17:51:25 Gepackt: PE_Patch Nicht vorhanden hxxp://jnowjjlij.no-ip.biz//v48e562/?2067077427d2e2025748530c050c0e020006030c0455070f0702060506010f00;2;2//PE_Patch.EPProt
07.08.2013 17:51:25 Gepackt: PE_Patch.EPProt Windows Command Processor C:\USERS\RSG#ADMIN\APPDATA\LOCAL\TEMP\11375890681177.exe
Code:
ATTFilter 07.08.2013 17:50:56 flashplayer11_7r96265_513_win[1].exe Zugeordnet zu Gruppe Schwach beschränkt Besitzt einen hohen Wert für das heuristisch errechnete Sicherheitsrating
07.08.2013 17:51:08 Verboten: Eindringen von Code flashplayer11_7r96265_513_win[1].exe Eindringen von Code c:\users\rsg#admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\h5n1p5ex\flashplayer11_7r96265_513_win[1].exe Eindringen von Code
07.08.2013 17:51:15 Verboten: Main_Run flashplayer11_7r96265_513_win[1].exe Ändern hkey_users\S-1-5-21-2566861732-4120447915-3965791177-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Main_Run
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\EXEFILE\SHELLEX\CONTEXTMENUHANDLERS\CMDLINEEXT contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\EXEFILE\SHELLEX\CONTEXTMENUHANDLERS\CMDLINEEXT contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\-{8F9D8FBE-C5C1-4B65-986E-51235C9283E8} contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\-{8F9D8FBE-C5C1-4B65-986E-51235C9283E8} contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\7-ZIP contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\7-ZIP contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\ADOBE.ACROBAT.CONTEXTMENU contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\ADOBE.ACROBAT.CONTEXTMENU contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\BRIEFCASEMENU contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\BRIEFCASEMENU contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\EDSSHELLEXT contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\EDSSHELLEXT contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\KASPERSKY ANTI-VIRUS contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\KASPERSKY ANTI-VIRUS contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\MYPICTURES3D contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\MYPICTURES3D contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\OPEN WITH contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\OPEN WITH contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\OPEN WITH ENCRYPTIONMENU contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\OPEN WITH ENCRYPTIONMENU contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\SHARING contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\SHARING contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\WINRAR contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\WINRAR contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\{A2A9545D-A0C2-42B4-9708-A0B2BADD77C8} contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\ALLFILESYSTEMOBJECTS\SHELLEX\CONTEXTMENUHANDLERS\COPYASPATHMENU contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\ALLFILESYSTEMOBJECTS\SHELLEX\CONTEXTMENUHANDLERS\COPYASPATHMENU contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\ALLFILESYSTEMOBJECTS\SHELLEX\CONTEXTMENUHANDLERS\SEND TO contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\ALLFILESYSTEMOBJECTS\SHELLEX\CONTEXTMENUHANDLERS\SEND TO contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\ALLFILESYSTEMOBJECTS\SHELLEX\CONTEXTMENUHANDLERS\UNLOCKERSHELLEXTENSION contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\ALLFILESYSTEMOBJECTS\SHELLEX\CONTEXTMENUHANDLERS\UNLOCKERSHELLEXTENSION contextmenuhandlers1
07.08.2013 17:51:16 Erlaubt: contextmenuhandlers1 flashplayer11_7r96265_513_win[1].exe Lesen hklm\SOFTWARE\CLASSES\ALLFILESYSTEMOBJECTS\SHELLEX\CONTEXTMENUHANDLERS\{C95FFEAE-A32E-4122-A5C4-49B5BFB69795} contextmenuhandlers1
07.08.2013 17:51:19 Verboten: My documents2 flashplayer11_7r96265_513_win[1].exe Lesen C:\USERS\RSG#ADMIN\DOCUMENTS\DESKTOP.INI My documents2
07.08.2013 17:51:19 Verboten: My documents2 flashplayer11_7r96265_513_win[1].exe Lesen C:\USERS\RSG#ADMIN\DOCUMENTS\DESKTOP.INI My documents2
07.08.2013 17:51:19 Verboten: My documents2 flashplayer11_7r96265_513_win[1].exe Lesen C:\USERS\RSG#ADMIN\DOCUMENTS\DESKTOP.INI My documents2
07.08.2013 17:51:22 01375890681177.exe Zugeordnet zu Gruppe Schwach beschränkt Besitzt einen hohen Wert für das heuristisch errechnete Sicherheitsrating
07.08.2013 17:51:25 11375890681177.exe Zugeordnet zu Gruppe Schwach beschränkt Besitzt einen hohen Wert für das heuristisch errechnete Sicherheitsrating
07.08.2013 17:52:01 Verboten: My documents2 11375890681177.exe Lesen C:\USERS\RSG#ADMIN\DOCUMENTS\DESKTOP.INI My documents2
07.08.2013 17:52:01 Verboten: My documents2 11375890681177.exe Lesen C:\USERS\RSG#ADMIN\DOCUMENTS\DESKTOP.INI My documents2
07.08.2013 17:52:01 Verboten: My documents2 11375890681177.exe Lesen C:\USERS\RSG#ADMIN\DOCUMENTS\DESKTOP.INI My documents2
07.08.2013 17:52:05 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Zugeordnet zu Gruppe Stark beschränkt Besitzt einen hohen Wert für das heuristisch errechnete Sicherheitsrating
07.08.2013 17:52:07 Verboten: Main_Run Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Löschen hklm\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Main_Run
07.08.2013 17:52:07 Verboten: Eindringen von Code Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Eindringen von Code c:\users\rsg#admin\appdata\local\temp\installflashplayer.exe Eindringen von Code
07.08.2013 17:52:11 Verboten: Eindringen von Code 11375890681177.exe Eindringen von Code c:\users\rsg#admin\appdata\local\temp\11375890681177.exe Eindringen von Code
07.08.2013 17:52:11 wmdefender.exe Zugeordnet zu Gruppe Schwach beschränkt Besitzt einen hohen Wert für das heuristisch errechnete Sicherheitsrating
07.08.2013 17:52:22 Erlaubt: Cookies2 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Erstellen C:\USERS\RSG#ADMIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\INDEX.DAT Cookies2
07.08.2013 17:52:22 Erlaubt: History2 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT History2
07.08.2013 17:52:40 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Zugeordnet zu Gruppe Vertrauenswürdig
07.08.2013 17:52:40 Erlaubt: Erstellen versteckter Registrierungsschlüssel Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Erstellen versteckter Schlüssel REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\*etadpug\Parameters Erstellen versteckter Registrierungsschlüssel
Code:
ATTFilter 07.08.2013 17:49:09 Internet Explorer Starten eines Prozesses C:\Program Files\Internet Explorer\iexplore.exe
07.08.2013 17:49:12 Internet Explorer Ändern HKEY_USERS\S-1-5-21-2566861732-4120447915-3965791177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections/SavedLegacySettings
07.08.2013 17:49:12 Internet Explorer Starten eines Prozesses C:\Program Files\Internet Explorer\iexplore.exe
07.08.2013 17:49:15 Windows Media Center Scheduler Service Ändern HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler/Heartbeat
07.08.2013 17:49:16 WebToolBar component Starten eines Prozesses C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
07.08.2013 17:49:45 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQ0QSL6D\html5[1].js
07.08.2013 17:49:45 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQ0QSL6D\addthis_widget[1].js
07.08.2013 17:49:45 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KORECN2N\jquery.min[1].js
07.08.2013 17:49:45 Windows Media Center Scheduler Service Ändern HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler/Heartbeat
07.08.2013 17:49:45 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QJQ9FKFI\gpt[1].js
07.08.2013 17:49:46 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJZT3R0T\ffGlobal[1].js
07.08.2013 17:49:46 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QJQ9FKFI\pubads_impl_25[1].js
07.08.2013 17:49:46 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJZT3R0T\ngg[1].js
07.08.2013 17:49:46 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQ0QSL6D\shutter-reloaded[1].js
07.08.2013 17:49:46 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQ0QSL6D\modernizr[1].js
07.08.2013 17:49:47 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QJQ9FKFI\css3-mediaqueries[1].js
07.08.2013 17:49:47 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KORECN2N\jquery.fitvids[1].js
07.08.2013 17:49:47 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QJQ9FKFI\player[1].js
07.08.2013 17:49:47 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QJQ9FKFI\swfobject[1].js
07.08.2013 17:49:47 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QJQ9FKFI\ga[1].js
07.08.2013 17:49:47 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQ0QSL6D\jwplayer[1].js
07.08.2013 17:49:51 Adobe® Flash® Player Installer/Uninstaller 10.3 r181 Starten eines Prozesses C:\WINDOWS\system32\Macromed\Flash\FlashUtil10s_ActiveX.exe
07.08.2013 17:49:51 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQ0QSL6D\core089[1].js
07.08.2013 17:49:54 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KORECN2N\embed[1].js
07.08.2013 17:49:55 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KORECN2N\auth014[1].js
07.08.2013 17:49:55 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KORECN2N\npc[1].js
07.08.2013 17:49:55 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJZT3R0T\widgets[1].js
07.08.2013 17:49:56 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQ0QSL6D\all[1].js
07.08.2013 17:49:57 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KORECN2N\count[1].js
07.08.2013 17:49:57 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KORECN2N\ie9[1].js
07.08.2013 17:50:00 Internet Explorer Erstellen HKEY_USERS\REGISTRY\USER\S-1-5-21-2566861732-4120447915-3965791177-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\P3P\HISTORY\NEODATAGROUP.COM
07.08.2013 17:50:00 Internet Explorer Erstellen HKEY_USERS\S-1-5-21-2566861732-4120447915-3965791177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\neodatagroup.com/(Default)
07.08.2013 17:50:00 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJZT3R0T\client[1].js
07.08.2013 17:50:00 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQ0QSL6D\count-data[1].js
07.08.2013 17:50:01 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KORECN2N\load[1].js
07.08.2013 17:50:01 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QJQ9FKFI\count[1].js
07.08.2013 17:50:02 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJZT3R0T\lounge[1].js
07.08.2013 17:50:02 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJZT3R0T\config[1].js
07.08.2013 17:50:02 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJZT3R0T\client[2].js
07.08.2013 17:50:02 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQ0QSL6D\_qdCilGJh1p[1].js
07.08.2013 17:50:02 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QJQ9FKFI\lib[1].js
07.08.2013 17:50:03 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQ0QSL6D\beacon[1].js
07.08.2013 17:50:07 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters/DhcpNameServer
07.08.2013 17:50:07 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{750CCB1C-DB9A-48AB-94E3-07A02A03E762}/DhcpNameServer
07.08.2013 17:50:07 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters/DhcpDomain
07.08.2013 17:50:07 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{750CCB1C-DB9A-48AB-94E3-07A02A03E762}/DhcpDomain
07.08.2013 17:50:07 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{750CCB1C-DB9A-48AB-94E3-07A02A03E762}/DhcpSubnetMaskOpt
07.08.2013 17:50:07 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{750CCB1C-DB9A-48AB-94E3-07A02A03E762}/DhcpDefaultGateway
07.08.2013 17:50:07 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters/DhcpDomain
07.08.2013 17:50:07 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{750CCB1C-DB9A-48AB-94E3-07A02A03E762}/DhcpDomain
07.08.2013 17:50:07 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters/DhcpNameServer
07.08.2013 17:50:07 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{750CCB1C-DB9A-48AB-94E3-07A02A03E762}/DhcpNameServer
07.08.2013 17:50:07 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{750CCB1C-DB9A-48AB-94E3-07A02A03E762}/DhcpDefaultGateway
07.08.2013 17:50:07 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{750CCB1C-DB9A-48AB-94E3-07A02A03E762}/DhcpSubnetMaskOpt
07.08.2013 17:50:11 Adobe Reader 8.0 Starten eines Prozesses C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
07.08.2013 17:50:11 Adobe Reader 8.0 Starten eines Prozesses C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
07.08.2013 17:50:13 Adobe Reader 8.0 Beenden eines Prozesses C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
07.08.2013 17:50:15 Windows Media Center Scheduler Service Ändern HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler/Heartbeat
07.08.2013 17:50:17 Internet Explorer Erstellen HKEY_USERS\REGISTRY\USER\S-1-5-21-2566861732-4120447915-3965791177-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\P3P\HISTORY\TWITTER.COM
07.08.2013 17:50:17 Internet Explorer Erstellen HKEY_USERS\S-1-5-21-2566861732-4120447915-3965791177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\twitter.com/(Default)
07.08.2013 17:50:19 Internet Explorer Erstellen HKEY_USERS\REGISTRY\USER\S-1-5-21-2566861732-4120447915-3965791177-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\P3P\HISTORY\DISQUS.COM
07.08.2013 17:50:19 Internet Explorer Erstellen HKEY_USERS\S-1-5-21-2566861732-4120447915-3965791177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\disqus.com/(Default)
07.08.2013 17:50:20 Java(TM) Platform SE binary Starten eines Prozesses C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
07.08.2013 17:50:20 Java(TM) Platform SE binary Beenden eines Prozesses C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
07.08.2013 17:50:20 Java(TM) Platform SE binary Starten eines Prozesses C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
07.08.2013 17:50:20 Java(TM) Platform SE binary Starten eines Prozesses C:\Program Files\Java\jre6\bin\java.exe
07.08.2013 17:50:22 Microsoft Windows Search Filter Host Beenden eines Prozesses C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
07.08.2013 17:50:32 Adobe Reader 8.0 Ändern HKEY_USERS\S-1-5-21-2566861732-4120447915-3965791177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections/SavedLegacySettings
07.08.2013 17:50:32 Internet Explorer Erstellen HKEY_USERS\REGISTRY\USER\S-1-5-21-2566861732-4120447915-3965791177-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\P3P\HISTORY\SOUNDCLOUD.COM
07.08.2013 17:50:32 Internet Explorer Erstellen HKEY_USERS\S-1-5-21-2566861732-4120447915-3965791177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\soundcloud.com/(Default)
07.08.2013 17:50:45 Adobe Reader 8.0 Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Content.IE5\H5N1P5EX\flashplayer11_7r96265_513_win[1].exe
07.08.2013 17:50:45 Windows Media Center Scheduler Service Ändern HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler/Heartbeat
07.08.2013 17:50:49 Host Process for Windows Services Erstellen C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\Cab70A5.tmp
07.08.2013 17:50:49 Host Process for Windows Services Erstellen C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\Tar7113.tmp
07.08.2013 17:50:49 Host Process for Windows Services Erstellen C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\Cab70A5.tmp
07.08.2013 17:50:49 Host Process for Windows Services Erstellen C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\Tar7113.tmp
07.08.2013 17:50:49 Host Process for Windows Services Löschen C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\Cab70A5.tmp
07.08.2013 17:50:49 Host Process for Windows Services Löschen C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\Tar7113.tmp
07.08.2013 17:50:51 Host Process for Windows Services Erstellen C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\Cab79BB.tmp
07.08.2013 17:50:51 Host Process for Windows Services Erstellen C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\Tar79BC.tmp
07.08.2013 17:50:51 Host Process for Windows Services Erstellen C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\Cab79BB.tmp
07.08.2013 17:50:51 Host Process for Windows Services Erstellen C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\Tar79BC.tmp
07.08.2013 17:50:51 Host Process for Windows Services Löschen C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\Cab79BB.tmp
07.08.2013 17:50:51 Host Process for Windows Services Löschen C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Temp\Tar79BC.tmp
07.08.2013 17:50:57 flashplayer11_7r96265_513_win[1].exe Starten eines Prozesses C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Content.IE5\H5N1P5EX\flashplayer11_7r96265_513_win[1].exe
07.08.2013 17:51:08 flashplayer11_7r96265_513_win[1].exe Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Google\Desktop\Install\{aead6260-d3f0-b306-01da-8bd8a6f55800}\❤≸⋙\Ⱒ☠⍨\*ﯹ๛\{aead6260-d3f0-b306-01da-8bd8a6f55800}\GoogleUpdate.exe
07.08.2013 17:51:09 Microsoft Windows Search Filter Host Starten eines Prozesses C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
07.08.2013 17:51:15 flashplayer11_7r96265_513_win[1].exe Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\TEMP\msimg32.dll
07.08.2013 17:51:15 flashplayer11_7r96265_513_win[1].exe Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\TEMP\InstallFlashPlayer.exe
07.08.2013 17:51:15 Windows Media Center Scheduler Service Ändern HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler/Heartbeat
07.08.2013 17:51:19 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QJQ9FKFI\discovery[1].js
07.08.2013 17:51:19 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QJQ9FKFI\event[1].js
07.08.2013 17:51:19 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQ0QSL6D\event[1].js
07.08.2013 17:51:20 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQ0QSL6D\listPromoted[1].js
07.08.2013 17:51:20 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QJQ9FKFI\event[2].js
07.08.2013 17:51:20 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QJQ9FKFI\event[3].js
07.08.2013 17:51:21 Java(TM) Platform SE binary Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\TEMP\01375890681177.exe
07.08.2013 17:51:21 Consent UI for administrative applications Starten eines Prozesses C:\WINDOWS\system32\consent.exe
07.08.2013 17:51:21 Windows Command Processor Starten eines Prozesses C:\WINDOWS\system32\cmd.exe
07.08.2013 17:51:21 Java(TM) Platform SE binary Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\TEMP\01375890681177.exe
07.08.2013 17:51:21 Windows Command Processor Starten eines Prozesses C:\WINDOWS\system32\cmd.exe
07.08.2013 17:51:22 01375890681177.exe Starten eines Prozesses C:\USERS\RSG#AD~1\AppData\Local\Temp\01375890681177.exe
07.08.2013 17:51:22 Windows Command Processor Beenden eines Prozesses C:\WINDOWS\system32\cmd.exe
07.08.2013 17:51:22 01375890681177.exe Starten eines Prozesses C:\USERS\RSG#AD~1\AppData\Local\Temp\01375890681177.exe
07.08.2013 17:51:22 01375890681177.exe Beenden eines Prozesses C:\USERS\RSG#AD~1\AppData\Local\Temp\01375890681177.exe
07.08.2013 17:51:22 Windows Command Processor Beenden eines Prozesses C:\WINDOWS\system32\cmd.exe
07.08.2013 17:51:23 01375890681177.exe Beenden eines Prozesses C:\USERS\RSG#AD~1\AppData\Local\Temp\01375890681177.exe
07.08.2013 17:51:24 Java(TM) Platform SE binary Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\TEMP\11375890681177.exe
07.08.2013 17:51:25 Java(TM) Platform SE binary Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\TEMP\11375890681177.exe
07.08.2013 17:51:25 Windows Command Processor Starten eines Prozesses C:\WINDOWS\system32\cmd.exe
07.08.2013 17:51:25 Windows Command Processor Starten eines Prozesses C:\WINDOWS\system32\cmd.exe
07.08.2013 17:51:26 11375890681177.exe Starten eines Prozesses C:\USERS\RSG#AD~1\AppData\Local\Temp\11375890681177.exe
07.08.2013 17:51:26 11375890681177.exe Starten eines Prozesses C:\USERS\RSG#AD~1\AppData\Local\Temp\11375890681177.exe
07.08.2013 17:51:26 Windows Command Processor Beenden eines Prozesses C:\WINDOWS\system32\cmd.exe
07.08.2013 17:51:26 Windows Command Processor Beenden eines Prozesses C:\WINDOWS\system32\cmd.exe
07.08.2013 17:51:27 11375890681177.exe Löschen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\TEMP\11375890681177.exe
07.08.2013 17:51:27 11375890681177.exe Ändern C:\USERS\RSG#ADMIN\APPDATA\Roaming\wmdefender
07.08.2013 17:51:27 11375890681177.exe Ändern C:\USERS\RSG#ADMIN\APPDATA\LOCAL\TEMP\607.TMP
07.08.2013 17:51:27 11375890681177.exe Umbenennen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\TEMP\607.TMP
07.08.2013 17:51:27 11375890681177.exe Erstellen C:\USERS\RSG#ADMIN\APPDATA\Roaming\wmdefender.exe
07.08.2013 17:51:27 11375890681177.exe Umbenennen C:\USERS\RSG#ADMIN\APPDATA\Roaming\wmdefender.exe
07.08.2013 17:51:27 11375890681177.exe Beenden eines Prozesses C:\USERS\RSG#AD~1\AppData\Local\Temp\11375890681177.exe
07.08.2013 17:51:45 Windows Media Center Scheduler Service Ändern HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler/Heartbeat
07.08.2013 17:51:49 Host Process for Windows Services Ändern HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1868F64-ED08-49A9-9F86-F62ED855AFFD}/DynamicInfo
07.08.2013 17:51:50 Host Process for Windows Services Ändern HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2566861732-4120447915-3965791177-1000/RefCount
07.08.2013 17:51:50 COM Surrogate Starten eines Prozesses C:\WINDOWS\system32\dllhost.exe
07.08.2013 17:51:50 Host Process for Windows Services Ändern HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2566861732-4120447915-3965791177-1000/RefCount
07.08.2013 17:51:50 Consent UI for administrative applications Beenden eines Prozesses C:\WINDOWS\system32\consent.exe
07.08.2013 17:51:50 Host Process for Windows Services Ändern HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2566861732-4120447915-3965791177-1000/RefCount
07.08.2013 17:51:51 COM Surrogate Starten eines Prozesses C:\WINDOWS\system32\dllhost.exe
07.08.2013 17:51:55 COM Surrogate Beenden eines Prozesses C:\WINDOWS\system32\dllhost.exe
07.08.2013 17:51:56 COM Surrogate Beenden eines Prozesses C:\WINDOWS\system32\dllhost.exe
07.08.2013 17:52:01 11375890681177.exe Erstellen C:\USERS\RSG#ADMIN\DESKTOP\Internet Security Pro.lnk
07.08.2013 17:52:03 COM Surrogate Starten eines Prozesses C:\WINDOWS\system32\dllhost.exe
07.08.2013 17:52:06 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Starten eines Prozesses C:\USERS\RSG#AD~1\AppData\Local\Temp\InstallFlashPlayer.exe
07.08.2013 17:52:06 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINDEFEND\PARAMETERS
07.08.2013 17:52:06 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINDEFEND\SECURITY
07.08.2013 17:52:07 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINDEFEND
07.08.2013 17:52:07 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLSERVICEOBJECTS\{FD6905CE-952F-41F1-9A6F-135D9C6622CC}
07.08.2013 17:52:07 Windows Command Processor Starten eines Prozesses C:\WINDOWS\system32\cmd.exe
07.08.2013 17:52:07 Windows Command Processor Beenden eines Prozesses C:\WINDOWS\system32\cmd.exe
07.08.2013 17:52:07 flashplayer11_7r96265_513_win[1].exe Beenden eines Prozesses C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Content.IE5\H5N1P5EX\flashplayer11_7r96265_513_win[1].exe
07.08.2013 17:52:07 Services and Controller app Ändern HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess/ErrorControl
07.08.2013 17:52:07 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Erstellen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\*ETADPUG
07.08.2013 17:52:07 Services and Controller app Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess/DeleteFlag
07.08.2013 17:52:08 COM Surrogate Beenden eines Prozesses C:\WINDOWS\system32\dllhost.exe
07.08.2013 17:52:09 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_SHAREDACCESS\0000
07.08.2013 17:52:09 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_SHAREDACCESS
07.08.2013 17:52:09 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\DEFAULTS\FIREWALLPOLICY\DOMAINPROFILE\LOGGING
07.08.2013 17:52:09 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\DEFAULTS\FIREWALLPOLICY\DOMAINPROFILE
07.08.2013 17:52:09 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\DEFAULTS\FIREWALLPOLICY\FIREWALLRULES
07.08.2013 17:52:09 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\DEFAULTS\FIREWALLPOLICY\PUBLICPROFILE\LOGGING
07.08.2013 17:52:09 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\DEFAULTS\FIREWALLPOLICY\PUBLICPROFILE
07.08.2013 17:52:09 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\DEFAULTS\FIREWALLPOLICY\STANDARDPROFILE\LOGGING
07.08.2013 17:52:09 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\DEFAULTS\FIREWALLPOLICY\STANDARDPROFILE
07.08.2013 17:52:09 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\DEFAULTS\FIREWALLPOLICY
07.08.2013 17:52:09 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\DEFAULTS
07.08.2013 17:52:10 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\EPOCH
07.08.2013 17:52:10 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\DOMAINPROFILE\AUTHORIZEDAPPLICATIONS
07.08.2013 17:52:10 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\EPOCH
07.08.2013 17:52:10 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\DOMAINPROFILE\GLOBALLYOPENPORTS
07.08.2013 17:52:10 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\DOMAINPROFILE\LOGGING
07.08.2013 17:52:10 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\DOMAINPROFILE
07.08.2013 17:52:11 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES
07.08.2013 17:52:11 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\PUBLICPROFILE\AUTHORIZEDAPPLICATIONS
07.08.2013 17:52:11 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\PUBLICPROFILE\GLOBALLYOPENPORTS
07.08.2013 17:52:11 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\PUBLICPROFILE\LOGGING
07.08.2013 17:52:11 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\PUBLICPROFILE
07.08.2013 17:52:11 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\RESTRICTEDSERVICES\CONFIGURABLE
07.08.2013 17:52:11 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\RESTRICTEDSERVICES\STATIC\SYSTEM
07.08.2013 17:52:11 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\RESTRICTEDSERVICES\CONFIGURABLE
07.08.2013 17:52:11 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\RESTRICTEDSERVICES\STATIC
07.08.2013 17:52:11 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\RESTRICTEDSERVICES
07.08.2013 17:52:11 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY
07.08.2013 17:52:11 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS
07.08.2013 17:52:11 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS
07.08.2013 17:52:12 wmdefender.exe Starten eines Prozesses C:\USERS\RSG#ADMIN\APPDATA\Roaming\wmdefender.exe
07.08.2013 17:52:12 Services and Controller app Ändern HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc/Start
07.08.2013 17:52:14 Services and Controller app Ändern HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc/ErrorControl
07.08.2013 17:52:15 Windows Media Center Scheduler Service Ändern HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler/Heartbeat
07.08.2013 17:52:16 Services and Controller app Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc/DeleteFlag
07.08.2013 17:52:17 Services and Controller app Ändern HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc/Start
07.08.2013 17:52:17 Services and Controller app Ändern HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc/ErrorControl
07.08.2013 17:52:19 Services and Controller app Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc/DeleteFlag
07.08.2013 17:52:19 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\IPHLPSVC\CONFIG
07.08.2013 17:52:19 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\IPHLPSVC\INTERFACES
07.08.2013 17:52:19 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\IPHLPSVC\PARAMETERS
07.08.2013 17:52:20 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\IPHLPSVC\TEREDO\PREVIOUSSTATE
07.08.2013 17:52:20 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\IPHLPSVC\TEREDO
07.08.2013 17:52:20 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\IPHLPSVC
07.08.2013 17:52:20 Services and Controller app Ändern HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc/Start
07.08.2013 17:52:20 Services and Controller app Ändern HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc/ErrorControl
07.08.2013 17:52:21 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Epoch/Epoch
07.08.2013 17:52:22 Services and Controller app Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc/DeleteFlag
07.08.2013 17:52:22 Services and Controller app Ändern HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE/Start
07.08.2013 17:52:22 Services and Controller app Ändern HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE/ErrorControl
07.08.2013 17:52:23 Services and Controller app Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE/DeleteFlag
07.08.2013 17:52:23 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Ändern HKEY_USERS\S-1-5-21-2566861732-4120447915-3965791177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections/SavedLegacySettings
07.08.2013 17:52:24 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\WSCSVC\PARAMETERS
07.08.2013 17:52:24 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\WSCSVC\SECURITY
07.08.2013 17:52:24 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\WSCSVC
07.08.2013 17:52:24 Services and Controller app Ändern HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvc/Start
07.08.2013 17:52:24 Services and Controller app Ändern HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvc/ErrorControl
07.08.2013 17:52:25 Services and Controller app Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvc/DeleteFlag
07.08.2013 17:52:27 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_MPSSVC\0000
07.08.2013 17:52:27 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_MPSSVC
07.08.2013 17:52:27 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\MPSSVC\PARAMETERS\PORTKEYWORDS\RPC-EPMAP
07.08.2013 17:52:27 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\MPSSVC\PARAMETERS\PORTKEYWORDS\TEREDO
07.08.2013 17:52:27 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\MPSSVC\PARAMETERS\PORTKEYWORDS
07.08.2013 17:52:27 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\MPSSVC\PARAMETERS
07.08.2013 17:52:27 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\MPSSVC\SECURITY
07.08.2013 17:52:27 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\MPSSVC\ENUM
07.08.2013 17:52:27 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\MPSSVC
07.08.2013 17:52:37 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\PCASVC\PARAMETERS
07.08.2013 17:52:37 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\PCASVC\SECURITY
07.08.2013 17:52:37 Services and Controller app Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\PCASVC
07.08.2013 17:52:40 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Erstellen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\*ETADPUG\PARAMETERS
07.08.2013 17:52:40 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\*etadpug\Parameters/Parameters
07.08.2013 17:52:40 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\*etadpug/Start
07.08.2013 17:52:40 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\*etadpug/Type
07.08.2013 17:52:40 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\*etadpug/ErrorControl
07.08.2013 17:52:40 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\*etadpug/ImagePath
07.08.2013 17:52:40 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\*etadpug/ObjectName
07.08.2013 17:52:40 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\*etadpug/Description
07.08.2013 17:52:40 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\*etadpug/DisplayName
07.08.2013 17:52:42 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Ändern C:\WINDOWS\system32\Macromed\Flash\FlashInstall.log
07.08.2013 17:52:42 Windows Command Processor Starten eines Prozesses C:\WINDOWS\system32\cmd.exe
07.08.2013 17:52:42 Adobe® Flash® Player Installer/Uninstaller 11.0 r1 Beenden eines Prozesses C:\USERS\RSG#AD~1\AppData\Local\Temp\InstallFlashPlayer.exe
07.08.2013 17:52:43 Windows Command Processor Löschen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\TEMP\msimg32.dll
07.08.2013 17:52:43 Windows Command Processor Beenden eines Prozesses C:\WINDOWS\system32\cmd.exe
07.08.2013 17:52:45 Windows Media Center Scheduler Service Ändern HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler/Heartbeat
07.08.2013 17:52:49 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters/DhcpNameServer
07.08.2013 17:52:49 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{750CCB1C-DB9A-48AB-94E3-07A02A03E762}/DhcpNameServer
07.08.2013 17:52:49 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters/DhcpDomain
07.08.2013 17:52:49 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{750CCB1C-DB9A-48AB-94E3-07A02A03E762}/DhcpDomain
07.08.2013 17:52:49 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{750CCB1C-DB9A-48AB-94E3-07A02A03E762}/DhcpSubnetMaskOpt
07.08.2013 17:52:49 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{750CCB1C-DB9A-48AB-94E3-07A02A03E762}/DhcpDefaultGateway
07.08.2013 17:52:49 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters/DhcpDomain
07.08.2013 17:52:49 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{750CCB1C-DB9A-48AB-94E3-07A02A03E762}/DhcpDomain
07.08.2013 17:52:49 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters/DhcpNameServer
07.08.2013 17:52:49 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{750CCB1C-DB9A-48AB-94E3-07A02A03E762}/DhcpNameServer
07.08.2013 17:52:49 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{750CCB1C-DB9A-48AB-94E3-07A02A03E762}/DhcpDefaultGateway
07.08.2013 17:52:49 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{750CCB1C-DB9A-48AB-94E3-07A02A03E762}/DhcpSubnetMaskOpt
07.08.2013 17:53:00 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QJQ9FKFI\config[1].js
07.08.2013 17:53:01 Microsoft Windows Search Protocol Host Starten eines Prozesses C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
07.08.2013 17:53:04 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQ0QSL6D\event[2].js
07.08.2013 17:53:04 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQ0QSL6D\event[3].js
07.08.2013 17:53:04 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KORECN2N\listPromoted[1].js
07.08.2013 17:53:04 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJZT3R0T\event[1].js
07.08.2013 17:53:04 Internet Explorer Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQ0QSL6D\event[4].js
07.08.2013 17:53:15 Windows Media Center Scheduler Service Ändern HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler/Heartbeat
07.08.2013 17:53:19 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\DEVICECLASSES\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994AD04-93EF-11D0-A3CC-00A0C9223196}\#SINGLELINEOUTTOPO\PROPERTIES\{D1885396-39D8-4777-BCFF-5E3241483416}\00000000\00000000
07.08.2013 17:53:19 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\DEVICECLASSES\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994AD04-93EF-11D0-A3CC-00A0C9223196}\#SINGLELINEOUTTOPO\PROPERTIES\{D1885396-39D8-4777-BCFF-5E3241483416}\00000000
07.08.2013 17:53:19 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\DEVICECLASSES\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994AD04-93EF-11D0-A3CC-00A0C9223196}\#SINGLELINEOUTTOPO\PROPERTIES\{D1885396-39D8-4777-BCFF-5E3241483416}\00000000
07.08.2013 17:53:19 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\DEVICECLASSES\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994AD04-93EF-11D0-A3CC-00A0C9223196}\#SINGLELINEOUTTOPO\PROPERTIES\{D1885396-39D8-4777-BCFF-5E3241483416}\00000000\00000000
07.08.2013 17:53:19 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994ad04-93ef-11d0-a3cc-00a0c9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#SingleLineOutTopo\Properties\{d1885396-39d8-4777-bcff-5e3241483416}\00000000\00000000/Type
07.08.2013 17:53:19 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994ad04-93ef-11d0-a3cc-00a0c9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#SingleLineOutTopo\Properties\{d1885396-39d8-4777-bcff-5e3241483416}\00000000\00000000/Data
07.08.2013 17:53:19 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\DEVICECLASSES\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994AD04-93EF-11D0-A3CC-00A0C9223196}\#SINGLELINEOUTTOPO\PROPERTIES\{7FB7B48F-531D-44A2-BCB3-5AD5A134B3DC}\00020000\00000000
07.08.2013 17:53:19 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\DEVICECLASSES\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994AD04-93EF-11D0-A3CC-00A0C9223196}\#SINGLELINEOUTTOPO\PROPERTIES\{7FB7B48F-531D-44A2-BCB3-5AD5A134B3DC}\00020000
07.08.2013 17:53:19 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\DEVICECLASSES\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994AD04-93EF-11D0-A3CC-00A0C9223196}\#SINGLELINEOUTTOPO\PROPERTIES\{7FB7B48F-531D-44A2-BCB3-5AD5A134B3DC}\00020000
07.08.2013 17:53:19 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\DEVICECLASSES\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994AD04-93EF-11D0-A3CC-00A0C9223196}\#SINGLELINEOUTTOPO\PROPERTIES\{7FB7B48F-531D-44A2-BCB3-5AD5A134B3DC}\00020000\00000000
07.08.2013 17:53:19 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994ad04-93ef-11d0-a3cc-00a0c9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#SingleLineOutTopo\Properties\{7fb7b48f-531d-44a2-bcb3-5ad5a134b3dc}\00020000\00000000/Type
07.08.2013 17:53:19 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994ad04-93ef-11d0-a3cc-00a0c9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#SingleLineOutTopo\Properties\{7fb7b48f-531d-44a2-bcb3-5ad5a134b3dc}\00020000\00000000/Data
07.08.2013 17:53:21 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\DEVICECLASSES\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994AD04-93EF-11D0-A3CC-00A0C9223196}\#SINGLELINEOUTTOPO\PROPERTIES\{D1885396-39D8-4777-BCFF-5E3241483416}\00000000\00000000
07.08.2013 17:53:21 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\DEVICECLASSES\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994AD04-93EF-11D0-A3CC-00A0C9223196}\#SINGLELINEOUTTOPO\PROPERTIES\{D1885396-39D8-4777-BCFF-5E3241483416}\00000000
07.08.2013 17:53:21 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\DEVICECLASSES\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994AD04-93EF-11D0-A3CC-00A0C9223196}\#SINGLELINEOUTTOPO\PROPERTIES\{D1885396-39D8-4777-BCFF-5E3241483416}\00000000
07.08.2013 17:53:21 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\DEVICECLASSES\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994AD04-93EF-11D0-A3CC-00A0C9223196}\#SINGLELINEOUTTOPO\PROPERTIES\{D1885396-39D8-4777-BCFF-5E3241483416}\00000000\00000000
07.08.2013 17:53:21 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994ad04-93ef-11d0-a3cc-00a0c9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#SingleLineOutTopo\Properties\{d1885396-39d8-4777-bcff-5e3241483416}\00000000\00000000/Type
07.08.2013 17:53:21 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994ad04-93ef-11d0-a3cc-00a0c9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#SingleLineOutTopo\Properties\{d1885396-39d8-4777-bcff-5e3241483416}\00000000\00000000/Data
07.08.2013 17:53:21 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\DEVICECLASSES\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994AD04-93EF-11D0-A3CC-00A0C9223196}\#SINGLELINEOUTTOPO\PROPERTIES\{7FB7B48F-531D-44A2-BCB3-5AD5A134B3DC}\00020000\00000000
07.08.2013 17:53:21 Host Process for Windows Services Löschen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\DEVICECLASSES\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994AD04-93EF-11D0-A3CC-00A0C9223196}\#SINGLELINEOUTTOPO\PROPERTIES\{7FB7B48F-531D-44A2-BCB3-5AD5A134B3DC}\00020000
07.08.2013 17:53:21 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\DEVICECLASSES\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994AD04-93EF-11D0-A3CC-00A0C9223196}\#SINGLELINEOUTTOPO\PROPERTIES\{7FB7B48F-531D-44A2-BCB3-5AD5A134B3DC}\00020000
07.08.2013 17:53:21 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\DEVICECLASSES\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994AD04-93EF-11D0-A3CC-00A0C9223196}\#SINGLELINEOUTTOPO\PROPERTIES\{7FB7B48F-531D-44A2-BCB3-5AD5A134B3DC}\00020000\00000000
07.08.2013 17:53:21 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994ad04-93ef-11d0-a3cc-00a0c9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#SingleLineOutTopo\Properties\{7fb7b48f-531d-44a2-bcb3-5ad5a134b3dc}\00020000\00000000/Type
07.08.2013 17:53:21 Host Process for Windows Services Erstellen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994ad04-93ef-11d0-a3cc-00a0c9223196}\##?#HDAUDIO#FUNC_01&VEN_10EC&DEV_0889&SUBSYS_10250146&REV_1000#4&333E2D5D&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#SingleLineOutTopo\Properties\{7fb7b48f-531d-44a2-bcb3-5ad5a134b3dc}\00020000\00000000/Data
07.08.2013 17:53:30 Microsoft Windows Search Protocol Host Beenden eines Prozesses C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
07.08.2013 17:53:45 Windows Media Center Scheduler Service Ändern HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler/Heartbeat
07.08.2013 17:53:55 Opera Internet Browser Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Opera\Opera\opcache\dcache4.url
07.08.2013 17:53:55 Opera Internet Browser Erstellen C:\USERS\RSG#ADMIN\APPDATA\LOCAL\Opera\Opera\cache\DCACHE4.URL
07.08.2013 17:53:57 Java(TM) Platform SE binary Beenden eines Prozesses C:\Program Files\Java\jre6\bin\java.exe
07.08.2013 17:53:57 Java(TM) Platform SE binary Beenden eines Prozesses C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
Die Programme/Prozesse, die im Taskmanager aktiv waren: 11375890681177.exe wmdefender.exe jeweils mit der Beschreibung "Registry Work". Diese habe ich per "Prozessstruktur beenden" beendet und an ihrem Ort gelöscht. Beim weiteren analysieren den Ort gefunden, an dem der Rest sitzt: Code:
ATTFilter C:\Users\rsg#Admin\AppData\Local\Google\Desktop\Install\{aead6260-d3f0-b306-01da-8bd8a6f55800}\❤≸⋙\Ⱒ☠⍨\*ﯹ๛
Code:
ATTFilter C:\Program Files\Google\Desktop
So wie es aussieht, wurden etliche Windows Defender und -Firewalleinstellungen/Einträge in der Registry gelöscht. Die Registry habe ich eigenhändig versucht zu säubern, allerdings ließen sich, wie auch der obige Ordnerpfad, einige Keys nicht löschen. Bspw. Code:
ATTFilter HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\*etadpug
Spybot S&D hat ebenso nichts erkannt. Oder könnte dieser MBAM behindert haben? Prozesse waren keine aktiv. Aufgrund des o.g. anderen Threads habe ich Adwcleaner Code:
ATTFilter # AdwCleaner v2.306 - Datei am 10/08/2013 um 03:08:20 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : rsg#Admin - RSG_E-HIRN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\rsg#Admin\Desktop\antimalware-tools\adwcleaner2.306.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Infiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008\Microsoft Visual Studio 2008 Documentation.lnk ( arg. : /helpcol ms-help://ms.vscc.v90 /LaunchNamedUrlTopic DefaultPage /usehelpsettings VisualStudio.9.0)
Ordner Gefunden : C:\Program Files\Red Sky
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16490
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v8.0.1 (de)
Datei : C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a3bkgly2.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v12.12.1707.0
Datei : C:\Users\rsg#Admin\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1843 octets] - [10/08/2013 03:08:20]
########## EOF - C:\AdwCleaner[R1].txt - [1903 octets] ##########
combofix Code:
ATTFilter ComboFix 13-08-09.02 - rsg#Admin 10.08.2013 3:21:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3068.1972 [GMT 2:00]
ausgeführt von:: C:\Users\rsg#Admin\Desktop\antimalware-tools\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Acer\Acer Bio Protection\PwdFilter.dll
C:\Windows\IsUn0407.exe
C:\Windows\jestertb.dll
C:\Windows\system32\drivers\etc\hosts.ics
C:\Windows\wininit.ini
((((((((((((((((((((((( Dateien erstellt von 2013-07-10 bis 2013-08-10 ))))))))))))))))))))))))))))))
2013-08-10 01:32:21 . 2013-08-10 01:59:31 -------- d-----w- C:\Users\rsg#Admin\AppData\Local\temp
2013-08-10 01:32:21 . 2013-08-10 01:32:21 -------- d-----w- C:\Users\rsg.gaming\AppData\Local\temp
2013-08-10 01:32:21 . 2013-08-10 01:32:21 -------- d-----w- C:\Users\Gast\AppData\Local\temp
2013-08-09 19:49:30 . 2013-08-09 19:49:30 -------- d-----w- C:\Users\rsg#Admin\AppData\Local\Macromedia
2013-08-09 18:56:42 . 2013-08-09 18:56:42 692104 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2013-08-09 18:56:39 . 2013-08-09 18:56:39 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-06 20:48:46 . 2013-08-07 14:52:26 -------- d-----w- C:\Program Files\Mozilla Thunderbird
2013-07-25 16:42:41 . 2013-07-25 16:42:41 60872 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{243F99BC-B6FC-4998-89BD-681BABBDE510}\offreg.dll
2013-07-25 16:31:09 . 2013-07-02 06:54:40 7143960 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{243F99BC-B6FC-4998-89BD-681BABBDE510}\mpengine.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
2013-05-16 22:39:39 . 2013-06-26 18:25:07 1800704 ----a-w- C:\Windows\system32\jscript9.dll
2013-05-16 22:28:26 . 2013-06-26 18:25:07 1129472 ----a-w- C:\Windows\system32\wininet.dll
2013-05-16 22:27:30 . 2013-06-26 18:25:06 1427968 ----a-w- C:\Windows\system32\inetcpl.cpl
2013-05-16 22:21:37 . 2013-06-26 18:25:08 142848 ----a-w- C:\Windows\system32\ieUnatt.exe
2013-05-16 22:20:30 . 2013-06-26 18:25:09 420864 ----a-w- C:\Windows\system32\vbscript.dll
2013-05-16 22:16:57 . 2013-06-26 18:25:10 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-11-18 16:22:06 . 2012-11-18 16:22:06 0 ----a-w- C:\Program Files\GUT1D31.tmp
2011-11-21 04:21:43 . 2011-12-19 16:58:09 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36:40 130736 ----a-w- C:\Users\rsg#Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36:40 130736 ----a-w- C:\Users\rsg#Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36:40 130736 ----a-w- C:\Users\rsg#Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 15:52:34 121392 ----a-w- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 08:19:26 6139904]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 09:26:54 1037608]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-08-01 13:11:00 13548064]
"ZPdtWzdVitaKey MC3000"="C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-10-23 01:42:22 3719680]
"PLFSetI"="C:\Windows\PLFSetI.exe" [2008-06-30 15:56:32 200704]
"eAudio"="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 20:46:38 544768]
"ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 07:51:42 405504]
"razer"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-11-25 09:53:40 155648]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-06-16 09:58:38 809480]
"WD Drive Manager"="C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 14:22:12 450560]
"avp"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-10-14 02:53:13 311680]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-22 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-10-23 01:42:41 3162624 ----a-w- C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\Windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\Windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^watchmi tray.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk
backup=C:\Windows\pss\watchmi tray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^rsg#Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=C:\Users\rsg#Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=C:\Windows\pss\GamersFirst LIVE!.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^rsg#Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=C:\Users\rsg#Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^rsg#Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk]
path=C:\Users\rsg#Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
backup=C:\Windows\pss\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-01 16:28:56 640376 ----a-w- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2009-09-07 18:50:28 152872 ------w- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-25 19:36:20 28672 ----a-w- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cisco AnyConnect Secure Mobility Agent for Windows]
2011-09-09 16:09:37 523216 ----a-w- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-09-07 18:50:36 206120 ------w- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copperhead]
2005-11-25 09:53:40 155648 ----a-w- C:\Program Files\Razer\Copperhead\razerhid.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-07-29 15:52:50 526896 ----a-w- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Officejet Pro 8600 (NET)]
2011-09-09 14:01:16 1804648 ----a-w- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-07-20 15:45:06 182808 ----a-w- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2009-02-24 16:00:26 479232 ----a-w- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-08-01 13:11:00 92704 ----a-w- C:\Windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
2003-07-07 08:29:50 729088 ----a-r- C:\Program Files\ScanSoft\OmniPageSE2.0\EregGer\Ereg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 10:00:58 49152 ----a-w- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2009-05-21 13:42:28 173288 ------w- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
2008-09-23 04:53:32 6144 ----a-w- C:\Program Files\Acer\WR_PopUp\ProductReg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09:14 413696 ----a-w- C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 16:50:02 18642024 ----a-r- C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15:58 1826816 ----a-w- C:\Windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49:28 249064 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15:46 15872 ----a-w- D:\Software\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2012-06-28 15:40:52 74752 ----a-w- C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2008-01-21 02:23:24 215552 ----a-w- C:\Windows\WindowsMobile\wmdSync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25:33 202240 ----a-w- C:\Program Files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2566861732-4120447915-3965791177-1000]
"EnableNotificationsRef"=dword:00000001
R3 acsint;acsint;C:\Windows\system32\DRIVERS\acsint.sys [2011-09-09 15:59:19 38440]
R3 acsmux;acsmux;C:\Windows\system32\DRIVERS\acsmux.sys [2011-09-09 15:59:19 57000]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - WS2IFSL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
------- Zusätzlicher Suchlauf -------
ustart page = about:blank
mstart page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6935
uInternet Settings,ProxyServer = 192.168.178.20:80
uInternet Settings,ProxyOverride = <local>
IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
DPF: {F07E53AA-B14F-48E0-8CB6-45AE0EFAB848} - hxxp://www.cyberlink.com/prog/oem/acer/update/UpdateAdvisor.cab
FF - ProfilePath - C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a3bkgly2.default\
FF - ExtSQL: !HIDDEN! 2009-12-07 02:14; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
------- Dateityp-Verknüpfung -------
.txt=
- - - - Entfernte verwaiste Registrierungseinträge - - - -
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-Adobe Photoshop Elements 2.0 - C:\WINDOWS\ISUN0407.EXE
AddRemove-AVerMedia A309 (MiniCard, DVB-T) - C:\Program Files\AVerMedia\AVerMedia A309 (MiniCard
AddRemove-SideWinder Precision 2 - C:\Windows\IsUn0407.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-08-10 03:59:02
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
**************************************************************************
Binary file temp00 matches
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="C:\Windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl"
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
------------------------ Weitere laufende Prozesse ------------------------
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\conime.exe
**************************************************************************
Zeit der Fertigstellung: 2013-08-10 04:05:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-08-10 02:05:21
Vor Suchlauf: 6.375.043.072 Bytes frei
Nach Suchlauf: 5.802.692.608 Bytes frei
- - End Of File - - 95F2072B61FA11650FBFD0622D108BD3
BB9D3A6A13C5010348DA7C900BB6AF50
Die "üblichen" Logs zur Themeneröffnung reiche ich noch nach, das ist der Sache geschuldet, dass mein PC seit einigen Wochen beim kompletten Systemstart aus mir nicht identifizierbaren Gründen eine ca. 30-minütige Komplettauslastung hinlegt. (Im abgesicherten Modus nicht.) ------------------------------------ Ich versuche nun im abgesicherten Modus rKill, erneut MBAM und ggf. TDSSKiller. Dann erstatte ich Bericht. Vielen Dank schonmal. ------------------------------------ [Wegen anstehender Prüfungen etc. habe ich momentan leider nicht die Möglichkeit, ein neues System aufzusetzen, was dann aber zeitnah nachgeholt wird, da ohnehin sinnvoll und längst überfällig] |
|
10.08.2013, 07:23
| #2 |
| /// the machine /// TB-Ausbilder    | Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM hi,
__________________lass erstmal die scans auf eigene Faust. Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
10.08.2013, 07:58
| #3 |
| | Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM frst.txt
__________________FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-08-2013 Ran by rsg#Admin (administrator) on 10-08-2013 08:44:38 Running from C:\Users\rsg#Admin\Desktop Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Validity Sensors, Inc.) C:\Windows\system32\vfsFPService.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Arachnoid Biometrics Identification Group Corp.) C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe () C:\Program Files\Acer\Acer Bio Protection\BASVC.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe (WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe (Acresso Software Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Microsoft Corporation) C:\Windows\ehome\ehsched.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\system32\UI0Detect.exe (Opera Software) C:\Program Files\Opera\opera.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Windows\system32\Taskmgr.exe (Farbar) C:\Users\rsg#Admin\Desktop\2-FRST_32bit.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1037608 2008-04-04] (Synaptics, Inc.) HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13548064 2008-08-01] (NVIDIA Corporation) HKLM\...\Run: [ZPdtWzdVitaKey MC3000] - C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [3719680 2008-10-23] (Arachnoid Biometrics Identification Group Corp.) HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-06-30] () HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-11] (Acer Incorporated) HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.) HKLM\...\Run: [razer] - C:\Program Files\Razer\Copperhead\razerhid.exe [155648 2005-11-25] () HKLM\...\Run: [LManager] - C:\PROGRA~1\LAUNCH~1\LManager.exe [809480 2008-06-16] (Dritek System Inc.) HKLM\...\Run: [WD Drive Manager] - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [450560 2008-07-24] (WDC) HKLM\...\Run: [avp] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [311680 2010-10-14] (Kaspersky Lab) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [X] Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] () HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] () HKU\Gast\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) HKU\Gast\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] () HKU\Gast.rsg_e-Hirn\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) HKU\Gast.rsg_e-Hirn\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation) HKU\Gast.rsg_e-Hirn\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-21] (Microsoft Corporation) HKU\rsg.gaming\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ==================== Internet (Whitelisted) ==================== ProxyServer: 192.168.178.20:80 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com HKLM\Software\Microsoft\Internet Explorer\Main,start page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6935 BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F07E53AA-B14F-48E0-8CB6-45AE0EFAB848} hxxp://www.cyberlink.com/prog/oem/acer/update/UpdateAdvisor.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a3bkgly2.default FF NetworkProxy: "autoconfig_url", "192.168.178.20" FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @parallelgraphics.com/Cortona - C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} FF Extension: No Name - C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Microsoft .NET Framework Assistant - C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a3bkgly2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: color_management - C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a3bkgly2.default\Extensions\color_management@seanhayes.name.xpi FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt FF Extension: Kaspersky Anti-Spam Extension - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt ========================== Services (Whitelisted) ================= R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [311680 2010-10-14] (Kaspersky Lab) S3 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) S3 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-16] () S4 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2009-01-13] (Cisco Systems, Inc.) R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] () R2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3520512 2008-10-23] () S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () S4 msvsmon90; d:\Software\Microsoft\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation) S3 npggsvc; C:\Windows\system32\GameMon.des [2722845 2009-04-15] (INCA Internet Co., Ltd.) S3 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2009-07-16] () S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-04-04] () R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated) S4 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [475088 2011-09-09] (Cisco Systems, Inc.) S4 watchmi; C:\Program Files\watchmi\TvdService.exe [55808 2010-09-09] () R2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [102400 2008-07-24] (WDC) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] () ==================== Drivers (Whitelisted) ==================== S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [38440 2011-09-09] (Cisco Systems, Inc.) S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [57000 2011-09-09] (Cisco Systems, Inc.) R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43184 2008-10-23] (Alfa Corporation) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131856 2008-08-28] (Deterministic Networks, Inc.) R1 DritekPortIO; C:\PROGRA~1\LAUNCH~1\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.) R1 Ext2fs; C:\Windows\System32\DRIVERS\ext2fs.sys [189888 2008-09-25] (Stephan Schreiber) R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () R1 IfsMount; C:\Windows\System32\DRIVERS\ifsmount.sys [60352 2008-08-28] (Stephan Schreiber) R2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-08-19] (Acer, Inc.) R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-18] (ITE Tech. Inc. ) R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-12-01] (Kaspersky Lab) R0 klbg; C:\Windows\System32\drivers\klbg.sys [33808 2008-12-15] (Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [280592 2009-12-01] (Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [21008 2009-05-15] (Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19472 2009-05-16] (Kaspersky Lab) S3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.) R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [16688 2007-04-24] (IBM) R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-08-10] (Malwarebytes Corporation) S3 SilverLink; C:\Windows\System32\Drivers\SilvrLnk.sys [21456 2004-01-28] (Texas Instruments Incorporated) R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software) R4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-12-31] () R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-07-16] (The OpenVPN Project) R3 UsbFltr; C:\Windows\System32\drivers\copperhd.sys [11596 2005-11-02] (Razer (Asia-Pacific) Pte Ltd) S3 WinRing0_1_2_0; D:\Software\Performance\ThrottleStop_400\WinRing0.sys [14416 2008-07-26] (OpenLibSys.org) U3 a3kfblxx; C:\Windows\System32\Drivers\a3kfblxx.sys [0 ] (Microsoft Corporation) S2 adfs; No ImagePath R3 catchme; \??\C:\ComboFix\catchme.sys [x] S2 CVPNDRVA; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S2 NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-10 08:27 - 2013-08-10 08:27 - 00000966 _____ C:\Users\rsg#Admin\Desktop\Rkill.txt 2013-08-10 06:51 - 2013-08-10 06:52 - 00000020 _____ C:\Users\rsg#Admin\defogger_reenable 2013-08-10 06:49 - 2013-08-10 06:49 - 01230570 _____ (Farbar) C:\Users\rsg#Admin\Desktop\2-FRST_32bit.exe 2013-08-10 05:08 - 2013-08-10 05:08 - 05782572 _____ C:\Windows\system32\~.tmp 2013-08-10 04:53 - 2013-08-10 05:06 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-08-10 04:53 - 2013-08-10 04:53 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Malwarebytes 2013-08-10 04:52 - 2013-08-10 04:52 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-10 04:52 - 2013-08-10 04:52 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-10 04:52 - 2013-08-10 04:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-08-10 04:52 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-10 04:05 - 2013-08-10 04:05 - 00017206 _____ C:\ComboFix.txt 2013-08-10 03:18 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-08-10 03:18 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-08-10 03:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-08-10 03:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-08-10 03:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-08-10 03:18 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-08-10 03:18 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-08-10 03:18 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-08-10 03:17 - 2013-08-10 04:05 - 00000000 ____D C:\ComboFix 2013-08-10 03:15 - 2013-08-10 04:05 - 00000000 ____D C:\Qoobox 2013-08-10 03:13 - 2013-08-10 04:03 - 00000000 ____D C:\Windows\erdnt 2013-08-10 03:03 - 2013-08-10 08:20 - 00000000 ____D C:\Users\rsg#Admin\Desktop\antimalware-tools 2013-08-10 02:19 - 2013-08-10 02:19 - 00001648 _____ C:\Users\rsg#Admin\Desktop\virus-regloeschversuche.txt 2013-08-10 00:40 - 2013-08-10 00:40 - 00000000 ____D C:\Users\rsg#Admin\Documents\virenbekämpfung-reg 2013-08-09 23:27 - 2013-08-10 03:35 - 00003042 _____ C:\Windows\PFRO.log 2013-08-09 21:49 - 2013-08-09 21:49 - 00000000 ____D C:\Users\RSG#AD~1\AppData\Local\Macromedia 2013-08-09 20:59 - 2013-08-09 20:59 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Macromedia 2013-08-09 20:56 - 2013-08-09 20:56 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-08-09 20:56 - 2013-08-09 20:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-08-09 06:37 - 2013-08-09 06:37 - 00000698 _____ C:\Users\rsg#Admin\Desktop\LRT-Altlasten -Verknüpfung.lnk 2013-08-09 01:21 - 2013-08-09 01:38 - 00000000 ____D C:\Users\rsg#Admin\Desktop\Informationstechnologie-2013 2013-08-08 06:58 - 2013-08-08 20:13 - 00060307 _____ C:\Users\rsg#Admin\Desktop\aktionen-von-intsec-virus.txt 2013-08-06 22:48 - 2013-08-07 16:52 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2013-08-01 21:23 - 2013-08-01 21:23 - 00000216 _____ C:\Users\rsg#Admin\Downloads\1.rar 2013-07-20 19:27 - 2013-07-20 19:27 - 00000168 _____ C:\Users\rsg#Admin\Downloads\pbvid-108343.flv ==================== One Month Modified Files and Folders ======= 2013-08-10 08:36 - 2013-08-10 08:36 - 00000000 ____D C:\FRST 2013-08-10 08:27 - 2013-08-10 08:27 - 00000966 _____ C:\Users\rsg#Admin\Desktop\Rkill.txt 2013-08-10 08:20 - 2013-08-10 03:03 - 00000000 ____D C:\Users\rsg#Admin\Desktop\antimalware-tools 2013-08-10 07:35 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-10 07:35 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-10 07:05 - 2008-12-09 00:21 - 00000000 ____D C:\Users\rsg#Admin 2013-08-10 06:52 - 2013-08-10 06:51 - 00000020 _____ C:\Users\rsg#Admin\defogger_reenable 2013-08-10 06:49 - 2013-08-10 06:49 - 01230570 _____ (Farbar) C:\Users\rsg#Admin\Desktop\2-FRST_32bit.exe 2013-08-10 05:08 - 2013-08-10 05:08 - 05782572 _____ C:\Windows\system32\~.tmp 2013-08-10 05:06 - 2013-08-10 04:53 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-08-10 05:05 - 2009-11-30 23:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-08-10 04:58 - 2013-04-22 18:20 - 01180875 _____ C:\Windows\WindowsUpdate.log 2013-08-10 04:53 - 2013-08-10 04:53 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Malwarebytes 2013-08-10 04:52 - 2013-08-10 04:52 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-10 04:52 - 2013-08-10 04:52 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-10 04:52 - 2013-08-10 04:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-08-10 04:05 - 2013-08-10 04:05 - 00017206 _____ C:\ComboFix.txt 2013-08-10 04:05 - 2013-08-10 03:17 - 00000000 ____D C:\ComboFix 2013-08-10 04:05 - 2013-08-10 03:15 - 00000000 ____D C:\Qoobox 2013-08-10 04:03 - 2013-08-10 03:13 - 00000000 ____D C:\Windows\erdnt 2013-08-10 03:59 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini 2013-08-10 03:58 - 2008-12-09 01:24 - 00083463 _____ C:\ProgramData\nvModes.001 2013-08-10 03:54 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-08-10 03:35 - 2013-08-09 23:27 - 00003042 _____ C:\Windows\PFRO.log 2013-08-10 03:35 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-10 03:33 - 2006-11-02 12:22 - 62652416 _____ C:\Windows\system32\config\SOFTWARE.bak 2013-08-10 03:33 - 2006-11-02 12:22 - 41418752 _____ C:\Windows\system32\config\COMPON~2.bak 2013-08-10 03:33 - 2006-11-02 12:22 - 28835840 _____ C:\Windows\system32\config\SYSTEM.bak 2013-08-10 03:33 - 2006-11-02 12:22 - 04194304 _____ C:\Windows\system32\config\DEFAULT.bak 2013-08-10 03:33 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak 2013-08-10 03:33 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SAM.bak 2013-08-10 03:32 - 2008-12-10 22:48 - 00000012 _____ C:\Windows\bthservsdp.dat 2013-08-10 03:32 - 2006-11-02 15:01 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-10 02:19 - 2013-08-10 02:19 - 00001648 _____ C:\Users\rsg#Admin\Desktop\virus-regloeschversuche.txt 2013-08-10 02:14 - 2008-10-23 03:54 - 00000000 ____D C:\Program Files\Google 2013-08-10 00:40 - 2013-08-10 00:40 - 00000000 ____D C:\Users\rsg#Admin\Documents\virenbekämpfung-reg 2013-08-09 22:20 - 2009-05-03 06:17 - 00000600 _____ C:\Users\rsg#Admin\AppData\Roaming\winscp.rnd 2013-08-09 21:49 - 2013-08-09 21:49 - 00000000 ____D C:\Users\RSG#AD~1\AppData\Local\Macromedia 2013-08-09 20:59 - 2013-08-09 20:59 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Macromedia 2013-08-09 20:57 - 2010-02-21 20:36 - 00000000 ____D C:\Users\RSG#AD~1\AppData\Local\Adobe 2013-08-09 20:56 - 2013-08-09 20:56 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-08-09 20:56 - 2013-08-09 20:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-08-09 20:42 - 2010-02-21 20:36 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Adobe 2013-08-09 06:37 - 2013-08-09 06:37 - 00000698 _____ C:\Users\rsg#Admin\Desktop\LRT-Altlasten -Verknüpfung.lnk 2013-08-09 01:38 - 2013-08-09 01:21 - 00000000 ____D C:\Users\rsg#Admin\Desktop\Informationstechnologie-2013 2013-08-08 20:43 - 2009-12-07 01:42 - 00000000 ____D C:\Users\rsg#Admin\Documents\registry backups 2013-08-08 20:13 - 2013-08-08 06:58 - 00060307 _____ C:\Users\rsg#Admin\Desktop\aktionen-von-intsec-virus.txt 2013-08-08 19:54 - 2008-07-11 18:00 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-08-08 19:54 - 2008-07-11 18:00 - 00000000 ____D C:\Program Files\Adobe 2013-08-08 06:07 - 2008-12-09 00:25 - 00000000 ____D C:\Users\RSG#AD~1\AppData\Local\Google 2013-08-07 16:52 - 2013-08-06 22:48 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2013-08-07 16:52 - 2012-10-10 18:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-08-07 05:25 - 2012-12-21 02:44 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\vlc 2013-08-07 05:01 - 2008-12-09 03:31 - 00138752 _____ C:\Users\RSG#AD~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-08-07 00:17 - 2009-10-31 22:00 - 00000020 ____H C:\ProgramData\PKP_DLdw.DAT 2013-08-06 22:09 - 2012-10-25 17:02 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM 2013-08-04 18:44 - 2009-05-24 21:23 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Skype 2013-08-01 21:23 - 2013-08-01 21:23 - 00000216 _____ C:\Users\rsg#Admin\Downloads\1.rar 2013-07-29 14:23 - 2008-12-09 01:24 - 00083463 _____ C:\ProgramData\nvModes.dat 2013-07-28 22:12 - 2009-10-31 21:16 - 00000020 ____H C:\ProgramData\PKP_DLdu.DAT 2013-07-23 02:58 - 2008-01-21 09:16 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-20 19:27 - 2013-07-20 19:27 - 00000168 _____ C:\Users\rsg#Admin\Downloads\pbvid-108343.flv 2013-07-18 00:59 - 2013-01-08 04:28 - 00000000 ____D C:\Users\rsg#Admin\Documents\e-Shopping Files to move or delete: ==================== ZeroAccess: C:\Program Files\Google\Desktop\Install\{aead6260-d3f0-b306-01da-8bd8a6f55800} C:\ProgramData\nvModes.dat ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2013-08-10 03:54 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-08-2013 Ran by rsg#Admin at 2013-08-10 08:45:34 Running from C:\Users\rsg#Admin\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 2007 Microsoft Office Suite Service Pack 1 (SP1) 7-Zip 9.20 AAV 6.0.00.15 AC3Filter 1.63b (Version: 1.63b) Acer Arcade Deluxe (Version: 2.1.5529) Acer Bio Protection Acer Crystal Eye Webcam 3.0.6.3 (Version: 3.0.6.3) Acer eAudio Management (Version: 3.0.3009) Acer eDataSecurity Management (Version: 3.0.3065) Acer Empowering Technology (Version: 3.0.3010) Acer ePower Management (Version: 3.0.3014) Acer eSettings Management (Version: 3.0.3007) Acer GridVista (Version: 2.72.317) Acer Mobility Center Plug-In (Version: 3.0.3000) Acer ScreenSaver (Version: 1.13.1301) Acer VCM (Version: 3.1.3000) Adobe AIR (Version: 1.5.3.9120) Adobe Anchor Service CS4 (Version: 2.0) Adobe Bridge CS4 (Version: 3) Adobe CMaps CS4 (Version: 2.0) Adobe Color - Photoshop Specific CS4 (Version: 2.0) Adobe Color EU Recommended Settings CS4 (Version: 2.0) Adobe Color JA Extra Settings CS4 (Version: 2.0) Adobe Color NA Extra Settings CS4 (Version: 2.0) Adobe Color Video Profiles CS CS4 (Version: 2.0) Adobe CSI CS4 (Version: 1) Adobe Default Language CS4 (Version: 2.0) Adobe Device Central CS4 (Version: 2) Adobe Drive CS4 (Version: 1) Adobe ExtendScript Toolkit CS4 (Version: 3.0.0) Adobe Extension Manager CS4 (Version: 2.0) Adobe Flash Player 11 Plugin (Version: 11.8.800.94) Adobe Fonts All (Version: 2.0) Adobe Linguistics CS4 (Version: 4.0.0) Adobe Output Module (Version: 2.0) Adobe PDF Library Files CS4 (Version: 9.0) Adobe Photoshop CS4 (Version: 11.0) Adobe Photoshop CS4 Support (Version: 11.0) Adobe Photoshop Elements 2.0 (Version: 2.0) Adobe Search for Help (Version: 1.0) Adobe Service Manager Extension (Version: 1.0) Adobe Setup (Version: 2.0) Adobe Type Support CS4 (Version: 9.0) Adobe Update Manager CS4 (Version: 6.0.0) Adobe WinSoft Linguistics Plugin (Version: 1.1) Adobe XMP Panels CS4 (Version: 2.0) AdobeColorCommonSetCMYK (Version: 2.0) AdobeColorCommonSetRGB (Version: 2.0) aerosoft's - German Airports 1 - FS2002 Agere Systems HDA Modem Apple Software Update (Version: 2.1.1.116) Arta Software version 1.7.0 ASIO4ALL (Version: 2.11 Beta1) AssaultCube v0.93 AssaultCube v1.0 (Version: v1.0) AssaultCube v1.1.0.1 (Version: v1.1.0.1) Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (Version: 1.0.0.30) Audacity 1.2.6 AVerMedia A309 (MiniCard, DVB-T) 1.0.0.43 (Version: 1.0.0.43) Backspin Billiards Call of Duty(R) 2 (Version: 1.2) Canon Camera Access Library (Version: 8.2.0.1) Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.3.0.11) Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.2.0.11) Canon G.726 WMP-Decoder (Version: 1.0.1.3) CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.2.0.5) Canon Internet Library for ZoomBrowser EX (Version: 1.4.2.6) Canon MovieEdit Task for ZoomBrowser EX (Version: 2.3.0.19) Canon RAW Image Task for ZoomBrowser EX (Version: 2.4.0.7) Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.6.0.9) Canon Utilities PhotoStitch (Version: 3.1.18.42) Canon Utilities ZoomBrowser EX (Version: 5.7.0.74) CCleaner (remove only) Cisco AnyConnect Secure Mobility Client (Version: 3.0.4235) Cisco AnyConnect Secure Mobility Client (Version: 3.0.4235) Cisco Systems VPN Client 5.0.05.0290 (Version: 5.0.5) Connect (Version: 1.0.0.1) Cortona3D Viewer (Version: 6.0.179) COWON S9 User's Guide (Version: 1.50.000) Dassault Systemes Software B19 Dassault Systemes Software Prerequisites x86 (Version: 8.1.3) Data Lifeguard Diagnostic for Windows (Version: 1.13) DeepSkyStacker (Version: 3.2.0) dotoo Dropbox (HKCU Version: 2.0.22) EC135 Glass cockpit (Version: 1.0) EncFlac 1.1.2 (Version: 1.1.2) eSobi v2 (Version: 2.0.3.000201) EVEREST Home Edition v2.20 (Version: 2.20) Exact Audio Copy 0.99pb5 (Version: 0.99pb5) Ext2 IFS 1.11a for Windows Vista/2008 File Uploader (Version: 1.2.1) FileZilla Client 3.6.0.2 (Version: 3.6.0.2) FLAC 1.2.1b (remove only) (Version: 1.2.1b) Functions 3D Google Earth (Version: 6.1.0.5001) Google Translator Google Update Helper (Version: 1.3.21.123) GPL Ghostscript 8.70 Heat Online HijackThis 2.0.2 (Version: 2.0.2) HP Officejet Pro 8600 - Grundlegende Software für das Gerät (Version: 25.0.619.0) HP Officejet Pro 8600 Hilfe (Version: 140.0.2.2) I.R.I.S. OCR (Version: 12.3.4.0) Intel PROSet Wireless Intel(R) PROSet/Wireless WiFi-Software (Version: 12.00.0004) Intel® Matrix Storage Manager IrfanView (remove only) ITECIR (Version: 1.6) IvAp v1.3.8 (b2150) Java Auto Updater (Version: 2.0.3.1) Java(TM) 6 Update 24 (Version: 6.0.240) jetAudio Basic VX (Version: 7.1.7) JMicron JMB38X Flash Media Controller (Version: 1.00.12.07) Kaspersky Internet Security 2010 (Version: 9.0.0.459) kuler (Version: 2.0) Launch Manager LECTURNITY Player (Version: 4.0.0000) LEd Beta 0.53 LightScribe 1.4.142.1 (Version: 1.4.142.1) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Manual CanoScan 8400F Mathcad (Version: 14.0.3.0) Mathcad PDSi viewable support (Version: 9.0.0) MATLAB R2011a (Version: 7.12) maxdome - Online Videothek Version 3.1.0 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Device Emulator version 3.0 - ENU (Version: 9.0.21022) Microsoft Document Explorer 2008 Microsoft Document Explorer 2008 (Version: 9.0.21022) Microsoft Flight Simulator 2002 Microsoft Office 2000 SR-1 Professional (Version: 9.00.3821) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6215.1000) Microsoft Office Home and Student 2007 (Version: 12.0.6215.1000) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6215.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6215.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6213.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6213.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6215.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Visual Web Developer 2007 (Version: 12.0.4518.1066) Microsoft Office Visual Web Developer MUI (English) 2007 (Version: 12.0.4518.1066) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6215.1000) Microsoft Silverlight (Version: 4.0.60310.0) Microsoft SQL Server Compact 3.5 Design Tools ENU (Version: 3.5.5386.0) Microsoft SQL Server Compact 3.5 ENU (Version: 3.5.5386.0) Microsoft SQL Server Compact 3.5 for Devices ENU (Version: 3.5.5386.0) Microsoft SQL Server Database Publishing Wizard 1.2 (Version: 1.2.0.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (Version: 11.0.51106.1) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Visual Studio 2008 Professional Edition - ENU Microsoft Visual Studio 2008 Professional Edition - ENU (Version: 9.0.21022) Microsoft Visual Studio Web Authoring Component (Version: 12.0.4518.1066) Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (Version: 3.5.21022) Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011) Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (Version: 6.1.5288.17011) Microsoft Windows SDK for Visual Studio 2008 Tools (Version: 6.1.5288.17011) Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (Version: 6.1.5288.17011) Microsoft Works (Version: 08.05.0822) MinGW-Get version 0.2-alpha-2 (Version: 0.2-alpha-2) Miranda IM 0.10.16 (Version: 0.10.16) Monkey's Audio Mozilla Firefox 8.0.1 (x86 de) (Version: 8.0.1) Mozilla Maintenance Service (Version: 17.0.8) Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) My Pictures 3D 1.2 Neat Image v6 Demo (with plug-in) Nikon Message Center (Version: 0.92.000) Nikon RAW Codec (Version: 1.00.0000) Nikon Transfer (Version: 1.5.0) NTI Backup Now 5 (Version: 5.1.2.606) NTI Backup Now Standard (Version: 5.1.2.606) NTI Media Maker 8 (Version: 8.0.2.6329) n-tv plus (Version: 7.4.3.0) NVIDIA Drivers (Version: 1.4) NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0) NVIDIA Install Application (Version: 2.1002.109.718) NVIDIA PhysX (Version: 9.10.0129) OmniPage SE 2.0 (Version: 2.00.0004) OpenAL OpenOffice.org 3.1 (Version: 3.1.9399) OpenVPN 2.1_rc19 (Version: 2.1_rc19) Opera 12.12 (Version: 12.12.1707) Orion (Version: 2.0.1) PDF Settings CS4 (Version: 9.0) PDFCreator (Version: 0.9.9) PDF-XChange Viewer (Version: 2.0.57.0) Photomatix Basic version 1.0 (Version: 1.0) PhotoNow! (Version: 1.1.4619) Photoshop Camera Raw (Version: 5.0) Picture Control Utility (Version: 1.1.6) POD-Bot 2.5 Python 2.5 pywin32-210 Python 2.5 SCons - a software construction tool Python 2.5.2 (Version: 2.5.2150) Qtpfsgui 1.9.1 QuickTime (Version: 7.55.90.70) Razer Copperhead (Version: 5.01) Realtek High Definition Audio Driver (Version: 6.0.1.5618) S.T.A.L.K.E.R. - Shadow of Chernobyl (Version: 1.0000) SA32xx Device Manager (Version: 01.01.00.1022) SA32xx Media Converter (Version: 1.0.6.1013) Sauerbraten SDFormatter (Version: 3.1.0) SideWinder Precision 2 Skype™ 6.3 (Version: 6.3.105) SopCast 3.5.0 (Version: 3.5.0) SpeechRedist (Version: 1.0.0) SpeedFan (remove only) Suite Shared Configuration CS4 (Version: 1.0) Synaptics Pointing Device Driver (Version: 10.2.4.1) TeamSpeak 2 RC2 (Version: 2.0.32.60) TeXnicCenter Version 1.0 Stable RC1 (Version: Version 1.0 Stable RC1) The Eye v1.0.6 (b345) Thief - Deadly Shadows (Version: 1.0) TI Connect 1.6 (Version: 1.6) TmNationsForever Unlocker 1.8.7 (Version: 1.8.7) Unreal Tournament 2004 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Office 2007 (KB946691) Urban Terror 4.1 Validity Sensors software (Version: 2.7.44) VBA (3821b) (Version: 6.01.00.1234) VC Runtimes MSI (Version: 9.0.21022) ViewNX (Version: 1.4.0) VLC media player 2.0.5 (Version: 2.0.5) watchmi (Version: 2.3.0) WD Drive Manager (x86) (Version: 2.107) Webocton - Scriptly 0.8.95.2 (Version: 0.8.95.2) WIDCOMM Bluetooth Software 6.0.1.5000 (Version: 6.0.1.5000) Winamp (Version: 5.63 ) Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1) Windows Media Player Firefox Plugin (Version: 1.0.0.8) Windows Mobile 5.0 SDK R2 for Pocket PC (Version: 5.00.1700.5.14343.06) Windows Mobile 5.0 SDK R2 for Smartphone (Version: 5.00.1700.5.14343.06) WinRAR archiver World of Tanks Xvid Video Codec (Version: 1.3.2) ZDFmediathek Version 2.1.5 ==================== Restore Points ========================= 08-08-2013 10:26:27 Geplanter Prüfpunkt 08-08-2013 17:10:44 Removed Adobe Reader 8.1.0 ==================== Hosts content: ========================== 2006-11-02 12:23 - 2013-08-10 03:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3979F0EB-E6EE-4362-99EA-1B1661C3D80E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] () Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {5BE18BFE-3FC2-4A06-BECC-4EE7642A50A1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation) Task: {8AF4D916-05C5-4C99-B9F3-AF52C31D7378} - System32\Tasks\Microsoft\Windows\WindowsBackup\CheckFull => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation) Task: {8DCD0E60-B751-473A-9156-EDECC1EAC444} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] () Task: {A2255406-6B70-4A48-87C2-7A073A54D593} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation) Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) Task: {CCD65611-54B4-4C72-AC99-8622194931EB} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.) Task: {D7F7640A-5711-45C6-93FE-D8C54C636AA1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () ==================== Faulty Device Manager Devices ============= Name: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller Description: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Atheros Service: L1E Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: TOSHIBA Virtual CD Drive USB Device Description: CD-ROM-Laufwerk Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard-CD-ROM-Laufwerke) Service: cdrom Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Deterministic Network Enhancer Miniport #6 Description: Deterministic Network Enhancer Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Deterministic Networks Service: DNE Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: MAC Bridge Miniport Description: MAC Bridge Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: BridgeMP Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Cisco Systems VPN Adapter Description: Cisco Systems VPN Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/10/2013 03:35:32 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/10/2013 02:24:45 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/10/2013 02:17:38 AM) (Source: EventSystem) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/10/2013 01:48:37 AM) (Source: EventSystem) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/09/2013 11:29:04 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/09/2013 11:28:36 PM) (Source: EventSystem) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/09/2013 11:25:18 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung winamp.exe, Version 5.6.3.3235, Zeitstempel 0x4fec7b3e, fehlerhaftes Modul out_maiko.dll, Version 0.0.0.0, Zeitstempel 0x50698d32, Ausnahmecode 0xc0000095, Fehleroffset 0x000058e2, Prozess-ID 0x27a8, Anwendungsstartzeit winamp.exe0. Error: (08/09/2013 07:56:49 AM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung explorer.exe, Version 6.0.6002.18005, Zeitstempel 0x49e01da5, fehlerhaftes Modul NEFcodec.dll, Version 1.4.0.3005, Zeitstempel 0x48507b7c, Ausnahmecode 0xc0000005, Fehleroffset 0x00193786, Prozess-ID 0x21c4, Anwendungsstartzeit explorer.exe0. Error: (08/09/2013 07:56:48 AM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b14e, fehlerhaftes Modul NEFcodec.dll, Version 1.4.0.3005, Zeitstempel 0x48507b7c, Ausnahmecode 0xc0000005, Fehleroffset 0x00193786, Prozess-ID 0x1b78, Anwendungsstartzeit DllHost.exe0. Error: (08/08/2013 07:10:59 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Details: AddWin32ServiceFiles: Unable to back up image of service Windows-Defender since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. System errors: ============= Error: (08/10/2013 08:46:19 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (08/10/2013 08:36:19 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (08/10/2013 08:26:19 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (08/10/2013 08:16:19 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (08/10/2013 08:06:19 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (08/10/2013 07:56:19 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (08/10/2013 07:46:19 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (08/10/2013 07:36:19 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (08/10/2013 07:26:19 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (08/10/2013 07:16:19 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-08-10 08:45:01.355 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-10 08:45:01.186 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-10 08:45:00.982 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-10 08:45:00.787 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klmouflt.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-10 08:45:00.490 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-10 08:45:00.295 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-10 08:45:00.113 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-10 08:44:59.913 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\klif.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-10 08:37:46.569 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-10 08:37:46.389 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 74% Total physical RAM: 3068.03 MB Available physical RAM: 795.56 MB Total Pagefile: 6343.07 MB Available Pagefile: 3195.98 MB Total Virtual: 2047.88 MB Available Virtual: 1906.31 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:5.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:137.5 GB) (Free:0.21 GB) NTFS Drive i: (TOSHIBA HDD) (Fixed) (Total:930.53 GB) (Free:121.41 GB) NTFS Drive y: () (Fixed) (Total:3.54 GB) (Free:1.17 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: B1473A62) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=138 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=4 GB) - (Type=12) ======================================================== Disk: 1 (Size: 931 GB) (Disk ID: 2F180927) Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Der vollständige MBAM-Scan (nicht im abgesicherten Modus) ist gerade fertig geworden: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.09.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 rsg#Admin :: RSG_E-HIRN [Administrator] 10.08.2013 05:42:31 mbam-log-2013-08-10 (05-42-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Y:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 702413 Laufzeit: 3 Stunde(n), 31 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Gut, könnte auch sein, dass der Ordner nicht löschbar und als infiziert erkennbar ist, da er von KIS unter Quarantäne gestellt wurde? Kaspersky: Code:
ATTFilter 08.08.2013 03:48:09 Unter Quarantäne unbekannte Bedrohung UDS:DangerousObject.Multi.Generic Datei C:\Program Files\Google\Desktop\Install\{aead6260-d3f0-b306-01da-8bd8a6f55800}\ \...\*ﯹ๛\{aead6260-d3f0-b306-01da-8bd8a6f55800}\ GoogleUpdate.exe
Geändert von DoomBrigade (10.08.2013 um 08:29 Uhr) |
|
10.08.2013, 09:59
| #4 |
| /// the machine /// TB-Ausbilder | Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyServer: 192.168.178.20:80
ZeroAccess:
C:\Program Files\Google\Desktop\Install\{aead6260-d3f0-b306-01da-8bd8a6f55800}
C:\ProgramData\nvModes.dat
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.08.2013, 18:39
| #5 |
| | Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-08-2013
Ran by rsg#Admin at 2013-08-10 18:36:37 Run:1
Running from C:\Users\rsg#Admin\Desktop
Boot Mode: Normal
==============================================
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
"C:\Program Files\Google\Desktop\Install\{aead6260-d3f0-b306-01da-8bd8a6f55800}" directory move:
Could not move "C:\Program Files\Google\Desktop\Install\{aead6260-d3f0-b306-01da-8bd8a6f55800}" directory. => Scheduled to move on reboot.
C:\ProgramData\nvModes.dat => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\de-DE" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtMon.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtPlug.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSigDwn.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSoftEx.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
=========== Result of Scheduled Files to move ===========
C:\Program Files\Google\Desktop\Install\{aead6260-d3f0-b306-01da-8bd8a6f55800} => Deleted successfully.
==== End of Fixlog ====
Weiteres Vorgehen? |
|
11.08.2013, 08:03
| #6 |
| /// the machine /// TB-Ausbilder | Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM Supi, poste bitte ein frisches FRST log.
__________________ --> Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM |
|
11.08.2013, 19:00
| #7 |
| | Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM frisches FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-08-2013
Ran by rsg#Admin (administrator) on 11-08-2013 19:53:30
Running from C:\Users\rsg#Admin\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
() C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
(Acresso Software Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
() C:\Program Files\Razer\Copperhead\razerhid.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Realtek Semiconductor Corp.) C:\Users\RSG#AD~1\AppData\Local\Temp\RtkBtMnt.exe
(Razer Inc.) C:\Program Files\Razer\Copperhead\razerofa.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(uWebb Software) D:\Software\Performance\ThrottleStop_400\ThrottleStop.exe
( ) C:\Program Files\Miranda IM\miranda32.exe
() C:\Program Files\Razer\Copperhead\razertra.exe
(Tracker Software Products Ltd.) C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1037608 2008-04-04] (Synaptics, Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13548064 2008-08-01] (NVIDIA Corporation)
HKLM\...\Run: [ZPdtWzdVitaKey MC3000] - C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [3719680 2008-10-23] (Arachnoid Biometrics Identification Group Corp.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-06-30] ()
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-11] (Acer Incorporated)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [razer] - C:\Program Files\Razer\Copperhead\razerhid.exe [155648 2005-11-25] ()
HKLM\...\Run: [LManager] - C:\PROGRA~1\LAUNCH~1\LManager.exe [809480 2008-06-16] (Dritek System Inc.)
HKLM\...\Run: [WD Drive Manager] - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [450560 2008-07-24] (WDC)
HKLM\...\Run: [avp] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [311680 2010-10-14] (Kaspersky Lab)
Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [X]
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Gast\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Gast\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Gast.rsg_e-Hirn\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Gast.rsg_e-Hirn\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Gast.rsg_e-Hirn\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-21] (Microsoft Corporation)
HKU\rsg.gaming\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Internet (Whitelisted) ====================
ProxyServer: 192.168.178.20:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,start page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6935
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F07E53AA-B14F-48E0-8CB6-45AE0EFAB848} hxxp://www.cyberlink.com/prog/oem/acer/update/UpdateAdvisor.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a3bkgly2.default
FF NetworkProxy: "autoconfig_url", "192.168.178.20"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @parallelgraphics.com/Cortona - C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a3bkgly2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: color_management - C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a3bkgly2.default\Extensions\color_management@seanhayes.name.xpi
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt
FF Extension: Kaspersky Anti-Spam Extension - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt
========================== Services (Whitelisted) =================
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [311680 2010-10-14] (Kaspersky Lab)
S3 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.)
S3 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-16] ()
S4 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2009-01-13] (Cisco Systems, Inc.)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] ()
R2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3520512 2008-10-23] ()
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S4 msvsmon90; d:\Software\Microsoft\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [2722845 2009-04-15] (INCA Internet Co., Ltd.)
S3 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2009-07-16] ()
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-04-04] ()
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated)
S4 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [475088 2011-09-09] (Cisco Systems, Inc.)
S4 watchmi; C:\Program Files\watchmi\TvdService.exe [55808 2010-09-09] ()
R2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [102400 2008-07-24] (WDC)
==================== Drivers (Whitelisted) ====================
S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [38440 2011-09-09] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [57000 2011-09-09] (Cisco Systems, Inc.)
R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43184 2008-10-23] (Alfa Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131856 2008-08-28] (Deterministic Networks, Inc.)
R1 DritekPortIO; C:\PROGRA~1\LAUNCH~1\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R1 Ext2fs; C:\Windows\System32\DRIVERS\ext2fs.sys [189888 2008-09-25] (Stephan Schreiber)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R1 IfsMount; C:\Windows\System32\DRIVERS\ifsmount.sys [60352 2008-08-28] (Stephan Schreiber)
R2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-08-19] (Acer, Inc.)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-18] (ITE Tech. Inc. )
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-12-01] (Kaspersky Lab)
R0 klbg; C:\Windows\System32\drivers\klbg.sys [33808 2008-12-15] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [280592 2009-12-01] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [21008 2009-05-15] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19472 2009-05-16] (Kaspersky Lab)
S3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [16688 2007-04-24] (IBM)
S3 SilverLink; C:\Windows\System32\Drivers\SilvrLnk.sys [21456 2004-01-28] (Texas Instruments Incorporated)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-12-31] (Duplex Secure Ltd.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-07-16] (The OpenVPN Project)
R3 UsbFltr; C:\Windows\System32\drivers\copperhd.sys [11596 2005-11-02] (Razer (Asia-Pacific) Pte Ltd)
R3 WinRing0_1_2_0; D:\Software\Performance\ThrottleStop_400\WinRing0.sys [14416 2008-07-26] (OpenLibSys.org)
S2 adfs; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 CVPNDRVA; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S2 NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-11 16:31 - 2013-08-11 16:31 - 01068411 _____ (Farbar) C:\Users\rsg#Admin\Downloads\FRST.exe
2013-08-10 18:41 - 2013-08-10 18:41 - 00083463 _____ C:\ProgramData\nvModes.dat
2013-08-10 08:36 - 2013-08-10 19:30 - 00000000 ____D C:\FRST
2013-08-10 06:51 - 2013-08-10 06:52 - 00000020 _____ C:\Users\rsg#Admin\defogger_reenable
2013-08-10 06:49 - 2013-08-10 06:49 - 01230570 _____ (Farbar) C:\Users\rsg#Admin\Desktop\2-FRST_32bit.exe
2013-08-10 05:08 - 2013-08-10 05:08 - 05782572 _____ C:\Windows\system32\~.tmp
2013-08-10 04:53 - 2013-08-10 04:53 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Malwarebytes
2013-08-10 04:52 - 2013-08-10 04:52 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-10 04:52 - 2013-08-10 04:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-10 04:52 - 2013-08-10 04:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-10 04:52 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-10 04:05 - 2013-08-10 04:05 - 00017206 _____ C:\ComboFix.txt
2013-08-10 03:18 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-10 03:18 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-10 03:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-10 03:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-10 03:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-10 03:18 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-10 03:18 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-10 03:18 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-10 03:17 - 2013-08-10 04:05 - 00000000 ____D C:\ComboFix
2013-08-10 03:15 - 2013-08-10 04:05 - 00000000 ____D C:\Qoobox
2013-08-10 03:13 - 2013-08-10 04:03 - 00000000 ____D C:\Windows\erdnt
2013-08-10 03:03 - 2013-08-11 16:35 - 00000000 ____D C:\Users\rsg#Admin\Desktop\antimalware-tools
2013-08-10 02:19 - 2013-08-10 02:19 - 00001648 _____ C:\Users\rsg#Admin\Desktop\virus-regloeschversuche.txt
2013-08-10 00:40 - 2013-08-10 00:40 - 00000000 ____D C:\Users\rsg#Admin\Documents\virenbekämpfung-reg
2013-08-09 23:27 - 2013-08-10 03:35 - 00003042 _____ C:\Windows\PFRO.log
2013-08-09 21:49 - 2013-08-09 21:49 - 00000000 ____D C:\Users\RSG#AD~1\AppData\Local\Macromedia
2013-08-09 20:59 - 2013-08-09 20:59 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Macromedia
2013-08-09 20:56 - 2013-08-09 20:56 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-09 20:56 - 2013-08-09 20:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 06:37 - 2013-08-09 06:37 - 00000698 _____ C:\Users\rsg#Admin\Desktop\LRT-Altlasten -Verknüpfung.lnk
2013-08-09 01:21 - 2013-08-09 01:38 - 00000000 ____D C:\Users\rsg#Admin\Desktop\Informationstechnologie-2013
2013-08-08 06:58 - 2013-08-08 20:13 - 00060307 _____ C:\Users\rsg#Admin\Desktop\aktionen-von-intsec-virus.txt
2013-08-06 22:48 - 2013-08-07 16:52 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-01 21:23 - 2013-08-01 21:23 - 00000216 _____ C:\Users\rsg#Admin\Downloads\1.rar
2013-07-20 19:27 - 2013-07-20 19:27 - 00000168 _____ C:\Users\rsg#Admin\Downloads\pbvid-108343.flv
==================== One Month Modified Files and Folders =======
2013-08-11 19:02 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-11 19:02 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-11 17:45 - 2009-11-30 23:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-11 16:35 - 2013-08-10 03:03 - 00000000 ____D C:\Users\rsg#Admin\Desktop\antimalware-tools
2013-08-11 16:32 - 2013-08-11 16:32 - 01068411 _____ (Farbar) C:\Users\rsg#Admin\Desktop\FRST.exe
2013-08-11 16:31 - 2013-08-11 16:31 - 01068411 _____ (Farbar) C:\Users\rsg#Admin\Downloads\FRST.exe
2013-08-11 15:11 - 2013-04-22 18:20 - 01813542 _____ C:\Windows\WindowsUpdate.log
2013-08-11 15:01 - 2008-12-09 01:24 - 00083463 _____ C:\ProgramData\nvModes.001
2013-08-10 22:08 - 2009-07-04 18:15 - 00000000 ____D C:\Users\rsg#Admin\AppData\Local\Apps\2.0
2013-08-10 20:45 - 2009-05-24 21:23 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Skype
2013-08-10 19:35 - 2008-10-23 03:54 - 00000000 ____D C:\Program Files\Google
2013-08-10 19:30 - 2013-08-10 08:36 - 00000000 ____D C:\FRST
2013-08-10 18:58 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-10 18:41 - 2013-08-10 18:41 - 00083463 _____ C:\ProgramData\nvModes.dat
2013-08-10 18:41 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-10 18:38 - 2008-12-10 22:48 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-08-10 18:38 - 2006-11-02 15:01 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-10 07:05 - 2008-12-09 00:21 - 00000000 ____D C:\Users\rsg#Admin
2013-08-10 06:52 - 2013-08-10 06:51 - 00000020 _____ C:\Users\rsg#Admin\defogger_reenable
2013-08-10 06:49 - 2013-08-10 06:49 - 01230570 _____ (Farbar) C:\Users\rsg#Admin\Desktop\2-FRST_32bit.exe
2013-08-10 05:08 - 2013-08-10 05:08 - 05782572 _____ C:\Windows\system32\~.tmp
2013-08-10 04:53 - 2013-08-10 04:53 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Malwarebytes
2013-08-10 04:52 - 2013-08-10 04:52 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-10 04:52 - 2013-08-10 04:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-10 04:52 - 2013-08-10 04:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-10 04:05 - 2013-08-10 04:05 - 00017206 _____ C:\ComboFix.txt
2013-08-10 04:05 - 2013-08-10 03:17 - 00000000 ____D C:\ComboFix
2013-08-10 04:05 - 2013-08-10 03:15 - 00000000 ____D C:\Qoobox
2013-08-10 04:03 - 2013-08-10 03:13 - 00000000 ____D C:\Windows\erdnt
2013-08-10 03:59 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-08-10 03:35 - 2013-08-09 23:27 - 00003042 _____ C:\Windows\PFRO.log
2013-08-10 03:33 - 2006-11-02 12:22 - 62652416 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-08-10 03:33 - 2006-11-02 12:22 - 41418752 _____ C:\Windows\system32\config\COMPON~2.bak
2013-08-10 03:33 - 2006-11-02 12:22 - 28835840 _____ C:\Windows\system32\config\SYSTEM.bak
2013-08-10 03:33 - 2006-11-02 12:22 - 04194304 _____ C:\Windows\system32\config\DEFAULT.bak
2013-08-10 03:33 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-08-10 03:33 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-08-10 02:19 - 2013-08-10 02:19 - 00001648 _____ C:\Users\rsg#Admin\Desktop\virus-regloeschversuche.txt
2013-08-10 00:40 - 2013-08-10 00:40 - 00000000 ____D C:\Users\rsg#Admin\Documents\virenbekämpfung-reg
2013-08-09 22:20 - 2009-05-03 06:17 - 00000600 _____ C:\Users\rsg#Admin\AppData\Roaming\winscp.rnd
2013-08-09 21:49 - 2013-08-09 21:49 - 00000000 ____D C:\Users\RSG#AD~1\AppData\Local\Macromedia
2013-08-09 20:59 - 2013-08-09 20:59 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Macromedia
2013-08-09 20:57 - 2010-02-21 20:36 - 00000000 ____D C:\Users\RSG#AD~1\AppData\Local\Adobe
2013-08-09 20:56 - 2013-08-09 20:56 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-09 20:56 - 2013-08-09 20:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 20:42 - 2010-02-21 20:36 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Adobe
2013-08-09 06:37 - 2013-08-09 06:37 - 00000698 _____ C:\Users\rsg#Admin\Desktop\LRT-Altlasten -Verknüpfung.lnk
2013-08-09 01:38 - 2013-08-09 01:21 - 00000000 ____D C:\Users\rsg#Admin\Desktop\Informationstechnologie-2013
2013-08-08 20:43 - 2009-12-07 01:42 - 00000000 ____D C:\Users\rsg#Admin\Documents\registry backups
2013-08-08 20:13 - 2013-08-08 06:58 - 00060307 _____ C:\Users\rsg#Admin\Desktop\aktionen-von-intsec-virus.txt
2013-08-08 19:54 - 2008-07-11 18:00 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-08 19:54 - 2008-07-11 18:00 - 00000000 ____D C:\Program Files\Adobe
2013-08-08 06:07 - 2008-12-09 00:25 - 00000000 ____D C:\Users\RSG#AD~1\AppData\Local\Google
2013-08-07 16:52 - 2013-08-06 22:48 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-07 16:52 - 2012-10-10 18:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-07 05:25 - 2012-12-21 02:44 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\vlc
2013-08-07 05:01 - 2008-12-09 03:31 - 00138752 _____ C:\Users\RSG#AD~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-07 00:17 - 2009-10-31 22:00 - 00000020 ____H C:\ProgramData\PKP_DLdw.DAT
2013-08-06 22:09 - 2012-10-25 17:02 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM
2013-08-01 21:23 - 2013-08-01 21:23 - 00000216 _____ C:\Users\rsg#Admin\Downloads\1.rar
2013-07-28 22:12 - 2009-10-31 21:16 - 00000020 ____H C:\ProgramData\PKP_DLdu.DAT
2013-07-23 02:58 - 2008-01-21 09:16 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-20 19:27 - 2013-07-20 19:27 - 00000168 _____ C:\Users\rsg#Admin\Downloads\pbvid-108343.flv
2013-07-18 00:59 - 2013-01-08 04:28 - 00000000 ____D C:\Users\rsg#Admin\Documents\e-Shopping
Files to move or delete:
====================
C:\ProgramData\nvModes.dat
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-10 18:59
==================== End Of Log ============================
|
|
12.08.2013, 08:01
| #8 |
| /// the machine /// TB-Ausbilder | Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.08.2013, 17:21
| #9 |
| | Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM MBAM log Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.09.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 rsg#Admin :: RSG_E-HIRN [Administrator] 12.08.2013 15:55:32 mbam-log-2013-08-12 (15-55-32).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 310791 Laufzeit: 6 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Adwcleaner log Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.09.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 rsg#Admin :: RSG_E-HIRN [Administrator] 12.08.2013 15:55:32 mbam-log-2013-08-12 (15-55-32).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 310791 Laufzeit: 6 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
12.08.2013, 17:47
| #10 |
| /// the machine /// TB-Ausbilder | Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM dann zeig mal das richtige Log damit ich das beurteilen kann 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.08.2013, 21:41
| #11 |
| | Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM Hoppla. AdwCleaner[S1].txt Code:
ATTFilter # AdwCleaner v2.306 - Datei am 12/08/2013 um 18:22:43 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : rsg#Admin - RSG_E-HIRN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\rsg#Admin\Desktop\adwcleaner2.306.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008\Microsoft Visual Studio 2008 Documentation.lnk
Ordner Gelöscht : C:\Program Files\Red Sky
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16490
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v8.0.1 (de)
Datei : C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a3bkgly2.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v12.12.1707.0
Datei : C:\Users\rsg#Admin\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R2].txt - [1954 octets] - [12/08/2013 16:46:46]
AdwCleaner[S1].txt - [1782 octets] - [12/08/2013 18:22:43]
########## EOF - C:\AdwCleaner[S1].txt - [1842 octets] ##########
Code:
ATTFilter # AdwCleaner v2.306 - Datei am 12/08/2013 um 16:46:46 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : rsg#Admin - RSG_E-HIRN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\rsg#Admin\Desktop\adwcleaner2.306.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Infiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008\Microsoft Visual Studio 2008 Documentation.lnk ( arg. : /helpcol ms-help://ms.vscc.v90 /LaunchNamedUrlTopic DefaultPage /usehelpsettings VisualStudio.9.0)
Ordner Gefunden : C:\Program Files\Red Sky
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16490
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v8.0.1 (de)
Datei : C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a3bkgly2.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v12.12.1707.0
Datei : C:\Users\rsg#Admin\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R2].txt - [1825 octets] - [12/08/2013 16:46:46]
########## EOF - C:\AdwCleaner[R2].txt - [1885 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.4 (08.12.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by rsg#Admin on 12.08.2013 at 22:44:55,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\rsg#Admin\AppData\Roaming\mozilla\firefox\profiles\a3bkgly2.default\minidumps [7 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.08.2013 at 22:47:50,51Y
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST log FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-08-2013
Ran by rsg#Admin (administrator) on 12-08-2013 22:52:25
Running from C:\Users\rsg#Admin\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
() C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(Acresso Software Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
() C:\Program Files\Razer\Copperhead\razerhid.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Razer\Copperhead\razertra.exe
(Realtek Semiconductor Corp.) C:\Users\RSG#AD~1\AppData\Local\Temp\RtkBtMnt.exe
(Razer Inc.) C:\Program Files\Razer\Copperhead\razerofa.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
() C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Microsoft Corporation) C:\Windows\regedit.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1037608 2008-04-04] (Synaptics, Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13548064 2008-08-01] (NVIDIA Corporation)
HKLM\...\Run: [ZPdtWzdVitaKey MC3000] - C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [3719680 2008-10-23] (Arachnoid Biometrics Identification Group Corp.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-06-30] ()
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-11] (Acer Incorporated)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [razer] - C:\Program Files\Razer\Copperhead\razerhid.exe [155648 2005-11-25] ()
HKLM\...\Run: [LManager] - C:\PROGRA~1\LAUNCH~1\LManager.exe [809480 2008-06-16] (Dritek System Inc.)
HKLM\...\Run: [WD Drive Manager] - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [450560 2008-07-24] (WDC)
HKLM\...\Run: [avp] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [311680 2010-10-14] (Kaspersky Lab)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [X]
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Gast\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Gast\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Gast.rsg_e-Hirn\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Gast.rsg_e-Hirn\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Gast.rsg_e-Hirn\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-21] (Microsoft Corporation)
HKU\rsg.gaming\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Internet (Whitelisted) ====================
ProxyServer: 192.168.178.20:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,start page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6935
SearchScopes: HKLM - DefaultScope value is missing.
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F07E53AA-B14F-48E0-8CB6-45AE0EFAB848} hxxp://www.cyberlink.com/prog/oem/acer/update/UpdateAdvisor.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a3bkgly2.default
FF NetworkProxy: "autoconfig_url", "192.168.178.20"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @parallelgraphics.com/Cortona - C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a3bkgly2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: color_management - C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a3bkgly2.default\Extensions\color_management@seanhayes.name.xpi
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt
FF Extension: Kaspersky Anti-Spam Extension - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt
========================== Services (Whitelisted) =================
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [311680 2010-10-14] (Kaspersky Lab)
S3 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.)
S3 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-16] ()
S4 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2009-01-13] (Cisco Systems, Inc.)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] ()
R2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3520512 2008-10-23] ()
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S4 msvsmon90; d:\Software\Microsoft\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [2722845 2009-04-15] (INCA Internet Co., Ltd.)
S3 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2009-07-16] ()
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-04-04] ()
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated)
S4 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [475088 2011-09-09] (Cisco Systems, Inc.)
S4 watchmi; C:\Program Files\watchmi\TvdService.exe [55808 2010-09-09] ()
R2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [102400 2008-07-24] (WDC)
==================== Drivers (Whitelisted) ====================
S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [38440 2011-09-09] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [57000 2011-09-09] (Cisco Systems, Inc.)
R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43184 2008-10-23] (Alfa Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131856 2008-08-28] (Deterministic Networks, Inc.)
R1 DritekPortIO; C:\PROGRA~1\LAUNCH~1\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R1 Ext2fs; C:\Windows\System32\DRIVERS\ext2fs.sys [189888 2008-09-25] (Stephan Schreiber)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R1 IfsMount; C:\Windows\System32\DRIVERS\ifsmount.sys [60352 2008-08-28] (Stephan Schreiber)
R2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-08-19] (Acer, Inc.)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-18] (ITE Tech. Inc. )
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-12-01] (Kaspersky Lab)
R0 klbg; C:\Windows\System32\drivers\klbg.sys [33808 2008-12-15] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [280592 2009-12-01] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [21008 2009-05-15] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19472 2009-05-16] (Kaspersky Lab)
S3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [16688 2007-04-24] (IBM)
S3 SilverLink; C:\Windows\System32\Drivers\SilvrLnk.sys [21456 2004-01-28] (Texas Instruments Incorporated)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-12-31] (Duplex Secure Ltd.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-07-16] (The OpenVPN Project)
R3 UsbFltr; C:\Windows\System32\drivers\copperhd.sys [11596 2005-11-02] (Razer (Asia-Pacific) Pte Ltd)
S2 adfs; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 CVPNDRVA; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S2 NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-12 22:44 - 2013-08-12 22:44 - 00000000 ____D C:\Windows\ERUNT
2013-08-12 18:22 - 2013-08-12 18:24 - 00001911 _____ C:\AdwCleaner[S1].txt
2013-08-12 16:46 - 2013-08-12 16:47 - 00001954 _____ C:\AdwCleaner[R2].txt
2013-08-12 16:37 - 2013-08-12 16:37 - 00959697 _____ (Oleg N. Scherbakov) C:\Users\rsg#Admin\Desktop\JRT.exe
2013-08-12 15:29 - 2013-08-12 15:29 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-12 15:29 - 2013-08-12 15:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-11 23:42 - 2013-08-11 23:43 - 00002160 _____ C:\Users\rsg#Admin\Desktop\Rkill.txt
2013-08-11 22:33 - 2013-08-11 22:33 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-11 22:33 - 2013-08-11 22:32 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-11 22:33 - 2013-08-11 22:32 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-11 22:32 - 2013-08-11 22:32 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-11 22:32 - 2013-08-11 22:32 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-11 22:32 - 2013-08-11 22:32 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-11 16:32 - 2013-08-11 16:32 - 01068411 _____ (Farbar) C:\Users\rsg#Admin\Desktop\FRST.exe
2013-08-11 16:31 - 2013-08-11 16:31 - 01068411 _____ (Farbar) C:\Users\rsg#Admin\Downloads\FRST.exe
2013-08-10 18:41 - 2013-08-10 18:41 - 00083463 _____ C:\ProgramData\nvModes.dat
2013-08-10 08:36 - 2013-08-10 19:30 - 00000000 ____D C:\FRST
2013-08-10 06:51 - 2013-08-10 06:52 - 00000020 _____ C:\Users\rsg#Admin\defogger_reenable
2013-08-10 06:49 - 2013-08-10 06:49 - 01230570 _____ (Farbar) C:\Users\rsg#Admin\Desktop\2-FRST_32bit.exe
2013-08-10 05:08 - 2013-08-10 05:08 - 05782572 _____ C:\Windows\system32\~.tmp
2013-08-10 04:53 - 2013-08-10 04:53 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Malwarebytes
2013-08-10 04:52 - 2013-08-10 04:52 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-10 04:52 - 2013-08-10 04:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-10 04:52 - 2013-08-10 04:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-10 04:52 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-10 04:05 - 2013-08-10 04:05 - 00017206 _____ C:\ComboFix.txt
2013-08-10 03:18 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-10 03:18 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-10 03:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-10 03:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-10 03:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-10 03:18 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-10 03:18 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-10 03:18 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-10 03:17 - 2013-08-10 04:05 - 00000000 ____D C:\ComboFix
2013-08-10 03:15 - 2013-08-10 04:05 - 00000000 ____D C:\Qoobox
2013-08-10 03:13 - 2013-08-10 04:03 - 00000000 ____D C:\Windows\erdnt
2013-08-10 03:06 - 2013-08-10 03:06 - 00666633 _____ C:\Users\rsg#Admin\Desktop\adwcleaner2.306.exe
2013-08-10 03:03 - 2013-08-12 22:43 - 00000000 ____D C:\Users\rsg#Admin\Desktop\antimalware-tools
2013-08-10 02:19 - 2013-08-10 02:19 - 00001648 _____ C:\Users\rsg#Admin\Desktop\virus-regloeschversuche.txt
2013-08-10 00:40 - 2013-08-10 00:40 - 00000000 ____D C:\Users\rsg#Admin\Documents\virenbekämpfung-reg
2013-08-09 23:27 - 2013-08-10 03:35 - 00003042 _____ C:\Windows\PFRO.log
2013-08-09 21:49 - 2013-08-09 21:49 - 00000000 ____D C:\Users\RSG#AD~1\AppData\Local\Macromedia
2013-08-09 20:59 - 2013-08-09 20:59 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Macromedia
2013-08-09 06:37 - 2013-08-09 06:37 - 00000698 _____ C:\Users\rsg#Admin\Desktop\LRT-Altlasten -Verknüpfung.lnk
2013-08-09 01:21 - 2013-08-12 07:49 - 00000000 ____D C:\Users\rsg#Admin\Desktop\Informationstechnologie-2013
2013-08-08 06:58 - 2013-08-08 20:13 - 00060307 _____ C:\Users\rsg#Admin\Desktop\aktionen-von-intsec-virus.txt
2013-08-06 22:48 - 2013-08-07 16:52 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-01 21:23 - 2013-08-01 21:23 - 00000216 _____ C:\Users\rsg#Admin\Downloads\1.rar
2013-07-20 19:27 - 2013-07-20 19:27 - 00000168 _____ C:\Users\rsg#Admin\Downloads\pbvid-108343.flv
==================== One Month Modified Files and Folders =======
2013-08-12 22:47 - 2013-08-12 22:47 - 00000773 _____ C:\Users\rsg#Admin\Desktop\JRT.txt
2013-08-12 22:44 - 2013-08-12 22:44 - 00000000 ____D C:\Windows\ERUNT
2013-08-12 22:43 - 2013-08-10 03:03 - 00000000 ____D C:\Users\rsg#Admin\Desktop\antimalware-tools
2013-08-12 22:32 - 2013-04-22 18:20 - 01862536 _____ C:\Windows\WindowsUpdate.log
2013-08-12 22:32 - 2009-11-30 23:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-12 22:32 - 2008-12-09 01:24 - 00083463 _____ C:\ProgramData\nvModes.001
2013-08-12 22:10 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-12 21:54 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-12 21:53 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-12 21:53 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-12 21:50 - 2008-12-10 22:48 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-08-12 21:50 - 2006-11-02 15:01 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-12 18:24 - 2013-08-12 18:22 - 00001911 _____ C:\AdwCleaner[S1].txt
2013-08-12 16:47 - 2013-08-12 16:46 - 00001954 _____ C:\AdwCleaner[R2].txt
2013-08-12 16:37 - 2013-08-12 16:37 - 00959697 _____ (Oleg N. Scherbakov) C:\Users\rsg#Admin\Desktop\JRT.exe
2013-08-12 15:40 - 2008-12-09 00:21 - 00000000 ____D C:\Users\rsg#Admin
2013-08-12 15:29 - 2013-08-12 15:29 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-12 15:29 - 2013-08-12 15:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-12 15:29 - 2010-02-21 20:36 - 00000000 ____D C:\Users\RSG#AD~1\AppData\Local\Adobe
2013-08-12 07:49 - 2013-08-09 01:21 - 00000000 ____D C:\Users\rsg#Admin\Desktop\Informationstechnologie-2013
2013-08-11 23:43 - 2013-08-11 23:42 - 00002160 _____ C:\Users\rsg#Admin\Desktop\Rkill.txt
2013-08-11 22:33 - 2013-08-11 22:33 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-11 22:32 - 2013-08-11 22:33 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-11 22:32 - 2013-08-11 22:33 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-11 22:32 - 2013-08-11 22:32 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-11 22:32 - 2013-08-11 22:32 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-11 22:32 - 2013-08-11 22:32 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-11 22:32 - 2011-05-01 01:07 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-11 22:32 - 2009-05-03 20:02 - 00000000 ____D C:\Program Files\Java
2013-08-11 16:32 - 2013-08-11 16:32 - 01068411 _____ (Farbar) C:\Users\rsg#Admin\Desktop\FRST.exe
2013-08-11 16:31 - 2013-08-11 16:31 - 01068411 _____ (Farbar) C:\Users\rsg#Admin\Downloads\FRST.exe
2013-08-10 22:08 - 2009-07-04 18:15 - 00000000 ____D C:\Users\rsg#Admin\AppData\Local\Apps\2.0
2013-08-10 20:45 - 2009-05-24 21:23 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Skype
2013-08-10 19:35 - 2008-10-23 03:54 - 00000000 ____D C:\Program Files\Google
2013-08-10 19:30 - 2013-08-10 08:36 - 00000000 ____D C:\FRST
2013-08-10 18:41 - 2013-08-10 18:41 - 00083463 _____ C:\ProgramData\nvModes.dat
2013-08-10 06:52 - 2013-08-10 06:51 - 00000020 _____ C:\Users\rsg#Admin\defogger_reenable
2013-08-10 06:49 - 2013-08-10 06:49 - 01230570 _____ (Farbar) C:\Users\rsg#Admin\Desktop\2-FRST_32bit.exe
2013-08-10 05:08 - 2013-08-10 05:08 - 05782572 _____ C:\Windows\system32\~.tmp
2013-08-10 04:53 - 2013-08-10 04:53 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Malwarebytes
2013-08-10 04:52 - 2013-08-10 04:52 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-10 04:52 - 2013-08-10 04:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-10 04:52 - 2013-08-10 04:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-10 04:05 - 2013-08-10 04:05 - 00017206 _____ C:\ComboFix.txt
2013-08-10 04:05 - 2013-08-10 03:17 - 00000000 ____D C:\ComboFix
2013-08-10 04:05 - 2013-08-10 03:15 - 00000000 ____D C:\Qoobox
2013-08-10 04:03 - 2013-08-10 03:13 - 00000000 ____D C:\Windows\erdnt
2013-08-10 03:59 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-08-10 03:35 - 2013-08-09 23:27 - 00003042 _____ C:\Windows\PFRO.log
2013-08-10 03:33 - 2006-11-02 12:22 - 62652416 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-08-10 03:33 - 2006-11-02 12:22 - 41418752 _____ C:\Windows\system32\config\COMPON~2.bak
2013-08-10 03:33 - 2006-11-02 12:22 - 28835840 _____ C:\Windows\system32\config\SYSTEM.bak
2013-08-10 03:33 - 2006-11-02 12:22 - 04194304 _____ C:\Windows\system32\config\DEFAULT.bak
2013-08-10 03:33 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-08-10 03:33 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-08-10 03:06 - 2013-08-10 03:06 - 00666633 _____ C:\Users\rsg#Admin\Desktop\adwcleaner2.306.exe
2013-08-10 02:19 - 2013-08-10 02:19 - 00001648 _____ C:\Users\rsg#Admin\Desktop\virus-regloeschversuche.txt
2013-08-10 00:40 - 2013-08-10 00:40 - 00000000 ____D C:\Users\rsg#Admin\Documents\virenbekämpfung-reg
2013-08-09 22:20 - 2009-05-03 06:17 - 00000600 _____ C:\Users\rsg#Admin\AppData\Roaming\winscp.rnd
2013-08-09 21:49 - 2013-08-09 21:49 - 00000000 ____D C:\Users\RSG#AD~1\AppData\Local\Macromedia
2013-08-09 20:59 - 2013-08-09 20:59 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Macromedia
2013-08-09 20:42 - 2010-02-21 20:36 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Adobe
2013-08-09 06:37 - 2013-08-09 06:37 - 00000698 _____ C:\Users\rsg#Admin\Desktop\LRT-Altlasten -Verknüpfung.lnk
2013-08-08 20:43 - 2009-12-07 01:42 - 00000000 ____D C:\Users\rsg#Admin\Documents\registry backups
2013-08-08 20:13 - 2013-08-08 06:58 - 00060307 _____ C:\Users\rsg#Admin\Desktop\aktionen-von-intsec-virus.txt
2013-08-08 19:54 - 2008-07-11 18:00 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-08 19:54 - 2008-07-11 18:00 - 00000000 ____D C:\Program Files\Adobe
2013-08-08 06:07 - 2008-12-09 00:25 - 00000000 ____D C:\Users\RSG#AD~1\AppData\Local\Google
2013-08-07 16:52 - 2013-08-06 22:48 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-07 16:52 - 2012-10-10 18:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-07 05:25 - 2012-12-21 02:44 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\vlc
2013-08-07 05:01 - 2008-12-09 03:31 - 00138752 _____ C:\Users\RSG#AD~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-07 00:17 - 2009-10-31 22:00 - 00000020 ____H C:\ProgramData\PKP_DLdw.DAT
2013-08-06 22:09 - 2012-10-25 17:02 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM
2013-08-01 21:23 - 2013-08-01 21:23 - 00000216 _____ C:\Users\rsg#Admin\Downloads\1.rar
2013-07-28 22:12 - 2009-10-31 21:16 - 00000020 ____H C:\ProgramData\PKP_DLdu.DAT
2013-07-23 02:58 - 2008-01-21 09:16 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-20 19:27 - 2013-07-20 19:27 - 00000168 _____ C:\Users\rsg#Admin\Downloads\pbvid-108343.flv
2013-07-18 00:59 - 2013-01-08 04:28 - 00000000 ____D C:\Users\rsg#Admin\Documents\e-Shopping
Files to move or delete:
====================
C:\ProgramData\nvModes.dat
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-12 22:11
==================== End Of Log ============================
Die HKEYs sind aber immernoch da. Mit RegDelNull entfernen? Ich hätte noch eine zusätzliche Frage, offtopic: Wie ist denn Sophos zu bewerten? Die Software wird mir von der Uni zur Verfügung gestellt. Geändert von DoomBrigade (12.08.2013 um 21:59 Uhr) |
|
13.08.2013, 10:16
| #12 | |
| /// the machine /// TB-Ausbilder | Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAMZitat:
Sophos geht  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.08.2013, 20:51
| #13 |
| | Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM ESET log.txt Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5eae727f35fe8249a689bd67fb3e0e6a
# engine=14830
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-20 04:11:16
# local_time=2013-08-20 06:11:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 2244515 214547804 0 0
# scanned=915115
# found=2
# cleaned=0
# scan_time=4494
sh=769F80729122BA93910E07256327097BA99CF965 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.HotBar.K application" ac=I fn="Z:\RSG_E-HIRN\Backup Set 2009-10-22 133312\Backup Files 2012-05-15 190233\Backup files 4.zip"
sh=EFF20E11392AB25169BC44BE51FB8EC677FB7CE9 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="Z:\RSG_E-HIRN\Backup Set 2009-10-22 133312\Backup Files 2012-06-15 190009\Backup files 6.zip"
SecurityCheck: Results of screen317's Security Check version 0.99.72 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! Malwarebytes Anti-Malware Version 1.75.0.1300 HijackThis 2.0.2 CCleaner (remove only) Java(TM) 6 Update 24 Java 7 Update 25 Adobe Flash Player 11.8.800.94 Mozilla Firefox (8.0.1) Mozilla Thunderbird (17.0.8) ````````Process Check: objlist.exe by Laurent```````` windows defender MpCmdRun.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 04
Ran by rsg#Admin (administrator) on 20-08-2013 22:10:24
Running from C:\Users\rsg#Admin\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
() C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
() C:\Program Files\Razer\Copperhead\razerhid.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Realtek Semiconductor Corp.) C:\Users\RSG#AD~1\AppData\Local\Temp\RtkBtMnt.exe
(Razer Inc.) C:\Program Files\Razer\Copperhead\razerofa.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
() C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Razer\Copperhead\razertra.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(Microsoft Corporation) C:\Windows\system32\WerFault.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
(Opera Software) C:\Program Files\Opera\opera.exe
( ) C:\Program Files\Miranda IM\miranda32.exe
(Farbar) C:\Users\rsg#Admin\Desktop\FRST (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1037608 2008-04-04] (Synaptics, Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13548064 2008-08-01] (NVIDIA Corporation)
HKLM\...\Run: [ZPdtWzdVitaKey MC3000] - C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [3719680 2008-10-23] (Arachnoid Biometrics Identification Group Corp.)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-06-30] ()
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-11] (Acer Incorporated)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [razer] - C:\Program Files\Razer\Copperhead\razerhid.exe [155648 2005-11-25] ()
HKLM\...\Run: [LManager] - C:\PROGRA~1\LAUNCH~1\LManager.exe [809480 2008-06-16] (Dritek System Inc.)
HKLM\...\Run: [WD Drive Manager] - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [450560 2008-07-24] (WDC)
HKLM\...\Run: [avp] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [311680 2010-10-14] (Kaspersky Lab)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [X]
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll (Kaspersky Lab)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Gast\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Gast\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Gast.rsg_e-Hirn\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Gast.rsg_e-Hirn\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Gast.rsg_e-Hirn\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-21] (Microsoft Corporation)
HKU\rsg.gaming\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Internet (Whitelisted) ====================
ProxyServer: 192.168.178.20:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,start page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6935
SearchScopes: HKLM - DefaultScope value is missing.
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F07E53AA-B14F-48E0-8CB6-45AE0EFAB848} hxxp://www.cyberlink.com/prog/oem/acer/update/UpdateAdvisor.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a3bkgly2.default
FF NetworkProxy: "autoconfig_url", "192.168.178.20"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @parallelgraphics.com/Cortona - C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a3bkgly2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: color_management - C:\Users\rsg#Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a3bkgly2.default\Extensions\color_management@seanhayes.name.xpi
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt
FF Extension: Kaspersky Anti-Spam Extension - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt
========================== Services (Whitelisted) =================
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [311680 2010-10-14] (Kaspersky Lab)
S3 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.)
S3 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-16] ()
S4 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2009-01-13] (Cisco Systems, Inc.)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] ()
R2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3520512 2008-10-23] ()
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S4 msvsmon90; d:\Software\Microsoft\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [2722845 2009-04-15] (INCA Internet Co., Ltd.)
S3 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2009-07-16] ()
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-04-04] ()
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated)
S4 watchmi; C:\Program Files\watchmi\TvdService.exe [55808 2010-09-09] ()
R2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [102400 2008-07-24] (WDC)
==================== Drivers (Whitelisted) ====================
R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43184 2008-10-23] (Alfa Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131856 2008-08-28] (Deterministic Networks, Inc.)
R1 DritekPortIO; C:\PROGRA~1\LAUNCH~1\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R1 Ext2fs; C:\Windows\System32\DRIVERS\ext2fs.sys [189888 2008-09-25] (Stephan Schreiber)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R1 IfsMount; C:\Windows\System32\DRIVERS\ifsmount.sys [60352 2008-08-28] (Stephan Schreiber)
R2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-08-19] (Acer, Inc.)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-18] (ITE Tech. Inc. )
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [128016 2009-12-01] (Kaspersky Lab)
R0 klbg; C:\Windows\System32\drivers\klbg.sys [33808 2008-12-15] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [280592 2009-12-01] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [21008 2009-05-15] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [19472 2009-05-16] (Kaspersky Lab)
S3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [16688 2007-04-24] (IBM)
S3 SilverLink; C:\Windows\System32\Drivers\SilvrLnk.sys [21456 2004-01-28] (Texas Instruments Incorporated)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-12-31] (Duplex Secure Ltd.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-07-16] (The OpenVPN Project)
R3 UsbFltr; C:\Windows\System32\drivers\copperhd.sys [11596 2005-11-02] (Razer (Asia-Pacific) Pte Ltd)
S2 adfs; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 CVPNDRVA; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S2 NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 vpnva; system32\DRIVERS\vpnva.sys [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-20 21:54 - 2013-08-20 21:54 - 00891115 _____ C:\Users\rsg#Admin\Desktop\SecurityCheck.exe
2013-08-20 16:05 - 2013-08-20 16:05 - 00000132 _____ C:\Windows\wininit.ini
2013-08-12 23:06 - 2013-08-12 23:06 - 00000000 _____ C:\Windows\setuperr.log
2013-08-12 23:06 - 2013-08-12 23:06 - 00000000 _____ C:\Windows\setupact.log
2013-08-12 22:47 - 2013-08-12 22:47 - 00000773 _____ C:\Users\rsg#Admin\Desktop\JRT.txt
2013-08-12 22:44 - 2013-08-12 22:44 - 00000000 ____D C:\Windows\ERUNT
2013-08-12 18:22 - 2013-08-12 18:24 - 00001911 _____ C:\AdwCleaner[S1].txt
2013-08-12 16:46 - 2013-08-12 16:47 - 00001954 _____ C:\AdwCleaner[R2].txt
2013-08-12 16:37 - 2013-08-12 16:37 - 00959697 _____ (Oleg N. Scherbakov) C:\Users\rsg#Admin\Desktop\JRT.exe
2013-08-12 15:29 - 2013-08-12 15:29 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-12 15:29 - 2013-08-12 15:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-11 23:42 - 2013-08-11 23:43 - 00002160 _____ C:\Users\rsg#Admin\Desktop\Rkill.txt
2013-08-11 22:33 - 2013-08-11 22:33 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-11 22:33 - 2013-08-11 22:32 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-11 22:33 - 2013-08-11 22:32 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-11 22:32 - 2013-08-11 22:32 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-11 22:32 - 2013-08-11 22:32 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-11 22:32 - 2013-08-11 22:32 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-11 16:32 - 2013-08-11 16:32 - 01068411 _____ (Farbar) C:\Users\rsg#Admin\Desktop\FRST.exe
2013-08-11 16:31 - 2013-08-11 16:31 - 01068411 _____ (Farbar) C:\Users\rsg#Admin\Downloads\FRST.exe
2013-08-10 18:41 - 2013-08-10 18:41 - 00083463 _____ C:\ProgramData\nvModes.dat
2013-08-10 08:36 - 2013-08-10 19:30 - 00000000 ____D C:\FRST
2013-08-10 06:51 - 2013-08-10 06:52 - 00000020 _____ C:\Users\rsg#Admin\defogger_reenable
2013-08-10 06:49 - 2013-08-10 06:49 - 01230570 _____ (Farbar) C:\Users\rsg#Admin\Desktop\2-FRST_32bit.exe
2013-08-10 05:08 - 2013-08-10 05:08 - 05782572 _____ C:\Windows\system32\~.tmp
2013-08-10 04:53 - 2013-08-10 04:53 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Malwarebytes
2013-08-10 04:52 - 2013-08-10 04:52 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-10 04:52 - 2013-08-10 04:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-10 04:52 - 2013-08-10 04:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-10 04:52 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-10 04:05 - 2013-08-10 04:05 - 00017206 _____ C:\ComboFix.txt
2013-08-10 03:18 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-10 03:18 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-10 03:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-10 03:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-10 03:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-10 03:18 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-10 03:18 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-10 03:18 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-10 03:17 - 2013-08-10 04:05 - 00000000 ____D C:\ComboFix
2013-08-10 03:15 - 2013-08-10 04:05 - 00000000 ____D C:\Qoobox
2013-08-10 03:13 - 2013-08-10 04:03 - 00000000 ____D C:\Windows\erdnt
2013-08-10 03:06 - 2013-08-10 03:06 - 00666633 _____ C:\Users\rsg#Admin\Desktop\adwcleaner2.306.exe
2013-08-10 03:03 - 2013-08-20 21:50 - 00000000 ____D C:\Users\rsg#Admin\Desktop\antimalware-tools
2013-08-10 02:19 - 2013-08-10 02:19 - 00001648 _____ C:\Users\rsg#Admin\Desktop\virus-regloeschversuche.txt
2013-08-10 00:40 - 2013-08-10 00:40 - 00000000 ____D C:\Users\rsg#Admin\Documents\virenbekämpfung-reg
2013-08-09 23:27 - 2013-08-10 03:35 - 00003042 _____ C:\Windows\PFRO.log
2013-08-09 21:49 - 2013-08-09 21:49 - 00000000 ____D C:\Users\RSG#AD~1\AppData\Local\Macromedia
2013-08-09 20:59 - 2013-08-09 20:59 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Macromedia
2013-08-09 06:37 - 2013-08-09 06:37 - 00000698 _____ C:\Users\rsg#Admin\Desktop\LRT-Altlasten -Verknüpfung.lnk
2013-08-09 01:21 - 2013-08-12 07:49 - 00000000 ____D C:\Users\rsg#Admin\Desktop\Informationstechnologie-2013
2013-08-08 06:58 - 2013-08-08 20:13 - 00060307 _____ C:\Users\rsg#Admin\Desktop\aktionen-von-intsec-virus.txt
2013-08-06 22:48 - 2013-08-07 16:52 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-01 21:23 - 2013-08-01 21:23 - 00000216 _____ C:\Users\rsg#Admin\Downloads\1.rar
==================== One Month Modified Files and Folders =======
2013-08-20 22:09 - 2008-12-09 01:24 - 00083463 _____ C:\ProgramData\nvModes.001
2013-08-20 22:08 - 2013-08-20 22:08 - 01070233 _____ (Farbar) C:\Users\rsg#Admin\Desktop\FRST (1).exe
2013-08-20 21:54 - 2013-08-20 21:54 - 00891115 _____ C:\Users\rsg#Admin\Desktop\SecurityCheck.exe
2013-08-20 21:50 - 2013-08-10 03:03 - 00000000 ____D C:\Users\rsg#Admin\Desktop\antimalware-tools
2013-08-20 21:12 - 2013-04-22 18:20 - 01995198 _____ C:\Windows\WindowsUpdate.log
2013-08-20 20:59 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 20:59 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 17:06 - 2010-04-25 23:27 - 00000000 ____D C:\Users\rsg#Admin\Documents\My Received Files
2013-08-20 16:05 - 2013-08-20 16:05 - 00000132 _____ C:\Windows\wininit.ini
2013-08-20 06:03 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-20 01:48 - 2009-05-24 21:23 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Skype
2013-08-19 17:27 - 2012-12-21 02:44 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\vlc
2013-08-19 17:20 - 2008-12-09 03:31 - 00138752 _____ C:\Users\RSG#AD~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-18 08:25 - 2009-11-30 23:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-18 07:59 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-13 19:20 - 2008-12-10 22:48 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-08-13 19:20 - 2006-11-02 15:01 - 00032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-13 00:34 - 2011-11-04 20:25 - 00000000 ____D C:\ProgramData\Cisco
2013-08-13 00:34 - 2008-07-11 17:35 - 00000000 ____D C:\Program Files\Cisco
2013-08-12 23:44 - 2008-12-09 00:21 - 00000000 ____D C:\Users\rsg#Admin
2013-08-12 23:06 - 2013-08-12 23:06 - 00000000 _____ C:\Windows\setuperr.log
2013-08-12 23:06 - 2013-08-12 23:06 - 00000000 _____ C:\Windows\setupact.log
2013-08-12 22:47 - 2013-08-12 22:47 - 00000773 _____ C:\Users\rsg#Admin\Desktop\JRT.txt
2013-08-12 22:44 - 2013-08-12 22:44 - 00000000 ____D C:\Windows\ERUNT
2013-08-12 18:24 - 2013-08-12 18:22 - 00001911 _____ C:\AdwCleaner[S1].txt
2013-08-12 16:47 - 2013-08-12 16:46 - 00001954 _____ C:\AdwCleaner[R2].txt
2013-08-12 16:37 - 2013-08-12 16:37 - 00959697 _____ (Oleg N. Scherbakov) C:\Users\rsg#Admin\Desktop\JRT.exe
2013-08-12 15:29 - 2013-08-12 15:29 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-12 15:29 - 2013-08-12 15:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-12 15:29 - 2010-02-21 20:36 - 00000000 ____D C:\Users\RSG#AD~1\AppData\Local\Adobe
2013-08-12 07:49 - 2013-08-09 01:21 - 00000000 ____D C:\Users\rsg#Admin\Desktop\Informationstechnologie-2013
2013-08-11 23:43 - 2013-08-11 23:42 - 00002160 _____ C:\Users\rsg#Admin\Desktop\Rkill.txt
2013-08-11 22:33 - 2013-08-11 22:33 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-11 22:32 - 2013-08-11 22:33 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-11 22:32 - 2013-08-11 22:33 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-11 22:32 - 2013-08-11 22:32 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-11 22:32 - 2013-08-11 22:32 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-11 22:32 - 2013-08-11 22:32 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-11 22:32 - 2011-05-01 01:07 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-11 22:32 - 2009-05-03 20:02 - 00000000 ____D C:\Program Files\Java
2013-08-11 16:32 - 2013-08-11 16:32 - 01068411 _____ (Farbar) C:\Users\rsg#Admin\Desktop\FRST.exe
2013-08-11 16:31 - 2013-08-11 16:31 - 01068411 _____ (Farbar) C:\Users\rsg#Admin\Downloads\FRST.exe
2013-08-10 22:08 - 2009-07-04 18:15 - 00000000 ____D C:\Users\rsg#Admin\AppData\Local\Apps\2.0
2013-08-10 19:35 - 2008-10-23 03:54 - 00000000 ____D C:\Program Files\Google
2013-08-10 19:30 - 2013-08-10 08:36 - 00000000 ____D C:\FRST
2013-08-10 18:41 - 2013-08-10 18:41 - 00083463 _____ C:\ProgramData\nvModes.dat
2013-08-10 06:52 - 2013-08-10 06:51 - 00000020 _____ C:\Users\rsg#Admin\defogger_reenable
2013-08-10 06:49 - 2013-08-10 06:49 - 01230570 _____ (Farbar) C:\Users\rsg#Admin\Desktop\2-FRST_32bit.exe
2013-08-10 05:08 - 2013-08-10 05:08 - 05782572 _____ C:\Windows\system32\~.tmp
2013-08-10 04:53 - 2013-08-10 04:53 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Malwarebytes
2013-08-10 04:52 - 2013-08-10 04:52 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-10 04:52 - 2013-08-10 04:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-10 04:52 - 2013-08-10 04:52 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-10 04:05 - 2013-08-10 04:05 - 00017206 _____ C:\ComboFix.txt
2013-08-10 04:05 - 2013-08-10 03:17 - 00000000 ____D C:\ComboFix
2013-08-10 04:05 - 2013-08-10 03:15 - 00000000 ____D C:\Qoobox
2013-08-10 04:03 - 2013-08-10 03:13 - 00000000 ____D C:\Windows\erdnt
2013-08-10 03:59 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-08-10 03:35 - 2013-08-09 23:27 - 00003042 _____ C:\Windows\PFRO.log
2013-08-10 03:33 - 2006-11-02 12:22 - 62652416 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-08-10 03:33 - 2006-11-02 12:22 - 41418752 _____ C:\Windows\system32\config\COMPON~2.bak
2013-08-10 03:33 - 2006-11-02 12:22 - 28835840 _____ C:\Windows\system32\config\SYSTEM.bak
2013-08-10 03:33 - 2006-11-02 12:22 - 04194304 _____ C:\Windows\system32\config\DEFAULT.bak
2013-08-10 03:33 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-08-10 03:33 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-08-10 03:06 - 2013-08-10 03:06 - 00666633 _____ C:\Users\rsg#Admin\Desktop\adwcleaner2.306.exe
2013-08-10 02:19 - 2013-08-10 02:19 - 00001648 _____ C:\Users\rsg#Admin\Desktop\virus-regloeschversuche.txt
2013-08-10 00:40 - 2013-08-10 00:40 - 00000000 ____D C:\Users\rsg#Admin\Documents\virenbekämpfung-reg
2013-08-09 22:20 - 2009-05-03 06:17 - 00000600 _____ C:\Users\rsg#Admin\AppData\Roaming\winscp.rnd
2013-08-09 21:49 - 2013-08-09 21:49 - 00000000 ____D C:\Users\RSG#AD~1\AppData\Local\Macromedia
2013-08-09 20:59 - 2013-08-09 20:59 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Macromedia
2013-08-09 20:42 - 2010-02-21 20:36 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Adobe
2013-08-09 06:37 - 2013-08-09 06:37 - 00000698 _____ C:\Users\rsg#Admin\Desktop\LRT-Altlasten -Verknüpfung.lnk
2013-08-08 20:43 - 2009-12-07 01:42 - 00000000 ____D C:\Users\rsg#Admin\Documents\registry backups
2013-08-08 20:13 - 2013-08-08 06:58 - 00060307 _____ C:\Users\rsg#Admin\Desktop\aktionen-von-intsec-virus.txt
2013-08-08 19:54 - 2008-07-11 18:00 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-08 19:54 - 2008-07-11 18:00 - 00000000 ____D C:\Program Files\Adobe
2013-08-08 06:07 - 2008-12-09 00:25 - 00000000 ____D C:\Users\RSG#AD~1\AppData\Local\Google
2013-08-07 16:52 - 2013-08-06 22:48 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-07 16:52 - 2012-10-10 18:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-07 00:17 - 2009-10-31 22:00 - 00000020 ____H C:\ProgramData\PKP_DLdw.DAT
2013-08-06 22:09 - 2012-10-25 17:02 - 00000000 ____D C:\Users\rsg#Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM
2013-08-01 21:23 - 2013-08-01 21:23 - 00000216 _____ C:\Users\rsg#Admin\Downloads\1.rar
2013-07-28 22:12 - 2009-10-31 21:16 - 00000020 ____H C:\ProgramData\PKP_DLdu.DAT
2013-07-23 02:58 - 2008-01-21 09:16 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
Files to move or delete:
====================
C:\ProgramData\nvModes.dat
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-18 08:17
==================== End Of Log ============================
Geändert von DoomBrigade (20.08.2013 um 21:14 Uhr) |
|
21.08.2013, 09:27
| #14 |
| /// the machine /// TB-Ausbilder | Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM Backups löschen. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.08.2013, 13:29
| #15 |
| | Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM Gelöscht. Probleme hatte ich ja eigentlich keine.  Jetzt versuche ich noch, HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\*etadpug\ per RegDelNull zu löschen. Ob sonst noch Registryeinträge übrig sind, weiß ich im Moment nicht. €: der findet bei seinem Scan nichts. Geändert von DoomBrigade (21.08.2013 um 13:46 Uhr) |
|
| Themen zu Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM |
| google, gupdate, installation, internet security pro, kis, officejet, opera, registrierungsdatenbank, registry, security, svchost, temp, teredo, updates, vista, wmdefender.exe |
Hybrid-Darstellung
