| |
| |||||||
Log-Analyse und Auswertung: Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neuWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.01.2014, 21:51
| #9 |
 |  Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu Klappt leider nicht mit ComboFix. Hier ein neues FRST log Gruß Udo FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2014 03
Ran by Plankton (administrator) on PLANKTON-PC on 16-01-2014 21:42:30
Running from C:\Users\Plankton\Desktop
Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
ATTENTION: If processes are not listed WMI should be repaired.
==================== Processes (Whitelisted) ===================
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-08] (COMODO)
HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM\...\Run: [NUSB3MON] - C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM\...\Run: [SSS2009 HotKeys] - C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe [80896 2010-06-22] (Steganos GmbH)
HKLM\...\Run: [SSS2009 File Redirection Starter] - C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe [17408 2010-06-22] (Steganos GmbH)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-24] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKCU\...\Run: [SSS2009 Browser Monitor] - C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe [49664 2010-06-22] (Steganos GmbH)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [CCleaner Monitoring] - C:\Program Files\CCleaner\CCleaner.exe [3643160 2013-07-22] (Piriform Ltd)
HKCU\...\Run: [csrv.exe] - C:\Users\Plankton\AppData\Roaming\hJQMZ3mL\local.exe [375808 2013-10-24] (Company)
MountPoints2: {29787b2f-f88d-11e2-90ff-1c6f654c8f4a} - F:\LGAutoRun.exe
MountPoints2: {a41b7b0a-5c9d-11e0-aa00-1c6f654c8f4a} - G:\LaunchU3.exe -a
MountPoints2: {a64e5b69-9767-11e1-a8b4-1c6f654c8f4a} - G:\NokiaPCIA_Autorun.exe
AppInit_DLLs: C:\Windows\system32\guard32.dll [301264 2012-11-08] (COMODO)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD9A19B427225CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files\Steganos Privacy Suite 11\SPMIEToolbar.dll (Steganos GmbH)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://google.de
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=ytff-comodo&p=
FF NetworkProxy: "backup.ftp", "198.27.97.214.vpsrealm.com"
FF NetworkProxy: "backup.ftp_port", 7808
FF NetworkProxy: "backup.gopher", "127.0.0.1"
FF NetworkProxy: "backup.gopher_port", 8080
FF NetworkProxy: "backup.socks", "198.27.97.214.vpsrealm.com"
FF NetworkProxy: "backup.socks_port", 7808
FF NetworkProxy: "backup.ssl", "198.27.97.214.vpsrealm.com"
FF NetworkProxy: "backup.ssl_port", 7808
FF NetworkProxy: "ftp", "119.30.39.1"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "119.30.39.1"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "119.30.39.1"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "119.30.39.1"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdrmv2.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwmsdrm.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Nokia Maps 3D browser plugin - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\maps@ovi.com [2012-04-15]
FF Extension: Toolbar Buttons - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688} [2011-11-05]
FF Extension: FEBE - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2013-06-26]
FF Extension: FT DeepDark - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-01-13]
FF Extension: PrefBar - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{8A6C82A1-F6C9-481a-AAE7-C96444C9A754} [2014-01-15]
FF Extension: Adblock Plus - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2013-12-26]
FF Extension: Context Menu Image Saver - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\cmis@choobin.xpi [2013-12-22]
FF Extension: Fetch Text URL (fix version) - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\fetch.text.url@fix.version.xpi [2013-12-22]
FF Extension: NASA Night Launch - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\nasanightlaunch@example.com.xpi [2013-06-02]
FF Extension: Image Zoom - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-16]
FF Extension: Adblock Plus - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-15]
FF Extension: Tab Mix Plus - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-11-05]
FF Extension: Fetch Text URL [de] - C:\Program Files\Mozilla Firefox\extensions\FetchTextURL_1.6.4_fx+sm_de-DE [2013-12-21]
FF HKLM\...\Firefox\Extensions: [{09F060FA-566D-42D7-BF79-97AB30863433}] - C:\Program Files\Steganos Privacy Suite 11\pfplugin
FF Extension: Steganos Private Favorites - C:\Program Files\Steganos Privacy Suite 11\pfplugin [2011-02-28]
FF HKLM\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files\Steganos Privacy Suite 11\spmplugin3
FF Extension: Steganos Password Manager - C:\Program Files\Steganos Privacy Suite 11\spmplugin3 [2011-02-28]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-02]
Chrome:
=======
CHR HomePage: hxxp://de.yahoo.com?fr=fpc-comodo
CHR RestoreOnStartup: "hxxp://de.yahoo.com?fr=fpc-comodo"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
========================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-12-19] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO)
R2 JMB36X; C:\Windows\System32\XSrvSetup.exe [72304 2010-01-19] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
==================== Drivers (Whitelisted) ====================
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 AndNetDiag2; C:\Windows\System32\DRIVERS\lgandnetdiag2.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [108104 2010-12-01] (SlySoft, Inc.)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19496 2010-04-27] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [19632 2012-11-08] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [98928 2010-01-27] (JMicron Technology Corp.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\aztech_npf32.sys [42000 2007-01-26] (CACE Technologies)
R3 OXSDIDRV_x32; C:\Windows\System32\DRIVERS\OXSDIDRV_x32.sys [53280 2011-08-23] ()
S3 PRODIGY; C:\Windows\System32\Drivers\PRODIGY.SYS [32377 2006-08-29] (B-phreaks)
R1 SLEE_17_DRIVER; C:\Windows\system32\drivers\Sleen17.sys [94560 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
R3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [35592 2009-09-11] (Logitech Inc.)
R3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [31752 2009-09-11] (Logitech Inc.)
S3 gdrv; No ImagePath
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-16 21:42 - 2014-01-16 21:42 - 00000000 ____D C:\Users\Plankton\Desktop\FRST-OlderVersion
2014-01-16 21:41 - 2014-01-16 21:41 - 00064152 _____ C:\Users\Plankton\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 21:40 - 2014-01-16 21:41 - 00294080 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 21:40 - 2014-01-16 21:40 - 00000056 _____ C:\Windows\setupact.log
2014-01-16 21:40 - 2014-01-16 21:40 - 00000000 _____ C:\Windows\setuperr.log
2014-01-15 23:17 - 2014-01-16 00:45 - 00000227 _____ C:\service.log
2014-01-15 22:49 - 2014-01-15 22:49 - 00000000 ____D C:\Program Files\Bloody5
2014-01-15 22:34 - 2014-01-15 22:40 - 00000000 ____D C:\Users\Plankton\Downloads\Bloody Mouse Software
2014-01-15 10:28 - 2014-01-15 10:28 - 00000000 ____D C:\Windows\rundll16.exe
2014-01-15 10:28 - 2014-01-15 10:28 - 00000000 ____D C:\Windows\logo1_.exe
2014-01-15 10:23 - 2014-01-15 10:23 - 00000000 ___SD C:\32788R22FWJFW
2014-01-15 10:23 - 2014-01-15 10:23 - 00000000 ____D C:\ComboFix
2014-01-15 10:22 - 2014-01-15 10:22 - 05165717 ____R (Swearware) C:\Users\Plankton\Desktop\ComboFix.exe
2014-01-15 09:27 - 2014-01-15 09:27 - 00000000 _____ C:\Users\Plankton\Desktop\Neues Textdokument.txt
2014-01-15 00:41 - 2014-01-15 00:42 - 11823536 _____ C:\Windows\REGBK00.ZIP
2014-01-14 23:34 - 2014-01-15 10:25 - 00000757 _____ C:\Windows\general.log
2014-01-14 23:34 - 2014-01-14 23:34 - 00000456 _____ C:\Windows\UPDLL.LOG
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\VDLL.DLL
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\system32\runouce.exe
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\RUNDL132.EXE
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\logo_1.exe
2014-01-14 23:24 - 2014-01-15 10:25 - 00000054 _____ C:\Windows\Lic.xxx
2014-01-14 22:55 - 2014-01-14 22:55 - 00632064 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
2014-01-14 22:55 - 2014-01-14 22:55 - 00554240 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2014-01-14 22:55 - 2014-01-14 22:55 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\eEmpty.exe
2014-01-14 22:55 - 2014-01-14 22:55 - 00000000 ____D C:\Program Files\Common Files\MicroWorld
2014-01-14 22:55 - 2005-09-22 23:22 - 00000522 _____ C:\Windows\system32\Microsoft.VC80.CRT.manifest
2014-01-14 22:54 - 2014-01-14 22:55 - 00000000 ____D C:\ProgramData\MicroWorld
2014-01-14 22:52 - 2014-01-14 22:53 - 99334664 _____ C:\Users\Plankton\Desktop\mwav.exe
2014-01-13 23:48 - 2014-01-14 01:16 - 00000605 _____ C:\Users\Plankton\Desktop\Troja-Board.txt
2014-01-13 23:42 - 2014-01-13 23:42 - 00000478 _____ C:\Users\Plankton\Desktop\defogger_disable.log
2014-01-13 23:42 - 2014-01-13 23:42 - 00000000 _____ C:\Users\Plankton\defogger_reenable
2014-01-13 23:40 - 2014-01-13 23:40 - 00050477 _____ C:\Users\Plankton\Desktop\Defogger.exe
2014-01-13 23:35 - 2014-01-16 21:42 - 00015776 _____ C:\Users\Plankton\Desktop\FRST.txt
2014-01-13 22:50 - 2014-01-13 22:50 - 00130499 _____ C:\Users\Plankton\Desktop\gmer.txt
2014-01-13 22:34 - 2014-01-13 22:34 - 00377856 _____ C:\Users\Plankton\Desktop\gmer_2.1.19163.exe
2014-01-13 22:03 - 2014-01-16 21:42 - 00000000 ____D C:\FRST
2014-01-13 22:03 - 2014-01-13 22:18 - 00020069 _____ C:\Users\Plankton\Desktop\Addition.txt
2014-01-13 22:01 - 2014-01-16 21:42 - 01221120 _____ (Farbar) C:\Users\Plankton\Desktop\FRST.exe
2014-01-13 10:32 - 2014-01-13 10:32 - 00000332 _____ C:\Start_.cmd
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Windows\erdnt
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Qoobox
2014-01-12 22:40 - 2014-01-12 22:40 - 01233962 _____ C:\Users\Plankton\Downloads\adwcleaner_3.016.exe
2014-01-12 21:25 - 2014-01-12 22:18 - 00000000 _____ C:\Windows\system32\tmp.txt
2014-01-12 21:24 - 2008-12-12 01:57 - 00078336 _____ (S!Ri.URZ) C:\Windows\system32\Agent.OMZ.Fix.exe
2014-01-12 21:24 - 2008-11-29 18:58 - 00082944 _____ (S!Ri.URZ) C:\Windows\system32\IEDFix.C.exe
2014-01-12 21:24 - 2008-09-20 12:45 - 00080384 _____ (S!Ri.URZ) C:\Windows\system32\o4Patch.exe
2014-01-12 21:24 - 2006-04-27 17:49 - 00288417 _____ (S!Ri) C:\Windows\system32\SrchSTS.exe
2014-01-12 21:24 - 2003-06-05 21:13 - 00053248 _____ (hxxp://www.beyondlogic.org) C:\Windows\system32\Process.exe
2014-01-12 21:23 - 2014-01-12 21:23 - 01885088 _____ C:\Users\Plankton\Downloads\SmitfraudFix_v2.423.exe
2014-01-12 20:26 - 2014-01-16 10:43 - 00013987 _____ C:\Users\Plankton\AppData\Roaming\csrv.exe
2014-01-12 20:24 - 2014-01-12 20:24 - 00002403 _____ C:\Users\Plankton\AppData\Roaming\csrv.PIF
2014-01-11 18:27 - 2014-01-11 18:27 - 00001038 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 18:25 - 2014-01-11 18:25 - 24097311 _____ C:\Users\Plankton\Downloads\vlc-2.1.2-win32.exe
2014-01-04 20:23 - 2014-01-04 20:26 - 00000000 ____D C:\Users\Plankton\Desktop\Sicherung TOR Safe
2014-01-03 15:12 - 2014-01-03 15:12 - 00000000 ____D C:\Users\Plankton\Downloads\CNC im Modellbau Magazin Januar 01-2014
2013-12-28 23:14 - 2013-12-28 23:14 - 00000000 ____D C:\Users\Plankton\Downloads\Neuer Ordner
2013-12-27 01:14 - 2013-12-27 01:14 - 00001255 _____ C:\Users\Plankton\Desktop\taskmgr.exe - Verknüpfung.lnk
2013-12-26 19:22 - 2013-12-26 19:22 - 00000695 _____ C:\Users\Plankton\Desktop\Tor Browser.lnk
2013-12-26 17:59 - 2013-12-26 17:59 - 00000000 ____D C:\Users\Plankton\Desktop\Tor Browser
2013-12-26 17:57 - 2013-12-26 17:58 - 24185920 _____ C:\Users\Plankton\Downloads\torbrowser-install-3.5_de.exe
2013-12-23 19:23 - 2013-12-23 19:23 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Ms_Word_Excel_Cracker-ORG-10656419.exe
2013-12-23 19:07 - 2013-12-23 19:07 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Excel_Tool_VBA_Password_Recovery-ORG-75206791.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00128000 _____ C:\Windows\system32\ppa_service.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00043008 _____ C:\Windows\system32\ppa_service.dll
2013-12-23 18:34 - 2013-12-23 18:34 - 00000566 _____ C:\Windows\system32\ppa_service.log
2013-12-23 18:34 - 2013-12-23 18:34 - 00000530 _____ C:\Windows\system32\ppa_service.dat
2013-12-23 18:34 - 2013-12-23 18:34 - 00000004 _____ C:\Windows\system32\ppa_service.rc
2013-12-23 18:28 - 2013-12-23 18:28 - 00000000 ____D C:\Program Files\ElcomSoft
2013-12-23 17:42 - 2013-12-23 17:47 - 00044430 _____ C:\Users\Plankton\ovpntray.log
2013-12-23 17:42 - 2013-12-23 17:42 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\PrivateTunnel
2013-12-23 17:41 - 2013-12-23 17:41 - 05814784 _____ C:\Users\Plankton\Downloads\privatetunnel.msi
2013-12-21 13:24 - 2013-12-21 13:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-01-16 21:42 - 2014-01-16 21:42 - 00000000 ____D C:\Users\Plankton\Desktop\FRST-OlderVersion
2014-01-16 21:42 - 2014-01-13 23:35 - 00015776 _____ C:\Users\Plankton\Desktop\FRST.txt
2014-01-16 21:42 - 2014-01-13 22:03 - 00000000 ____D C:\FRST
2014-01-16 21:42 - 2014-01-13 22:01 - 01221120 _____ (Farbar) C:\Users\Plankton\Desktop\FRST.exe
2014-01-16 21:41 - 2014-01-16 21:41 - 00064152 _____ C:\Users\Plankton\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 21:41 - 2014-01-16 21:40 - 00294080 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 21:41 - 2011-07-30 17:05 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-16 21:40 - 2014-01-16 21:40 - 00000056 _____ C:\Windows\setupact.log
2014-01-16 21:40 - 2014-01-16 21:40 - 00000000 _____ C:\Windows\setuperr.log
2014-01-16 21:40 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-16 10:52 - 2013-10-10 08:17 - 00009247 _____ C:\Windows\WindowsUpdate.log
2014-01-16 10:52 - 2011-02-28 23:03 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2014-01-16 10:51 - 2011-07-30 17:05 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-16 10:44 - 2011-02-28 23:52 - 00000000 ___HD C:\Users\Plankton\AppData\Roaming\R-Wipe&Clean
2014-01-16 10:43 - 2014-01-12 20:26 - 00013987 _____ C:\Users\Plankton\AppData\Roaming\csrv.exe
2014-01-16 09:51 - 2009-07-14 05:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-16 09:51 - 2009-07-14 05:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-16 09:49 - 2011-02-28 22:40 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-16 00:45 - 2014-01-15 23:17 - 00000227 _____ C:\service.log
2014-01-15 22:49 - 2014-01-15 22:49 - 00000000 ____D C:\Program Files\Bloody5
2014-01-15 22:47 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2014-01-15 22:40 - 2014-01-15 22:34 - 00000000 ____D C:\Users\Plankton\Downloads\Bloody Mouse Software
2014-01-15 10:28 - 2014-01-15 10:28 - 00000000 ____D C:\Windows\rundll16.exe
2014-01-15 10:28 - 2014-01-15 10:28 - 00000000 ____D C:\Windows\logo1_.exe
2014-01-15 10:25 - 2014-01-14 23:34 - 00000757 _____ C:\Windows\general.log
2014-01-15 10:25 - 2014-01-14 23:24 - 00000054 _____ C:\Windows\Lic.xxx
2014-01-15 10:23 - 2014-01-15 10:23 - 00000000 ___SD C:\32788R22FWJFW
2014-01-15 10:23 - 2014-01-15 10:23 - 00000000 ____D C:\ComboFix
2014-01-15 10:22 - 2014-01-15 10:22 - 05165717 ____R (Swearware) C:\Users\Plankton\Desktop\ComboFix.exe
2014-01-15 09:27 - 2014-01-15 09:27 - 00000000 _____ C:\Users\Plankton\Desktop\Neues Textdokument.txt
2014-01-15 00:42 - 2014-01-15 00:41 - 11823536 _____ C:\Windows\REGBK00.ZIP
2014-01-14 23:34 - 2014-01-14 23:34 - 00000456 _____ C:\Windows\UPDLL.LOG
2014-01-14 23:34 - 2009-07-14 03:04 - 00000425 _____ C:\Windows\win.ini
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\VDLL.DLL
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\system32\runouce.exe
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\RUNDL132.EXE
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\logo_1.exe
2014-01-14 22:55 - 2014-01-14 22:55 - 00632064 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
2014-01-14 22:55 - 2014-01-14 22:55 - 00554240 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2014-01-14 22:55 - 2014-01-14 22:55 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\eEmpty.exe
2014-01-14 22:55 - 2014-01-14 22:55 - 00000000 ____D C:\Program Files\Common Files\MicroWorld
2014-01-14 22:55 - 2014-01-14 22:54 - 00000000 ____D C:\ProgramData\MicroWorld
2014-01-14 22:53 - 2014-01-14 22:52 - 99334664 _____ C:\Users\Plankton\Desktop\mwav.exe
2014-01-14 01:16 - 2014-01-13 23:48 - 00000605 _____ C:\Users\Plankton\Desktop\Troja-Board.txt
2014-01-13 23:42 - 2014-01-13 23:42 - 00000478 _____ C:\Users\Plankton\Desktop\defogger_disable.log
2014-01-13 23:42 - 2014-01-13 23:42 - 00000000 _____ C:\Users\Plankton\defogger_reenable
2014-01-13 23:42 - 2011-02-28 22:37 - 00000000 ____D C:\Users\Plankton
2014-01-13 23:40 - 2014-01-13 23:40 - 00050477 _____ C:\Users\Plankton\Desktop\Defogger.exe
2014-01-13 22:50 - 2014-01-13 22:50 - 00130499 _____ C:\Users\Plankton\Desktop\gmer.txt
2014-01-13 22:34 - 2014-01-13 22:34 - 00377856 _____ C:\Users\Plankton\Desktop\gmer_2.1.19163.exe
2014-01-13 22:18 - 2014-01-13 22:03 - 00020069 _____ C:\Users\Plankton\Desktop\Addition.txt
2014-01-13 10:32 - 2014-01-13 10:32 - 00000332 _____ C:\Start_.cmd
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Windows\erdnt
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Qoobox
2014-01-13 00:40 - 2013-01-13 20:06 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\vlc
2014-01-12 23:10 - 2013-12-06 21:42 - 00125716 _____ C:\Windows\PFRO.log
2014-01-12 22:40 - 2014-01-12 22:40 - 01233962 _____ C:\Users\Plankton\Downloads\adwcleaner_3.016.exe
2014-01-12 22:35 - 2011-05-08 12:42 - 00000000 ____D C:\test
2014-01-12 22:18 - 2014-01-12 21:25 - 00000000 _____ C:\Windows\system32\tmp.txt
2014-01-12 21:23 - 2014-01-12 21:23 - 01885088 _____ C:\Users\Plankton\Downloads\SmitfraudFix_v2.423.exe
2014-01-12 20:27 - 2011-02-28 23:19 - 00000000 ___HD C:\VritualRoot
2014-01-12 20:24 - 2014-01-12 20:24 - 00002403 _____ C:\Users\Plankton\AppData\Roaming\csrv.PIF
2014-01-12 17:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\security
2014-01-12 17:06 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\L2Schemas
2014-01-11 18:27 - 2014-01-11 18:27 - 00001038 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 18:27 - 2011-03-05 22:27 - 00000000 ____D C:\Program Files\VideoLAN
2014-01-11 18:25 - 2014-01-11 18:25 - 24097311 _____ C:\Users\Plankton\Downloads\vlc-2.1.2-win32.exe
2014-01-04 20:26 - 2014-01-04 20:23 - 00000000 ____D C:\Users\Plankton\Desktop\Sicherung TOR Safe
2014-01-03 15:12 - 2014-01-03 15:12 - 00000000 ____D C:\Users\Plankton\Downloads\CNC im Modellbau Magazin Januar 01-2014
2013-12-28 23:14 - 2013-12-28 23:14 - 00000000 ____D C:\Users\Plankton\Downloads\Neuer Ordner
2013-12-28 19:04 - 2011-03-20 19:42 - 00000000 ____D C:\Program Files\XnView
2013-12-27 01:14 - 2013-12-27 01:14 - 00001255 _____ C:\Users\Plankton\Desktop\taskmgr.exe - Verknüpfung.lnk
2013-12-26 19:22 - 2013-12-26 19:22 - 00000695 _____ C:\Users\Plankton\Desktop\Tor Browser.lnk
2013-12-26 17:59 - 2013-12-26 17:59 - 00000000 ____D C:\Users\Plankton\Desktop\Tor Browser
2013-12-26 17:58 - 2013-12-26 17:57 - 24185920 _____ C:\Users\Plankton\Downloads\torbrowser-install-3.5_de.exe
2013-12-26 16:33 - 2013-11-13 17:05 - 00000812 _____ C:\Users\Plankton\Desktop\Körperfettwaage.txt
2013-12-26 14:39 - 2011-10-09 21:10 - 00000000 ____D C:\Hintergrundbilder
2013-12-26 11:52 - 2011-07-22 21:09 - 00000000 ____D C:\E-Mail-Sich
2013-12-25 16:53 - 2013-08-23 08:51 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\TrueCrypt
2013-12-24 02:10 - 2011-02-28 22:50 - 00000000 ___HD C:\Users\Plankton\AppData\Roaming\Free Download Manager
2013-12-23 19:23 - 2013-12-23 19:23 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Ms_Word_Excel_Cracker-ORG-10656419.exe
2013-12-23 19:07 - 2013-12-23 19:07 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Excel_Tool_VBA_Password_Recovery-ORG-75206791.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00128000 _____ C:\Windows\system32\ppa_service.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00043008 _____ C:\Windows\system32\ppa_service.dll
2013-12-23 18:34 - 2013-12-23 18:34 - 00000566 _____ C:\Windows\system32\ppa_service.log
2013-12-23 18:34 - 2013-12-23 18:34 - 00000530 _____ C:\Windows\system32\ppa_service.dat
2013-12-23 18:34 - 2013-12-23 18:34 - 00000004 _____ C:\Windows\system32\ppa_service.rc
2013-12-23 18:28 - 2013-12-23 18:28 - 00000000 ____D C:\Program Files\ElcomSoft
2013-12-23 17:47 - 2013-12-23 17:42 - 00044430 _____ C:\Users\Plankton\ovpntray.log
2013-12-23 17:42 - 2013-12-23 17:42 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\PrivateTunnel
2013-12-23 17:41 - 2013-12-23 17:41 - 05814784 _____ C:\Users\Plankton\Downloads\privatetunnel.msi
2013-12-22 12:13 - 2012-04-24 22:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-21 13:26 - 2013-12-21 13:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-09 16:16
==================== End Of Log ============================
|
| Themen zu Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu |
| abgesicherte, abgesicherten, cracker, eintrag, entferne, entfernen, entfernung, excel, freigabe, hoffe, legales programm, malwarebytes, modus, neu, neustart, normalmodus, passwörter, probleme, programm, scan, scanner, sofort, starte, testen, version, virenscan, virenscanner |
Baum-Darstellung