Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.09.2013, 21:45   #1
Carsten9880
 
Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden - Standard

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden



Die Viren CD von der Ct hat auf meinem Windows Vista gleich mehrere Trojaner gefunden und sie zwar beseitigt, aber es tauchen trotzdem immer wieder Meldungen auf, die auf eine Viren Infektion des gesamten Systems schließen lassen.
Habe die Defogger, FRST und Addition angehangen. Bei GMER bricht der Rechner leider mit einer Windows Fehlermeldung ab, ohne eine Log Datei zu bringen - jetzt weiß ich nicht, ob ich da noch mal den Scan starten soll oder was sonst?
Angehängte Dateien
Dateityp: log defogger_disable.log (472 Bytes, 121x aufgerufen)
Dateityp: txt Addition.txt (25,3 KB, 170x aufgerufen)
Dateityp: txt FRST.txt (34,0 KB, 180x aufgerufen)

Alt 04.09.2013, 05:09   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden - Standard

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden



hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 05.09.2013, 07:13   #3
Carsten9880
 
Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden - Standard

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden



Sorry, das war mir nicht bewußt. Danke für die Hilfestellung.

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:38 on 03/09/2013 (Scott)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-09-2013 03
Ran by Scott at 2013-09-03 21:47:43
Running from C:\Users\Anja\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
2007 Microsoft Office Suite Service Pack 1 (SP1)
AAU 6.0.00.17
Acer Arcade Deluxe (Version: 2.0.5529)
Acer Bio Protection
Acer Crystal Eye Webcam 2.0.8 (Version: 2.0.8)
Acer eAudio Management (Version: 3.0.3008)
Acer eDataSecurity Management (Version: 3.0.3062)
Acer Empowering Technology (Version: 3.0.3009)
Acer ePower Management (Version: 3.0.3014)
Acer eRecovery Management (Version: 3.0.3014)
Acer eSettings Management (Version: 3.0.3007)
Acer GameZone Console 2.0.1.1
Acer GridVista (Version: 2.72.317)
Acer Mobility Center Plug-In (Version: 3.0.3000)
Acer ScreenSaver (Version: 1.11.0701)
Acer VCM (Version: 3.1.3000)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (Version: 1.0.0.30)
Azada
Babylon toolbar on IE
Bonjour (Version: 3.0.0.10)
Claro LTD toolbar  
Google Desktop (Version: 5.9.1005.12335)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)
Google Update Helper (Version: 1.3.21.153)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.73.00.52)
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software (Version: 12.02.0000)
Intel® Matrix Storage Manager
iPhone Backup Extractor (Version: 3.3.2.0)
iSongText version 1.6.1 (Version: 1.6.1)
iTunes (Version: 11.0.2.26)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 35 (Version: 6.0.350)
Jewel Quest Solitaire
KaraFun Player (Version: 1.20.86.771)
Kick N Rush
kJams Pro 1.0d52r10 (Version: 100.0.5210)
Launch Manager
LG MC USB Modem driver (Version: 1.0.0.0000)
LG PC Suite II (Version: 2.00.0000)
LG United Mobile Driver (Version: 3.6.0.0)
LG USB Modem Driver (Version: 4.9.5.1)
LightScribe  1.4.142.1 (Version: 1.4.142.1)
McAfee SecurityCenter
Media Finder 1.0.9.23 (Version: 1.0.9.23)
Medieval II Total War : Kingdoms : Teutonic (Version: 1.03.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6215.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
Microsoft Works (Version: 08.05.0818)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NTI Backup Now 5 (Version: 5.1.2.606)
NTI Backup Now Standard (Version: 5.1.2.606)
NTI Media Maker 8 (Version: 8.0.2.6329)
NVIDIA 3D Vision Controller Driver 306.23 (Version: 306.23)
NVIDIA Control Panel 306.23 (Version: 306.23)
NVIDIA Graphics Driver 306.23 (Version: 306.23)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.5618)
Realtek USB 2.0 Card Reader (Version: )
Safari (Version: 5.34.57.2)
Samsung Kies (Version: 2.3.2.12074_13)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.6.0)
Skype Click to Call (Version: 5.7.8773)
Skype™ 5.5 (Version: 5.5.124)
SPBA 5.8 (Version: 5.8.2.4218)
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 11.1.4.0)
TuneUp Companion 2.4.6.4 (Version: 2.4.6.4)
TuneUp Utilities 2011 (Version: 10.0.4600.20)
TuneUp Utilities Language Pack (en-GB) (Version: 10.0.4600.20)
Turbo Pizza
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Office 2007 (KB946691)
WD Anywhere Backup (HKCU Version: 2.50.2012)
WD Anywhere Backup (Version: 2.50.2012)
WD Drive Manager (x86) (Version: 2.103)
WD SmartWare (Version: 1.2.0.8)
Winbond CIR Device Drivers (Version: 7.60.1012)
WinRAR 4.11 (32-bit) (Version: 4.11.0)
Yontoo 1.10.02 (Version: 1.10.02)
YouWave for Android
Zuma Deluxe
 

==================== Restore Points  =========================

28-08-2013 01:40:55 Windows Update
29-08-2013 08:16:27 Windows Update
03-09-2013 18:53:31 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0048AE1F-C186-4B0F-9F02-09BDD7DC116F} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {5F3AD6B6-FB8F-4614-8960-7CFC40C35EE4} - System32\Tasks\McQcTask => c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-07-26] (McAfee, Inc.)
Task: {68E7396C-0FE9-42B5-91F6-571EDF7C7634} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-22] (Google Inc.)
Task: {6C5D6A22-4D0D-43A9-AA92-4A1FD757D0AA} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {7DD8E406-0065-48A9-8E0D-8F36E98697AB} - System32\Tasks\B2CNotiAgent => C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe No File
Task: {987ABCAE-9155-4C21-AC4E-83EEB9D16F26} - System32\Tasks\McDefragTask => c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-07-26] (McAfee, Inc.)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {D1669EA2-DB0C-488B-BB4C-74AA110F56A9} - System32\Tasks\Express Files Updater => C:\Program Files\ExpressFiles\EFupdater.exe No File
Task: {D9D23F4A-AC13-4475-BA21-5428FC6C5171} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-22] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {E71A0A78-EE4B-420C-A64F-1B1D8B8F2D97} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\McDefragTask.job => C:\Windows\system32\defrag.exe
Task: C:\Windows\Tasks\McQcTask.job => c:\PROGRA~1\mcafee\mqc\QcConsol.exe

==================== Loaded Modules (whitelisted) =============

2011-06-14 17:43 - 2009-04-11 08:28 - 02012160 _____ (Microsoft Corporation) C:\Windows\system32\milcore.dll
2012-09-13 22:03 - 2012-08-30 21:13 - 15291752 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2008-07-22 21:28 - 2008-06-11 19:21 - 00204800 _____ () C:\Windows\System32\SysHook.dll
2008-05-15 02:05 - 2008-05-15 02:05 - 00121392 _____ (Egis Inc.) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
2008-05-15 02:05 - 2008-05-15 02:05 - 00240176 _____ (Egis Incorporated.) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
2011-06-21 19:25 - 2010-05-04 21:13 - 00231424 _____ (Microsoft Corporation) C:\Windows\System32\msshsq.dll
2011-06-14 17:41 - 2009-04-11 08:28 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\wscntfy.dll
2011-02-23 17:30 - 2010-04-05 19:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\VBScript.dll
2012-02-26 13:57 - 2012-02-26 13:57 - 00141104 _____ ( ) C:\Program Files\BrowserCompanion\updatebhoWin32.dll
2012-02-21 22:32 - 2012-02-17 21:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2008-10-31 10:53 - 2008-10-31 10:53 - 00126976 _____ (Arachnoid Biometrics Identification Group Corp.) C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll
2012-02-13 17:40 - 2012-02-13 17:40 - 00030016 _____ (TuneUp Software) C:\Program Files\TuneUp Utilities 2011\SDShelEx-win32.dll
2008-05-15 02:04 - 2008-05-15 02:04 - 00304688 _____ (Egis Incorporated.) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll
2008-01-21 04:23 - 2008-01-21 04:23 - 01298432 _____ (Microsoft Corporation) C:\Windows\System32\TMM.dll
2012-09-13 22:03 - 2012-08-30 21:13 - 02422120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2006-11-02 10:45 - 2006-11-02 11:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\pautoenr.dll
2011-06-14 17:43 - 2009-04-11 08:28 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\certenroll.dll
2012-09-13 22:14 - 2012-08-30 17:57 - 03272552 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvUI.dll
2012-09-13 22:16 - 2012-08-30 21:13 - 00634728 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Common\easyDaemonAPIU.DLL
2012-09-13 22:16 - 2012-08-30 21:13 - 02814824 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll
2012-09-13 22:16 - 2012-08-30 21:13 - 00980328 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Common\NVUPDTR.DLL
2008-05-15 02:04 - 2008-05-15 02:04 - 00254000 _____ (Egis Incorporated.) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ADMIN_CLASS_LIB.dll
2008-05-15 02:04 - 2008-05-15 02:04 - 00272944 _____ (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\keyManager.dll
2008-05-15 02:04 - 2008-05-15 02:04 - 00551472 _____ (Egis inc.) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\CryptoAPI.dll
2008-05-15 02:05 - 2008-05-15 02:05 - 00199216 _____ (Egis Incorporated.) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDUtil.dll
2008-05-15 02:05 - 2008-05-15 02:05 - 00227888 _____ () C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2008-05-15 02:04 - 2008-05-15 02:04 - 00103472 _____ (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSop.dll
2008-05-15 02:04 - 2008-05-15 02:04 - 04966960 _____ (Egis Incorporated.) C:\Program Files\Acer\Empowering Technology\eDataSecurity\EDS.Windows.Forms.dll
2008-07-22 21:35 - 2008-02-21 01:31 - 00162336 _____ (Realtek Semiconductor) C:\Program Files\Acer\Empowering Technology\eAudio\AcrRtAud.dll
2008-07-22 21:26 - 2008-04-25 03:19 - 00163840 _____ (Synaptics, Inc.) C:\Windows\system32\SynCOM.dll
2008-07-22 21:26 - 2008-04-25 03:31 - 00151552 _____ (Synaptics, Inc.) C:\Windows\system32\SynTPAPI.dll
2008-10-31 10:42 - 2008-10-31 10:42 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2008-07-22 21:28 - 2008-08-01 18:49 - 00032768 _____ (Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\WMIInterface.dll
2008-10-31 10:42 - 2008-10-31 10:42 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2008-10-31 10:42 - 2008-10-31 10:42 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-04-28 18:49 - 2008-04-28 18:49 - 00002560 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2009-09-07 20:50 - 2009-09-07 20:50 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\MFC71.DLL
2009-09-07 20:50 - 2009-09-07 20:50 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR71.dll
2009-09-07 20:50 - 2009-09-07 20:50 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP71.dll
2011-03-21 17:30 - 2011-03-21 17:30 - 00053024 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01292136 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00923496 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 16303976 _____ (The ICU Project) C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00073064 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2008-10-31 11:16 - 2007-03-19 20:18 - 01343488 _____ (Acer inc.) C:\Program Files\Acer\Acer VCM\Acer.Empowering.Windows.Forms.dll
2008-10-31 11:16 - 2007-09-11 20:12 - 00475136 _____ () C:\Program Files\Acer\Acer VCM\AcerControl.dll
2008-10-31 11:16 - 2007-12-20 22:49 - 00006656 _____ (Acer Incorporated.) C:\Program Files\Acer\Acer VCM\en\AcerVCM.resources.dll
2008-10-31 11:16 - 2006-10-23 18:10 - 00077824 _____ ( ) C:\Program Files\Acer\Acer VCM\Interop.SKYPEAPILib.dll
2008-10-31 11:16 - 2007-09-28 19:37 - 00442368 _____ (Acer Inc.) C:\Program Files\Acer\Acer VCM\AcerSkypeAPI.dll
2008-10-31 11:16 - 2006-10-23 18:10 - 00015872 _____ ( ) C:\Program Files\Acer\Acer VCM\Interop.AcerBlueToothAPILib.dll
2006-11-02 10:57 - 2006-11-02 11:44 - 00418816 _____ (Microsoft Corporation) C:\Windows\system32\irprops.cpl
2013-08-05 23:52 - 2013-06-18 16:21 - 03285912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2012-09-13 22:03 - 2012-08-30 21:13 - 12465512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2013-07-15 17:31 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-15 17:31 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-28 01:35 - 2013-07-28 01:35 - 16166280 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll

==================== Alternate Data Streams (whitelisted) ==========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2013 09:35:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 984523

Error: (09/03/2013 09:35:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 984523

Error: (09/03/2013 09:35:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2013 09:35:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 977659

Error: (09/03/2013 09:35:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 977659

Error: (09/03/2013 09:35:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2013 09:35:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 976660

Error: (09/03/2013 09:35:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 976660

Error: (09/03/2013 09:35:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2013 09:35:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 975646


System errors:
=============
Error: (08/18/2013 04:04:33 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (08/17/2013 03:33:49 AM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (08/14/2013 00:40:55 AM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (07/19/2013 02:59:24 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (07/17/2013 05:46:59 PM) (Source: DCOM) (User: )
Description: {6A972E27-93E2-4F98-8367-4101B2073814}

Error: (06/30/2013 03:13:33 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (06/24/2013 10:42:06 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (06/14/2013 01:33:29 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (06/04/2013 04:03:27 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (06/03/2013 03:03:50 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2012-12-09 19:12:40.040
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SysHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-09 19:12:39.638
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SysHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-09 19:11:42.200
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-09 19:11:30.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SysHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-09 19:11:30.598
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SysHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-09 19:11:00.807
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-09 19:05:59.337
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SysHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-09 19:05:58.891
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SysHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-09 19:05:43.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-09 19:05:29.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SysHook.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 3065.93 MB
Available physical RAM: 1739.44 MB
Total Pagefile: 6334.14 MB
Available Pagefile: 4901.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.61 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:111.44 GB) (Free:1.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:107.9 GB) (Free:24.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 89614542)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=108 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=12)

==================== End Of Log ============================
         
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2013 03
Ran by Scott (administrator) on SCOTT-PC on 03-09-2013 21:45:39
Running from C:\Users\Anja\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
() C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
() C:\Acer\Mobility Center\MobilityService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MPF\MPFSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSK\MskSrver.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
() C:\Program Files\SiteAdvisor\6172\SAService.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee.com\agent\mcagent.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Realtek Semiconductor Corp.) C:\Users\Anja\AppData\Local\Temp\RtkBtMnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Inc.) C:\Program Files\Acer\Acer VCM\acp2HID.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
(McAfee, Inc.) c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee\msc\mcuimgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
() C:\Users\Anja\Desktop\Defogger.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-05-15] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-05-30] (Acer Incorporated)
HKLM\...\Run: [WarReg_PopUp] - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [mcagent_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [582992 2007-08-04] (McAfee, Inc.)
HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-26] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [152872 2009-09-07] (CyberLink Corp.)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-22] (Google)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [X]
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [X]
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\RunOnce: [RegistryDefrag Success Message] - "C:\Program Files\TuneUp Utilities 2011\TUMessages.exe" /RegDefrag_Success [99136 2012-02-13] (TuneUp Software)
HKCU\...\RunOnce: [Application Restart #3] - C:\Windows\System32\conime.exe C:\Windows\system32\conime.exe [69120 2009-04-11] (Microsoft Corporation)
MountPoints2: {30f4533a-a9b3-11de-b1a1-00238b16b807} - E:\Setup.exe
MountPoints2: {a3b4143f-ae4f-11e0-a566-00238b16b807} - "E:\WD SmartWare.exe" autoplay=true
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\New\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Acer\Acer Bio Protection\PwdFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=116199&tt=4412_6&babsrc=HP_ss&mntrId=aa83843f00000000000000215d4162c4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1008&m=aspire_6930g
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1008&m=aspire_6930g
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1008&m=aspire_6930g
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.claro-search.com/?q={searchTerms}&affID=116199&tt=4412_6&babsrc=SP_ss&mntrId=aa83843f00000000000000215d4162c4
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=SGcgspidoL-yFMx4liIRSKrafUs?q={searchTerms}
BHO: Claro LTD Helper Object - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll (Montera Technologeis LTD)
BHO: Browser Companion Helper - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( )
BHO: No Name - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll ()
BHO: ProxTube - {0AA2810A-F009-4BD7-A10A-32F140A1B9F3} - C:\Users\Scott\AppData\LocalLow\ProxTube\IE\ProxTube.dll (Malte Goetz)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} -  No File
BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll ()
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Browser Companion Helper Verifier - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Plugin for Media Finder - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Scott\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll (Media Finder)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\Scott\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll ()
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
Handler: base64 - No CLSID Value - 
Handler: chrome - No CLSID Value - 
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: prox - No CLSID Value - 
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll ()
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default
FF user.js: detected! => C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\user.js
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Claro Search
FF SearchEngineOrder.1: Claro Search
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.claro-search.com/?affID=116199&tt=4412_6&babsrc=HP_ss&mntrId=aa83843f00000000000000215d4162c4
FF Keyword.URL: hxxp://www.claro-search.com/?affID=116199&tt=4412_6&babsrc=KW_ss&mntrId=aa83843f00000000000000215d4162c4&q=
FF NetworkProxy: "ftp", "54.246.127.98"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "54.246.127.98"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "54.246.127.98"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "54.246.127.98"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Media Finder plugin - C:\Users\Scott\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com
FF Extension: General Crawler - C:\Users\Scott\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
FF Extension: Browser Companion Helper - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\Extensions\bbrs_002@blabbers.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\Extensions\ich@maltegoetz.de
FF Extension: stealthyextension - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\Extensions\stealthyextension@gmail.com.xpi
FF Extension: toolbar - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\Extensions\toolbar@web.de.xpi
FF Extension: No Name - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

========================== Services (Whitelisted) =================

R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-16] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-02] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-22] (Google)
R2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3602432 2008-10-31] ()
R2 mcmscsvc; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [749904 2007-08-04] (McAfee, Inc.)
R2 McNASvc; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2376992 2008-03-20] (McAfee, Inc.)
S3 McODS; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [378184 2007-07-25] (McAfee, Inc.)
R2 McProxy; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [359248 2007-08-15] (McAfee, Inc.)
R2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [144704 2007-07-24] (McAfee, Inc.)
R3 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [695624 2007-07-25] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-07] ()
R2 MpfService; C:\Program Files\McAfee\MPF\MPFSrv.exe [856864 2007-07-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\McAfee\MSK\MskSrver.exe [23880 2007-08-24] (McAfee, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] ()
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-11] (Acer Incorporated)
R2 SiteAdvisor Service; C:\Program Files\SiteAdvisor\6172\SAService.exe [341280 2008-07-22] ()
S4 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [102400 2008-05-16] (WDC)
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC)
S4 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo)

==================== Drivers (Whitelisted) ====================

R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [42608 2008-10-31] (Alfa Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R2 int15; C:\Windows\system32\drivers\int15.sys [69632 2007-01-26] ()
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79304 2007-07-24] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35240 2007-07-21] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [201288 2007-07-21] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [33800 2007-07-24] (McAfee, Inc.)
R3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40488 2007-07-21] (McAfee, Inc.)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [125728 2007-07-13] (McAfee, Inc.)
R2 NTIPPKernel; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [122368 2008-01-17] (Cyberlink Corp.)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2011-07-08] (TuneUp Software)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2009-08-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20736 2009-08-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2009-08-11] (LG Electronics Inc.)
R2 VBoxDrv; C:\Program Files\YouWave_Android\vb\VBoxDrv.sys [135680 2011-07-15] (Oracle Corporation)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [87536 2009-09-11] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-03 21:43 - 2013-09-03 21:43 - 01084575 _____ (Farbar) C:\Users\Anja\Desktop\FRST.exe
2013-09-03 21:38 - 2013-09-03 21:39 - 00000472 _____ C:\Users\Anja\Desktop\defogger_disable.log
2013-09-03 21:38 - 2013-09-03 21:38 - 00000000 _____ C:\Users\Scott\defogger_reenable
2013-09-03 21:07 - 2013-09-03 21:07 - 00050477 _____ C:\Users\Anja\Desktop\Defogger.exe
2013-08-28 03:41 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 02:16 - 2013-08-15 02:22 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 01:46 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 01:46 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 01:46 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 01:46 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 01:46 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 01:46 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-15 01:46 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 01:46 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-15 01:46 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 01:46 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 01:46 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 01:02 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 01:02 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-14 01:02 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 01:01 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 01:01 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 01:01 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 01:01 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 01:01 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 01:01 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 01:01 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 01:01 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 01:01 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-06 00:08 - 2013-08-06 00:08 - 00001730 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-06 00:07 - 2013-08-06 00:09 - 00000000 ____D C:\Program Files\QuickTime
2013-08-06 00:00 - 2013-08-06 00:01 - 41404760 _____ (Apple Inc.) C:\Users\Anja\Downloads\QuickTimeInstaller.exe
2013-08-05 23:50 - 2013-08-05 23:50 - 00280368 _____ (Mozilla) C:\Users\Anja\Downloads\Firefox Setup Stub 22.0.exe

==================== One Month Modified Files and Folders =======

2013-09-03 21:45 - 2013-09-03 21:45 - 00000000 ____D C:\FRST
2013-09-03 21:43 - 2013-09-03 21:43 - 01084575 _____ (Farbar) C:\Users\Anja\Desktop\FRST.exe
2013-09-03 21:39 - 2013-09-03 21:38 - 00000472 _____ C:\Users\Anja\Desktop\defogger_disable.log
2013-09-03 21:38 - 2013-09-03 21:38 - 00000000 _____ C:\Users\Scott\defogger_reenable
2013-09-03 21:38 - 2008-12-30 15:18 - 00000000 ____D C:\Users\Scott
2013-09-03 21:36 - 2008-07-22 21:27 - 00059921 _____ C:\Windows\system32\Config.MPF
2013-09-03 21:07 - 2013-09-03 21:07 - 00050477 _____ C:\Users\Anja\Desktop\Defogger.exe
2013-09-03 21:00 - 2011-02-22 21:54 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-03 20:54 - 2008-10-31 10:28 - 01593767 _____ C:\Windows\WindowsUpdate.log
2013-09-03 20:52 - 2006-11-02 12:33 - 00759698 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-03 20:47 - 2011-09-14 20:43 - 05239268 _____ C:\Windows\PFRO.log
2013-09-03 20:47 - 2011-02-22 21:54 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-03 20:47 - 2008-10-31 10:43 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2013-09-03 20:47 - 2008-07-22 21:55 - 00000147 _____ C:\Windows\system32\agent.log
2013-09-03 20:47 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-03 20:47 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-03 20:47 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-03 17:38 - 2006-11-02 15:01 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-31 02:45 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-17 03:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-15 02:22 - 2013-08-15 02:16 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 02:16 - 2012-09-03 16:29 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-07 04:22 - 2011-09-05 18:00 - 00238872 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-08-06 00:11 - 2013-05-25 03:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-06 00:11 - 2012-05-07 22:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-06 00:09 - 2013-08-06 00:07 - 00000000 ____D C:\Program Files\QuickTime
2013-08-06 00:08 - 2013-08-06 00:08 - 00001730 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-06 00:01 - 2013-08-06 00:00 - 41404760 _____ (Apple Inc.) C:\Users\Anja\Downloads\QuickTimeInstaller.exe
2013-08-05 23:58 - 2011-06-09 03:55 - 00000000 ____D C:\Users\Scott\AppData\Local\Adobe
2013-08-05 23:52 - 2011-02-22 21:57 - 00000850 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-05 23:50 - 2013-08-05 23:50 - 00280368 _____ (Mozilla) C:\Users\Anja\Downloads\Firefox Setup Stub 22.0.exe

Files to move or delete:
====================
C:\ProgramData\0tbpw.pad
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\Users\Anja\AppData\Local\Temp\1346681455.exe
C:\Users\Anja\AppData\Local\Temp\b34btbztdb2vavaw.exe
C:\Users\Anja\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Anja\AppData\Local\Temp\MozUpdater\updater.exe
C:\Users\Anja\AppData\Local\Temp\MozUpdater\bgupdate\updater.exe
C:\Users\New\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\New\AppData\Local\Temp\MozUpdater\updater.exe
C:\Users\Scott\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Scott\AppData\Local\Temp\{C0C1C9ED-8AA1-40EB-8399-4611E0491CE1}\BrowseFolderDll.dll
C:\Users\Scott\AppData\Local\Temp\{C0C1C9ED-8AA1-40EB-8399-4611E0491CE1}\Execute2App.exe
C:\Users\Scott\AppData\Local\Temp\{C0C1C9ED-8AA1-40EB-8399-4611E0491CE1}\ISRT.dll
C:\Users\Scott\AppData\Local\Temp\{C0C1C9ED-8AA1-40EB-8399-4611E0491CE1}\Kies2RemoveAll.exe
C:\Users\Scott\AppData\Local\Temp\{C0C1C9ED-8AA1-40EB-8399-4611E0491CE1}\KiesProgressDialog.dll
C:\Users\Scott\AppData\Local\Temp\{C0C1C9ED-8AA1-40EB-8399-4611E0491CE1}\MSSetupAddinDll.dll
C:\Users\Scott\AppData\Local\Temp\{C0C1C9ED-8AA1-40EB-8399-4611E0491CE1}\MSSetupAddinDllForVista.dll
C:\Users\Scott\AppData\Local\Temp\{C0C1C9ED-8AA1-40EB-8399-4611E0491CE1}\msvcp90.dll
C:\Users\Scott\AppData\Local\Temp\{C0C1C9ED-8AA1-40EB-8399-4611E0491CE1}\msvcr90.dll
C:\Users\Scott\AppData\Local\Temp\{C0C1C9ED-8AA1-40EB-8399-4611E0491CE1}\NDP40-KB2461678-x86.exe
C:\Users\Scott\AppData\Local\Temp\{C0C1C9ED-8AA1-40EB-8399-4611E0491CE1}\setup.exe
C:\Users\Scott\AppData\Local\Temp\{C0C1C9ED-8AA1-40EB-8399-4611E0491CE1}\WriteDescExecuteFileName.exe
C:\Users\Scott\AppData\Local\Temp\{C0C1C9ED-8AA1-40EB-8399-4611E0491CE1}\_isres_0x0409.dll
C:\Users\Scott\AppData\Local\Temp\{4E6EE2F3-34F7-4429-9CE2-6DD244344D6B}\ISSetup.dll
C:\Users\Scott\AppData\Local\Temp\temp-android-tool\lib\SDK Manager.exe
C:\Users\Scott\AppData\Local\Temp\swtlib-32\swt-win32-3550.dll
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\MaAgent.exe
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\MAAuthProc.dll
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\MACLICX13.dll
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\MACLicX15.dll
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\MACSMANAGER.dll
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\MaCSMgr.exe
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\MaCSProHook.dll
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\mapshapi.dll
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\mapwij10.dll
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\MaSyncP.dll
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\MaWAMP.dll
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\MAWebControl.exe
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\MaWMP.dll
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\MPXBox.exe
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\MtpAccess.dll
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\UserShare.dll
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\XSYNCClt.dll
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MAFileUpdate.dll
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MAUpdate.exe
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MAUpdateBoot.exe
C:\Users\Scott\AppData\Local\Temp\MarkAny\ContentSafer\UpdateClient\MaUpdateClient.exe
C:\Users\Scott\AppData\Local\Temp\e8d32420-7ae1-4814-a668-6fb4eb026a15\CliSecureRT.dll
C:\Users\Scott\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
C:\Users\Scott\AppData\Local\Temp\a12825bd-15c9-4154-8729-0436821e9c1e\CliSecureRT.dll
C:\Users\Scott\AppData\Local\Temp\0fc9221e-2e41-47bc-a46c-7d9bb48dcf66\CliSecureRT.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-03 20:53

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 05.09.2013, 10:37   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden - Standard

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.09.2013, 22:14   #5
Carsten9880
 
Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden - Standard

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden



Nachdem Combofix gescannt hatte und ein Neustart durchgeführt, passierte merkwürdiges: Das Combofix Fenster öffnete und schloß sich immer wieder, sodaß ich dann Combofix nach 30 Minuten geschlossen habe. Trotzdem hier die Combofix.txt, die angelegt wurde:
Code:
ATTFilter
ComboFix 13-09-04.04 - Scott 05/09/2013  21:48:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3066.1751 [GMT 2:00]
Running from: C:\Users\Anja\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Resident AV is active
         
Oder ist irgendwie die Deaktivierung des Viren Programms McAffe fehlgeschlagen?


Alt 06.09.2013, 09:52   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden - Standard

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden



McAfee bitte deinstallieren, Combofix löschen und neu laden und nochmal laufen lassen.
__________________
--> Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden

Alt 07.09.2013, 13:03   #7
Carsten9880
 
Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden - Standard

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden



Diesmal hat`s geklappt.
Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-09-04.04 - Scott 07/09/2013  13:39:46.2.2 - x86
Running from: c:\users\Anja\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\install.exe
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\programdata\0tbpw.pad
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Anja\dxmupioku.exe.VIRUS
c:\users\Scott\AppData\Roaming\Media Finder\Extensions\IEPLugin32.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-07 to 2013-09-07  )))))))))))))))))))))))))))))))
.
.
2013-09-07 11:55 . 2013-09-07 11:55	--------	d-----w-	c:\users\Scott\AppData\Local\temp
2013-09-07 11:55 . 2013-09-07 11:55	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-09-07 11:55 . 2013-09-07 11:55	--------	d-----w-	c:\users\New\AppData\Local\temp
2013-09-07 11:55 . 2013-09-07 11:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-07 11:21 . 2013-08-06 07:28	7166848	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5A84C576-51B2-4082-8674-C861F239BDE0}\mpengine.dll
2013-09-03 19:45 . 2013-09-03 19:45	--------	d-----w-	C:\FRST
2013-08-28 01:41 . 2013-08-02 04:09	1548288	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-08-15 00:16 . 2013-08-15 00:22	--------	d-----w-	c:\windows\system32\MRT
2013-08-13 23:02 . 2013-06-15 13:22	15872	----a-w-	c:\windows\system32\icaapi.dll
2013-08-13 23:02 . 2013-06-15 11:23	24064	----a-w-	c:\windows\system32\drivers\tssecsrv.sys
2013-08-13 23:02 . 2013-07-05 04:53	905664	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-08-13 23:01 . 2013-07-17 19:41	2048	----a-w-	c:\windows\system32\tzres.dll
2013-08-13 23:01 . 2013-07-10 09:47	783360	----a-w-	c:\windows\system32\rpcrt4.dll
2013-08-13 23:01 . 2013-07-09 12:10	1205168	----a-w-	c:\windows\system32\ntdll.dll
2013-08-13 23:01 . 2013-07-08 04:55	3603904	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-08-13 23:01 . 2013-07-08 04:55	3551680	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-08-13 23:01 . 2013-07-08 04:16	992768	----a-w-	c:\windows\system32\crypt32.dll
2013-08-13 23:01 . 2013-07-08 04:20	172544	----a-w-	c:\windows\system32\wintrust.dll
2013-08-13 23:01 . 2013-07-08 04:16	98304	----a-w-	c:\windows\system32\cryptnet.dll
2013-08-13 23:01 . 2013-07-08 04:16	133120	----a-w-	c:\windows\system32\cryptsvc.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-07 02:22 . 2011-09-05 16:00	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-07-27 23:41 . 2013-07-27 23:42	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-07-27 23:41 . 2012-07-13 19:18	867240	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-07-27 23:41 . 2011-07-18 18:34	789416	----a-w-	c:\windows\system32\deployJava1.dll
2013-07-27 23:35 . 2012-03-30 12:10	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-07-27 23:35 . 2011-07-05 19:44	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-02-22 19:47 . 2013-05-25 01:39	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-15 00:05	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-15 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-07 152872]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-22 30192]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-10-31 08:53	3197952	----a-w-	c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 22:24	567560	----a-w-	c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=c:\windows\pss\Memeo AutoSync Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=c:\windows\pss\WD Anywhere Backup Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27	17351304	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-12-27 09:51	1242448	----a-w-	c:\program files\Steam\Steam.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"KiesPreload"=c:\program files\Samsung\Kies\Kies.exe /preload
"KiesPDLR"=c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"WD Drive Manager"=c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
"Browser companion helper"=c:\program files\BrowserCompanion\BCHelper.exe /T=3 /CHI={$CHROM_GUID_UNINSTALLS}
"KiesTrayAgent"=c:\program files\Samsung\Kies\KiesTrayAgent.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-22 19:54]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-22 19:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.claro-search.com/?affID=116199&tt=4412_6&babsrc=HP_ss&mntrId=aa83843f00000000000000215d4162c4
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1008&m=aspire_6930g
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.claro-search.com/?affID=116199&tt=4412_6&babsrc=HP_ss&mntrId=aa83843f00000000000000215d4162c4
FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=116199&tt=4412_6&babsrc=KW_ss&mntrId=aa83843f00000000000000215d4162c4&q=
FF - prefs.js: network.proxy.ftp - 54.246.127.98
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 54.246.127.98
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 54.246.127.98
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 54.246.127.98
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2011-06-14 03:24; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extentions.y2layers.installId - 5e0ee68f-c909-4657-a905-db69dcf149ca
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,BestVideoDownloader,EzLooker,TwitTube,TopRelatedTopics,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - aa83843f00000000000000215d4162c4
FF - user.js: extensions.BabylonToolbar_i.hardId - aa83843f00000000000000215d4162c4
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15461
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:05
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.claro.tlbrSrchUrl - 
FF - user.js: extensions.claro.id - aa83843f00000000000000215d4162c4
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15643
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1023:19
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-09-07 13:55
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3572)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
Completion time: 2013-09-07  14:00:07
ComboFix-quarantined-files.txt  2013-09-07 12:00
.
Pre-Run: 5,933,862,912 bytes free
Post-Run: 5,546,639,360 bytes free
.
- - End Of File - - 6C17C2749F31C9CE276A7A4DD217FDD3
         
--- --- --- BB9D3A6A13C5010348DA7C900BB6AF50

Alt 07.09.2013, 21:06   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden - Standard

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.09.2013, 18:34   #9
Carsten9880
 
Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden - Standard

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden



Also, hat soweit alles ganz gut geklappt, nur was ich etwas merkwürdig fand, war das nachdem Malwarebytes Anti-Malware beendet war und Neustart durchgeführt hatte ich nix mehr auf dem Rechner machen konnte, denn egal was ich anklickte, der fing nur noch an endlos zu rödeln. Mußte ich sogar kpl. ausschalten, weil Vista nicht mehr runter gefahren werden konnte. Erst als ich Malwarebytes Anti-Malware im abgesicherten Modus deinstalliert habe ging Vista wieder zu bedienen.
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.08.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Scott :: SCOTT-PC [administrator]

Protection: Enabled

08/09/2013 15:22:31
mbam-log-2013-09-08 (15-22-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Heuristics/Extra | P2P
Objects scanned: 48285
Time elapsed: 8 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Delete on reboot.

Registry Keys Detected: 13
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\USERS\SCOTT\APPDATA\ROAMING\MEDIA FINDER\EXTENSIONS\GENCRAWLER_GC.DLL (Trojan.Downloader) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Delete on reboot.
C:\Users\Scott\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\Anja\AppData\Roaming\aqva\chp.exe (Trojan.Bitcoin) -> Quarantined and deleted successfully.
C:\Users\Anja\AppData\Roaming\aqva\scvhost.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\Anja\AppData\Roaming\Ewqj\Ewqj.scr.VIRUS (Trojan.Agent.ED) -> Quarantined and deleted successfully.

(end)
         
Code:
ATTFilter
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.003 - Report created 08/09/2013 at 17:03:42
# Updated 07/09/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Scott - SCOTT-PC
# Running from : C:\Users\Anja\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\BrowserCompanion
Folder Deleted : C:\Program Files\Claro LTD
Folder Deleted : C:\Program Files\Media Finder
Folder Deleted : C:\Program Files\Red Sky
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\Users\Scott\AppData\LocalLow\bbrs_002.tb
Folder Deleted : C:\Users\Scott\AppData\LocalLow\Claro LTD
Folder Deleted : C:\Users\Scott\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Scott\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com
Folder Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\Anja\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\New\AppData\LocalLow\bbrs_002.tb
Folder Deleted : C:\Users\New\AppData\LocalLow\Claro LTD
Folder Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\Extensions\bbrs_002@blabbers.com
File Deleted : \END
File Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\searchplugins\11-suche.xml
File Deleted : C:\Users\New\AppData\Roaming\Mozilla\Firefox\Profiles\8mzsgwrl.default\searchplugins\11-suche.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\claro.claroappCore
Key Deleted : HKLM\SOFTWARE\Classes\claro.claroappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.claroESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.claroESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Claro LTD
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\Software\Claro LTD
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\claro
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\claro
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ExpressFiles
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v22.0 (de)

[ File : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\prefs.js ]

Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Claro Search");
Line Deleted : user_pref("browser.search.order.1", "Claro Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=116199&tt=4412_6&babsrc=HP_ss&mntrId=aa83843f00000000000000215d4162c4");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111015");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "aa83843f00000000000000215d4162c4");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "aa83843f00000000000000215d4162c4");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15461");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=116199&tt=4412_6&babsrc=NT_ss&mntrId=aa83843f00000000000000215d4162c4");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:05:42");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.claro.admin", false);
Line Deleted : user_pref("extensions.claro.aflt", "babsst");
Line Deleted : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Line Deleted : user_pref("extensions.claro.dfltLng", "en");
Line Deleted : user_pref("extensions.claro.excTlbr", false);
Line Deleted : user_pref("extensions.claro.id", "aa83843f00000000000000215d4162c4");
Line Deleted : user_pref("extensions.claro.instlDay", "15643");
Line Deleted : user_pref("extensions.claro.instlRef", "sst");
Line Deleted : user_pref("extensions.claro.prdct", "claro");
Line Deleted : user_pref("extensions.claro.prtnrId", "claro");
Line Deleted : user_pref("extensions.claro.tlbrId", "claro");
Line Deleted : user_pref("extensions.claro.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.claro.vrsn", "1.8.3.10");
Line Deleted : user_pref("extensions.claro.vrsni", "1.8.3.10");
Line Deleted : user_pref("extensions.claro_i.smplGrp", "none");
Line Deleted : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1023:19:22");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,BestVideoDownloader,EzLooker,TwitTube,TopRelatedTopics,Buzzdock,");
Line Deleted : user_pref("extentions.y2layers.installId", "5e0ee68f-c909-4657-a905-db69dcf149ca");
Line Deleted : user_pref("extentions.y2layers.lastDnsTest", 369405);
Line Deleted : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=116199&tt=4412_6&babsrc=KW_ss&mntrId=aa83843f00000000000000215d4162c4&q=");

[ File : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\wawd0f5v.default\prefs.js ]


[ File : C:\Users\New\AppData\Roaming\Mozilla\Firefox\Profiles\8mzsgwrl.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [21464 octets] - [08/09/2013 16:44:46]
AdwCleaner[S0].txt - [21762 octets] - [08/09/2013 17:03:42]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [21823 octets] ##########
         
--- --- ---
JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Scott on 08/09/2013 at 17:11:58.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Scott\AppData\Roaming\mozilla\firefox\profiles\lqc0twm5.default\minidumps [187 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/09/2013 at 17:19:03.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-09-2013
Ran by Scott (administrator) on SCOTT-PC on 08-09-2013 19:15:30
Running from C:\Users\Anja\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
() C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Realtek Semiconductor Corp.) C:\Users\Anja\AppData\Local\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Inc.) C:\Program Files\Acer\Acer VCM\acp2HID.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-05-15] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-05-30] (Acer Incorporated)
HKLM\...\Run: [WarReg_PopUp] - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-26] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [152872 2009-09-07] (CyberLink Corp.)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-22] (Google)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Runonce: [ Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [X]
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [X]
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe -update activex [690096 2012-09-20] (Adobe Systems Incorporated)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\New\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1008&m=aspire_6930g
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ProxTube - {0AA2810A-F009-4BD7-A10A-32F140A1B9F3} - C:\Users\Scott\AppData\LocalLow\ProxTube\IE\ProxTube.dll (Malte Goetz)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SelectedSearchEngine: Google
FF NetworkProxy: "ftp", "54.246.127.98"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "54.246.127.98"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "54.246.127.98"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "54.246.127.98"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\Extensions\ich@maltegoetz.de
FF Extension: stealthyextension - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\Extensions\stealthyextension@gmail.com.xpi
FF Extension: toolbar - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\Extensions\toolbar@web.de.xpi
FF Extension: No Name - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

========================== Services (Whitelisted) =================

R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-16] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-02] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-22] (Google)
R2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3602432 2008-10-31] ()
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-07] ()
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] ()
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-11] (Acer Incorporated)
S4 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [102400 2008-05-16] (WDC)
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC)
S4 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo)

==================== Drivers (Whitelisted) ====================

R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [42608 2008-10-31] (Alfa Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R2 int15; C:\Windows\system32\drivers\int15.sys [69632 2007-01-26] ()
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R2 NTIPPKernel; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [122368 2008-01-17] (Cyberlink Corp.)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2011-07-08] (TuneUp Software)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2009-08-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20736 2009-08-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2009-08-11] (LG Electronics Inc.)
R2 VBoxDrv; C:\Program Files\YouWave_Android\vb\VBoxDrv.sys [135680 2011-07-15] (Oracle Corporation)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [87536 2009-09-11] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Scott\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-08 19:14 - 2013-09-08 19:14 - 01082239 _____ (Farbar) C:\Users\Anja\Desktop\FRST.exe
2013-09-08 19:08 - 2013-09-08 17:19 - 00000915 _____ C:\Users\Anja\Desktop\JRT.txt
2013-09-08 17:19 - 2013-09-08 17:19 - 00000915 _____ C:\Users\Scott\Desktop\JRT.txt
2013-09-08 17:11 - 2013-09-08 17:11 - 01029490 _____ (Thisisu) C:\Users\Anja\Desktop\JRT.exe
2013-09-08 17:11 - 2013-09-08 17:11 - 00000000 ____D C:\Windows\ERUNT
2013-09-08 17:08 - 2013-09-08 17:03 - 00021902 _____ C:\Users\Anja\Desktop\AdwCleaner[S0].txt
2013-09-08 16:43 - 2013-09-08 17:03 - 00000000 ____D C:\AdwCleaner
2013-09-08 16:42 - 2013-09-08 16:42 - 01037278 _____ C:\Users\Anja\Desktop\adwcleaner.exe
2013-09-08 15:13 - 2013-09-08 15:13 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Malwarebytes
2013-09-08 15:12 - 2013-09-08 15:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 15:10 - 2013-09-08 15:11 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Anja\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-07 14:00 - 2013-09-07 14:00 - 00018106 _____ C:\ComboFix.txt
2013-09-07 13:37 - 2013-09-07 14:00 - 00000000 ____D C:\ComboFix
2013-09-05 21:43 - 2013-09-07 14:00 - 00000000 ____D C:\Qoobox
2013-09-05 21:43 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-05 21:43 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-05 21:43 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-05 21:43 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-05 21:43 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-05 21:43 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-05 21:43 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-05 21:43 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-05 21:42 - 2013-09-07 13:56 - 00000000 ____D C:\Windows\erdnt
2013-09-05 21:38 - 2013-09-05 21:39 - 05120804 ____R (Swearware) C:\Users\Anja\Desktop\ComboFix.exe
2013-09-03 22:03 - 2013-09-03 22:03 - 00377856 _____ C:\Users\Anja\Desktop\gmer_2.1.19163.exe
2013-09-03 21:47 - 2013-09-03 21:52 - 00025860 _____ C:\Users\Anja\Desktop\Addition.txt
2013-09-03 21:45 - 2013-09-03 21:45 - 00000000 ____D C:\FRST
2013-09-03 21:38 - 2013-09-03 21:39 - 00000472 _____ C:\Users\Anja\Desktop\defogger_disable.log
2013-09-03 21:38 - 2013-09-03 21:38 - 00000000 _____ C:\Users\Scott\defogger_reenable
2013-09-03 21:07 - 2013-09-03 21:07 - 00050477 _____ C:\Users\Anja\Desktop\Defogger.exe
2013-08-28 03:41 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 02:16 - 2013-08-15 02:22 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 01:46 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 01:46 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 01:46 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 01:46 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 01:46 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 01:46 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-15 01:46 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 01:46 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-15 01:46 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 01:46 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 01:46 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 01:02 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 01:02 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-14 01:02 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 01:01 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 01:01 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 01:01 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 01:01 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 01:01 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 01:01 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 01:01 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 01:01 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 01:01 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

==================== One Month Modified Files and Folders =======

2013-09-08 19:15 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-09-08 19:14 - 2013-09-08 19:14 - 01082239 _____ (Farbar) C:\Users\Anja\Desktop\FRST.exe
2013-09-08 19:11 - 2008-12-30 15:20 - 00000000 ____D C:\Users\Scott\AppData\Local\Google
2013-09-08 19:11 - 2006-11-02 12:33 - 00759698 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-08 19:08 - 2008-10-31 10:28 - 01782535 _____ C:\Windows\WindowsUpdate.log
2013-09-08 19:04 - 2011-02-22 21:54 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-08 19:04 - 2008-10-31 10:43 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2013-09-08 19:04 - 2008-07-22 21:55 - 00000147 _____ C:\Windows\system32\agent.log
2013-09-08 19:04 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-08 19:04 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-08 19:04 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-08 19:03 - 2011-09-14 20:43 - 05424440 _____ C:\Windows\PFRO.log
2013-09-08 19:03 - 2006-11-02 15:01 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-08 19:00 - 2011-02-22 21:54 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-08 17:19 - 2013-09-08 19:08 - 00000915 _____ C:\Users\Anja\Desktop\JRT.txt
2013-09-08 17:19 - 2013-09-08 17:19 - 00000915 _____ C:\Users\Scott\Desktop\JRT.txt
2013-09-08 17:11 - 2013-09-08 17:11 - 01029490 _____ (Thisisu) C:\Users\Anja\Desktop\JRT.exe
2013-09-08 17:11 - 2013-09-08 17:11 - 00000000 ____D C:\Windows\ERUNT
2013-09-08 17:03 - 2013-09-08 17:08 - 00021902 _____ C:\Users\Anja\Desktop\AdwCleaner[S0].txt
2013-09-08 17:03 - 2013-09-08 16:43 - 00000000 ____D C:\AdwCleaner
2013-09-08 16:42 - 2013-09-08 16:42 - 01037278 _____ C:\Users\Anja\Desktop\adwcleaner.exe
2013-09-08 15:42 - 2013-05-18 03:41 - 00000000 ____D C:\Users\Anja\AppData\Roaming\aqva
2013-09-08 15:42 - 2013-05-18 03:39 - 00000000 _RSHD C:\Users\Anja\AppData\Roaming\Ewqj
2013-09-08 15:13 - 2013-09-08 15:13 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Malwarebytes
2013-09-08 15:12 - 2013-09-08 15:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 15:11 - 2013-09-08 15:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Anja\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-07 14:00 - 2013-09-07 14:00 - 00018106 _____ C:\ComboFix.txt
2013-09-07 14:00 - 2013-09-07 13:37 - 00000000 ____D C:\ComboFix
2013-09-07 14:00 - 2013-09-05 21:43 - 00000000 ____D C:\Qoobox
2013-09-07 14:00 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-09-07 13:56 - 2013-09-05 21:42 - 00000000 ____D C:\Windows\erdnt
2013-09-07 13:55 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-09-07 13:22 - 2008-07-22 21:25 - 00000000 ____D C:\ProgramData\McAfee
2013-09-07 13:22 - 2008-07-22 21:25 - 00000000 ____D C:\Program Files\McAfee
2013-09-07 13:16 - 2008-07-22 21:27 - 00000000 ____D C:\ProgramData\SiteAdvisor
2013-09-05 22:13 - 2006-11-02 12:22 - 48234496 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-09-05 22:13 - 2006-11-02 12:22 - 38535168 _____ C:\Windows\system32\config\COMPON~3.bak
2013-09-05 22:13 - 2006-11-02 12:22 - 22806528 _____ C:\Windows\system32\config\SYSTEM.bak
2013-09-05 22:13 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2013-09-05 22:13 - 2006-11-02 12:22 - 00135168 _____ C:\Windows\system32\config\SAM.bak
2013-09-05 22:13 - 2006-11-02 12:22 - 00028672 _____ C:\Windows\system32\config\SECURITY.bak
2013-09-05 22:08 - 2012-02-15 20:46 - 00000000 ____D C:\Users\Anja
2013-09-05 21:39 - 2013-09-05 21:38 - 05120804 ____R (Swearware) C:\Users\Anja\Desktop\ComboFix.exe
2013-09-03 22:03 - 2013-09-03 22:03 - 00377856 _____ C:\Users\Anja\Desktop\gmer_2.1.19163.exe
2013-09-03 21:52 - 2013-09-03 21:47 - 00025860 _____ C:\Users\Anja\Desktop\Addition.txt
2013-09-03 21:45 - 2013-09-03 21:45 - 00000000 ____D C:\FRST
2013-09-03 21:39 - 2013-09-03 21:38 - 00000472 _____ C:\Users\Anja\Desktop\defogger_disable.log
2013-09-03 21:38 - 2013-09-03 21:38 - 00000000 _____ C:\Users\Scott\defogger_reenable
2013-09-03 21:38 - 2008-12-30 15:18 - 00000000 ____D C:\Users\Scott
2013-09-03 21:07 - 2013-09-03 21:07 - 00050477 _____ C:\Users\Anja\Desktop\Defogger.exe
2013-08-31 02:45 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-17 03:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-15 02:22 - 2013-08-15 02:16 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 02:16 - 2012-09-03 16:29 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Anja\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Scott\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-08 19:10

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Geändert von Carsten9880 (08.09.2013 um 18:43 Uhr)

Alt 09.09.2013, 06:21   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden - Standard

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.09.2013, 21:48   #11
Carsten9880
 
Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden - Standard

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden



Ich krieg den Link zum ESET Smartinstaller einfach nicht gestartet. Es kommt immer die Vista Fehlermeldung:
C:\Users\Anja\AppData\Local\Temp konnte nicht gespeichert werden, weil Sie die Inhalte dieses Ordners nicht ändern können.

Ändern Sie die Ordnereigenschaften und versuchen Sie es nochmals oder versuchen Sie, an einem anderen Ort zu speichern.

Versteh ich irgendwie nicht so richtig. Meiner Meinung nach hat der Ordner schon alle Administrator Rechte!?

Außerdem meldet sich jedesmal nach dem Starten von Vista das acer esecurity management und möchte wieder neu installiert werden. Keine Ahnung, was damit jetzt passiert ist nach den ganzen Viren Checks/Reinigungen. Vorher lief es, habe mich aber nie damit beschäftigt, was es eigentlich genau macht.

Äh, sorry hab's jetzt doch noch hin bekommen mit den Rechten für ESET. Werde die Ergebnisse morgen posten.

Alt 10.09.2013, 08:23   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden - Standard

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Unlock: C:\Users\Anja\AppData\Local\Temp
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



FRST danach löschen und neu laden. Dann sollten die Probleme mit Rechten weg sein.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.09.2013, 22:08   #13
Carsten9880
 
Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden - Standard

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden



Also erst mal zu deiner vorletzten Antwort:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0c9684ec7a9c1e42ad33be2d170d6798
# engine=15070
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-10 12:15:30
# local_time=2013-09-10 02:15:30 (+0100, W. Europe Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 219234 216304858 0 0
# scanned=175508
# found=13
# cleaned=0
# scan_time=13156
sh=0CE84E1DB5DE607179DFE978A7F2E295896C1484 ft=1 fh=add59c19de2c3013 vn="Win32/Adware.MediaFinder application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Media Finder\MF.exe.VIRUS.vir"
sh=813F99C162730B22A391A287FA9BA6A954C2977C ft=1 fh=545f8627a3352333 vn="a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Yontoo\YontooIEClient.dll.vir"
sh=AEC860E4CDE64D747F215B83C8DE70EE0EBCB3A0 ft=1 fh=cde73a4bb58c0fe9 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.VIRUS.vir"
sh=FDF652F803592E6840E076A89A19BF655686B8A8 ft=1 fh=de76e936397b25d2 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll.vir"
sh=BB9E58416CF4F2D522835887A23508F86E16A961 ft=1 fh=dec7ac800f9091f1 vn="Win32/TrojanDownloader.Wauchos.I trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Anja\dxmupioku.exe.VIRUS.vir"
sh=427DFDC9226A69A57FC5C1904E681E74BEF4FFBF ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-1493.FY trojan" ac=I fn="C:\Users\Anja\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\640e6941-39ce5da1"
sh=1EEBF90A3AF07D27D2D43EB71CF92C84EAE967BB ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Anja\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\1f326b90-2b92ebe6"
sh=545A63C2ADBC9865C22E741704FE3E5FD5C003F3 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Anja\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\3127a982-1999dee9"
sh=9802F7621093DBFC4382358338668406F1C98DD4 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Anja\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\72e3a234-61a97a05"
sh=3CE7591E584E6811863F236F5E96800AFD72E8F4 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Anja\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\3894ab9-4e880253"
sh=5F7F14953050C75579FA2B8B154EE704B06CAA66 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-1493.BZ trojan" ac=I fn="C:\Users\Anja\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\406803b9-4e34d06b"
sh=412B5038EB2D3DADB7F0082BD90368B4A6B83A89 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Anja\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\562079c9-3d51d9f9"
sh=75B608029437984EADBAEC73092A76219C0A269E ft=1 fh=77bf272453680ceb vn="Win32/PSW.Small.NBS trojan" ac=I fn="C:\Users\Anja\AppData\Roaming\Dopk\Dopk.scr.VIRUS"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.73  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities 2011   
 TuneUp Companion 2.4.6.4   
 TuneUp Utilities 2011   
 TuneUp Utilities Language Pack (en-GB) 
 Java(TM) 6 Update 35  
 Java 7 Update 25  
 Adobe Flash Player 	11.8.800.94  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox 22.0 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 5 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
         
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 01
Ran by Scott (administrator) on SCOTT-PC on 10-09-2013 22:46:11
Running from C:\Users\Anja\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
() C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Realtek Semiconductor Corp.) C:\Users\Anja\AppData\Local\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Inc.) C:\Program Files\Acer\Acer VCM\acp2HID.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-05-15] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-05-30] (Acer Incorporated)
HKLM\...\Run: [WarReg_PopUp] - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-26] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [152872 2009-09-07] (CyberLink Corp.)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-22] (Google)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [X]
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [X]
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\New\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1008&m=aspire_6930g
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ProxTube - {0AA2810A-F009-4BD7-A10A-32F140A1B9F3} - C:\Users\Scott\AppData\LocalLow\ProxTube\IE\ProxTube.dll (Malte Goetz)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SelectedSearchEngine: Google
FF NetworkProxy: "ftp", "54.246.127.98"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "54.246.127.98"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "54.246.127.98"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "54.246.127.98"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\Extensions\ich@maltegoetz.de
FF Extension: stealthyextension - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\Extensions\stealthyextension@gmail.com.xpi
FF Extension: toolbar - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\Extensions\toolbar@web.de.xpi
FF Extension: No Name - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

========================== Services (Whitelisted) =================

R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-16] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-02] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-22] (Google)
R2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3602432 2008-10-31] ()
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-07] ()
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] ()
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-11] (Acer Incorporated)
S4 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [102400 2008-05-16] (WDC)
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC)
S4 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo)

==================== Drivers (Whitelisted) ====================

R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [42608 2008-10-31] (Alfa Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R2 int15; C:\Windows\system32\drivers\int15.sys [69632 2007-01-26] ()
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R2 NTIPPKernel; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [122368 2008-01-17] (Cyberlink Corp.)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2011-07-08] (TuneUp Software)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2009-08-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20736 2009-08-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2009-08-11] (LG Electronics Inc.)
R2 VBoxDrv; C:\Program Files\YouWave_Android\vb\VBoxDrv.sys [135680 2011-07-15] (Oracle Corporation)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [87536 2009-09-11] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Scott\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-10 22:40 - 2013-09-10 22:40 - 00001103 _____ C:\Users\Anja\Desktop\checkup.txt
2013-09-10 22:31 - 2013-09-10 22:31 - 00891144 _____ C:\Users\Anja\Desktop\SecurityCheck.exe
2013-09-09 22:28 - 2013-09-09 22:28 - 02347384 _____ (ESET) C:\Users\Anja\Desktop\esetsmartinstaller_enu.exe
2013-09-08 19:08 - 2013-09-08 17:19 - 00000915 _____ C:\Users\Anja\Desktop\JRT.txt
2013-09-08 17:19 - 2013-09-08 17:19 - 00000915 _____ C:\Users\Scott\Desktop\JRT.txt
2013-09-08 17:11 - 2013-09-08 17:11 - 01029490 _____ (Thisisu) C:\Users\Anja\Desktop\JRT.exe
2013-09-08 17:11 - 2013-09-08 17:11 - 00000000 ____D C:\Windows\ERUNT
2013-09-08 17:08 - 2013-09-08 17:03 - 00021902 _____ C:\Users\Anja\Desktop\AdwCleaner[S0].txt
2013-09-08 16:43 - 2013-09-08 17:03 - 00000000 ____D C:\AdwCleaner
2013-09-08 16:42 - 2013-09-08 16:42 - 01037278 _____ C:\Users\Anja\Desktop\adwcleaner.exe
2013-09-08 15:13 - 2013-09-08 15:13 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Malwarebytes
2013-09-08 15:12 - 2013-09-08 15:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 15:10 - 2013-09-08 15:11 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Anja\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-07 14:00 - 2013-09-07 14:00 - 00018106 _____ C:\ComboFix.txt
2013-09-07 13:37 - 2013-09-07 14:00 - 00000000 ____D C:\ComboFix
2013-09-05 21:43 - 2013-09-07 14:00 - 00000000 ____D C:\Qoobox
2013-09-05 21:43 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-05 21:43 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-05 21:43 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-05 21:43 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-05 21:43 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-05 21:43 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-05 21:43 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-05 21:43 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-05 21:42 - 2013-09-07 13:56 - 00000000 ____D C:\Windows\erdnt
2013-09-05 21:38 - 2013-09-05 21:39 - 05120804 ____R (Swearware) C:\Users\Anja\Desktop\ComboFix.exe
2013-09-03 22:03 - 2013-09-03 22:03 - 00377856 _____ C:\Users\Anja\Desktop\gmer_2.1.19163.exe
2013-09-03 21:47 - 2013-09-03 21:52 - 00025860 _____ C:\Users\Anja\Desktop\Addition.txt
2013-09-03 21:45 - 2013-09-03 21:45 - 00000000 ____D C:\FRST
2013-09-03 21:38 - 2013-09-03 21:39 - 00000472 _____ C:\Users\Anja\Desktop\defogger_disable.log
2013-09-03 21:38 - 2013-09-03 21:38 - 00000000 _____ C:\Users\Scott\defogger_reenable
2013-09-03 21:07 - 2013-09-03 21:07 - 00050477 _____ C:\Users\Anja\Desktop\Defogger.exe
2013-08-28 03:41 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 02:16 - 2013-08-15 02:22 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 01:46 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 01:46 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 01:46 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 01:46 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 01:46 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 01:46 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-15 01:46 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 01:46 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-15 01:46 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 01:46 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 01:46 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 01:02 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 01:02 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-14 01:02 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 01:01 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 01:01 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 01:01 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 01:01 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 01:01 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 01:01 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 01:01 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 01:01 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 01:01 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

==================== One Month Modified Files and Folders =======

2013-09-10 22:45 - 2013-09-10 22:44 - 01082349 _____ (Farbar) C:\Users\Anja\Desktop\FRST.exe
2013-09-10 22:40 - 2013-09-10 22:40 - 00001103 _____ C:\Users\Anja\Desktop\checkup.txt
2013-09-10 22:31 - 2013-09-10 22:31 - 00891144 _____ C:\Users\Anja\Desktop\SecurityCheck.exe
2013-09-10 22:23 - 2006-11-02 12:33 - 00759698 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-10 22:04 - 2008-10-31 10:28 - 01873634 _____ C:\Windows\WindowsUpdate.log
2013-09-10 22:00 - 2011-02-22 21:54 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-10 22:00 - 2011-02-22 21:54 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-10 21:59 - 2011-09-14 20:43 - 05428298 _____ C:\Windows\PFRO.log
2013-09-10 21:59 - 2008-10-31 10:43 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2013-09-10 21:59 - 2008-07-22 21:55 - 00000147 _____ C:\Windows\system32\agent.log
2013-09-10 21:59 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-10 21:59 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-10 21:59 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-10 05:41 - 2006-11-02 15:01 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-09 22:28 - 2013-09-09 22:28 - 02347384 _____ (ESET) C:\Users\Anja\Desktop\esetsmartinstaller_enu.exe
2013-09-08 19:15 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-09-08 19:11 - 2008-12-30 15:20 - 00000000 ____D C:\Users\Scott\AppData\Local\Google
2013-09-08 17:19 - 2013-09-08 19:08 - 00000915 _____ C:\Users\Anja\Desktop\JRT.txt
2013-09-08 17:19 - 2013-09-08 17:19 - 00000915 _____ C:\Users\Scott\Desktop\JRT.txt
2013-09-08 17:11 - 2013-09-08 17:11 - 01029490 _____ (Thisisu) C:\Users\Anja\Desktop\JRT.exe
2013-09-08 17:11 - 2013-09-08 17:11 - 00000000 ____D C:\Windows\ERUNT
2013-09-08 17:03 - 2013-09-08 17:08 - 00021902 _____ C:\Users\Anja\Desktop\AdwCleaner[S0].txt
2013-09-08 17:03 - 2013-09-08 16:43 - 00000000 ____D C:\AdwCleaner
2013-09-08 16:42 - 2013-09-08 16:42 - 01037278 _____ C:\Users\Anja\Desktop\adwcleaner.exe
2013-09-08 15:42 - 2013-05-18 03:41 - 00000000 ____D C:\Users\Anja\AppData\Roaming\aqva
2013-09-08 15:42 - 2013-05-18 03:39 - 00000000 _RSHD C:\Users\Anja\AppData\Roaming\Ewqj
2013-09-08 15:13 - 2013-09-08 15:13 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Malwarebytes
2013-09-08 15:12 - 2013-09-08 15:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 15:11 - 2013-09-08 15:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Anja\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-07 14:00 - 2013-09-07 14:00 - 00018106 _____ C:\ComboFix.txt
2013-09-07 14:00 - 2013-09-07 13:37 - 00000000 ____D C:\ComboFix
2013-09-07 14:00 - 2013-09-05 21:43 - 00000000 ____D C:\Qoobox
2013-09-07 14:00 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-09-07 13:56 - 2013-09-05 21:42 - 00000000 ____D C:\Windows\erdnt
2013-09-07 13:55 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-09-07 13:22 - 2008-07-22 21:25 - 00000000 ____D C:\ProgramData\McAfee
2013-09-07 13:22 - 2008-07-22 21:25 - 00000000 ____D C:\Program Files\McAfee
2013-09-07 13:16 - 2008-07-22 21:27 - 00000000 ____D C:\ProgramData\SiteAdvisor
2013-09-05 22:13 - 2006-11-02 12:22 - 48234496 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-09-05 22:13 - 2006-11-02 12:22 - 38535168 _____ C:\Windows\system32\config\COMPON~3.bak
2013-09-05 22:13 - 2006-11-02 12:22 - 22806528 _____ C:\Windows\system32\config\SYSTEM.bak
2013-09-05 22:13 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2013-09-05 22:13 - 2006-11-02 12:22 - 00135168 _____ C:\Windows\system32\config\SAM.bak
2013-09-05 22:13 - 2006-11-02 12:22 - 00028672 _____ C:\Windows\system32\config\SECURITY.bak
2013-09-05 22:08 - 2012-02-15 20:46 - 00000000 ____D C:\Users\Anja
2013-09-05 21:39 - 2013-09-05 21:38 - 05120804 ____R (Swearware) C:\Users\Anja\Desktop\ComboFix.exe
2013-09-03 22:03 - 2013-09-03 22:03 - 00377856 _____ C:\Users\Anja\Desktop\gmer_2.1.19163.exe
2013-09-03 21:52 - 2013-09-03 21:47 - 00025860 _____ C:\Users\Anja\Desktop\Addition.txt
2013-09-03 21:45 - 2013-09-03 21:45 - 00000000 ____D C:\FRST
2013-09-03 21:39 - 2013-09-03 21:38 - 00000472 _____ C:\Users\Anja\Desktop\defogger_disable.log
2013-09-03 21:38 - 2013-09-03 21:38 - 00000000 _____ C:\Users\Scott\defogger_reenable
2013-09-03 21:38 - 2008-12-30 15:18 - 00000000 ____D C:\Users\Scott
2013-09-03 21:07 - 2013-09-03 21:07 - 00050477 _____ C:\Users\Anja\Desktop\Defogger.exe
2013-08-31 02:45 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-17 03:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-15 02:22 - 2013-08-15 02:16 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 02:16 - 2012-09-03 16:29 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Anja\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Scott\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-10 22:05

==================== End Of Log ============================
         
--- --- ---

Und dann noch zu deiner letzten Antwort:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-09-2013 01
Ran by Scott at 2013-09-10 22:59:19 Run:1
Running from C:\Users\Anja\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Unlock: C:\Users\Anja\AppData\Local\Temp
*****************

"C:\Users\Anja\AppData\Local\Temp" => File/Diroctory unlocked successfully.

==== End of Fixlog ====
         

Alt 11.09.2013, 08:53   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden - Standard

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden



Adobe und Firefox updaten.

Hast Du FRST nach dem Fix gelöscht und neu geladen? Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.09.2013, 17:47   #15
Carsten9880
 
Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden - Standard

Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden



Habe alles geupdated.
Die alte FRST ist gelöscht und dann habe ich eine neue erstellt, aber mir ist irgendwie nicht so ganz klar wie ich aus der FRST.txt erkennen kann, ob noch was los ist.

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013
Ran by Scott (administrator) on SCOTT-PC on 11-09-2013 18:39:34
Running from C:\Users\Anja\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
() C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Acer Inc.) C:\Program Files\Acer\Acer VCM\acp2HID.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-05-15] (Egis Incorporated)
HKLM\...\Run: [eAudio] - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-05-30] (Acer Incorporated)
HKLM\...\Run: [WarReg_PopUp] - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-26] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [152872 2009-09-07] (CyberLink Corp.)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-22] (Google)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [X]
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [X]
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [NoDrives] 0
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\New\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1008&m=aspire_6930g
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ProxTube - {0AA2810A-F009-4BD7-A10A-32F140A1B9F3} - C:\Users\Scott\AppData\LocalLow\ProxTube\IE\ProxTube.dll (Malte Goetz)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SelectedSearchEngine: Google
FF NetworkProxy: "ftp", "54.246.127.98"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "54.246.127.98"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "54.246.127.98"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "54.246.127.98"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\Extensions\ich@maltegoetz.de
FF Extension: stealthyextension - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\Extensions\stealthyextension@gmail.com.xpi
FF Extension: toolbar - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\Extensions\toolbar@web.de.xpi
FF Extension: No Name - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\lqc0twm5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

========================== Services (Whitelisted) =================

R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-16] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-02] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-22] (Google)
R2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3602432 2008-10-31] ()
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-07] ()
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] ()
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-11] (Acer Incorporated)
S4 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [102400 2008-05-16] (WDC)
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC)
S4 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo)

==================== Drivers (Whitelisted) ====================

R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [42608 2008-10-31] (Alfa Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R2 int15; C:\Windows\system32\drivers\int15.sys [69632 2007-01-26] ()
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R2 NTIPPKernel; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [122368 2008-01-17] (Cyberlink Corp.)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2011-07-08] (TuneUp Software)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2009-08-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20736 2009-08-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2009-08-11] (LG Electronics Inc.)
R2 VBoxDrv; C:\Program Files\YouWave_Android\vb\VBoxDrv.sys [135680 2011-07-15] (Oracle Corporation)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [87536 2009-09-11] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Scott\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-11 18:19 - 2013-09-11 18:19 - 00282008 _____ (Mozilla) C:\Users\Anja\Downloads\Firefox Setup Stub 23.0.1.exe
2013-09-10 22:40 - 2013-09-10 22:40 - 00001103 _____ C:\Users\Anja\Desktop\checkup.txt
2013-09-10 22:31 - 2013-09-10 22:31 - 00891144 _____ C:\Users\Anja\Desktop\SecurityCheck.exe
2013-09-09 22:28 - 2013-09-09 22:28 - 02347384 _____ (ESET) C:\Users\Anja\Desktop\esetsmartinstaller_enu.exe
2013-09-08 19:08 - 2013-09-08 17:19 - 00000915 _____ C:\Users\Anja\Desktop\JRT.txt
2013-09-08 17:19 - 2013-09-08 17:19 - 00000915 _____ C:\Users\Scott\Desktop\JRT.txt
2013-09-08 17:11 - 2013-09-08 17:11 - 01029490 _____ (Thisisu) C:\Users\Anja\Desktop\JRT.exe
2013-09-08 17:11 - 2013-09-08 17:11 - 00000000 ____D C:\Windows\ERUNT
2013-09-08 17:08 - 2013-09-08 17:03 - 00021902 _____ C:\Users\Anja\Desktop\AdwCleaner[S0].txt
2013-09-08 16:43 - 2013-09-08 17:03 - 00000000 ____D C:\AdwCleaner
2013-09-08 16:42 - 2013-09-08 16:42 - 01037278 _____ C:\Users\Anja\Desktop\adwcleaner.exe
2013-09-08 15:13 - 2013-09-08 15:13 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Malwarebytes
2013-09-08 15:12 - 2013-09-08 15:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 15:10 - 2013-09-08 15:11 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Anja\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-07 14:00 - 2013-09-07 14:00 - 00018106 _____ C:\ComboFix.txt
2013-09-07 13:37 - 2013-09-07 14:00 - 00000000 ____D C:\ComboFix
2013-09-05 21:43 - 2013-09-07 14:00 - 00000000 ____D C:\Qoobox
2013-09-05 21:43 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-05 21:43 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-05 21:43 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-05 21:43 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-05 21:43 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-05 21:43 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-05 21:43 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-05 21:43 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-05 21:42 - 2013-09-07 13:56 - 00000000 ____D C:\Windows\erdnt
2013-09-05 21:38 - 2013-09-05 21:39 - 05120804 ____R (Swearware) C:\Users\Anja\Desktop\ComboFix.exe
2013-09-03 22:03 - 2013-09-03 22:03 - 00377856 _____ C:\Users\Anja\Desktop\gmer_2.1.19163.exe
2013-09-03 21:47 - 2013-09-03 21:52 - 00025860 _____ C:\Users\Anja\Desktop\Addition.txt
2013-09-03 21:45 - 2013-09-03 21:45 - 00000000 ____D C:\FRST
2013-09-03 21:38 - 2013-09-03 21:39 - 00000472 _____ C:\Users\Anja\Desktop\defogger_disable.log
2013-09-03 21:38 - 2013-09-03 21:38 - 00000000 _____ C:\Users\Scott\defogger_reenable
2013-09-03 21:07 - 2013-09-03 21:07 - 00050477 _____ C:\Users\Anja\Desktop\Defogger.exe
2013-08-28 03:41 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 02:16 - 2013-08-15 02:22 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 01:46 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 01:46 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 01:46 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 01:46 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 01:46 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 01:46 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-15 01:46 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 01:46 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-15 01:46 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-15 01:46 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 01:46 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 01:46 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 01:02 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 01:02 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-14 01:02 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 01:01 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 01:01 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 01:01 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 01:01 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 01:01 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 01:01 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 01:01 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 01:01 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 01:01 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

==================== One Month Modified Files and Folders =======

2013-09-11 18:39 - 2006-11-02 12:33 - 00759698 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-11 18:38 - 2013-09-11 18:37 - 01082455 _____ (Farbar) C:\Users\Anja\Desktop\FRST.exe
2013-09-11 18:36 - 2008-10-31 10:28 - 01964104 _____ C:\Windows\WindowsUpdate.log
2013-09-11 18:33 - 2011-02-22 21:54 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-11 18:33 - 2008-10-31 10:43 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2013-09-11 18:33 - 2008-07-22 21:55 - 00000147 _____ C:\Windows\system32\agent.log
2013-09-11 18:33 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-11 18:33 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-11 18:33 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 18:32 - 2013-05-25 03:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-11 18:32 - 2012-05-07 22:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-11 18:32 - 2011-09-14 20:43 - 05443382 _____ C:\Windows\PFRO.log
2013-09-11 18:30 - 2006-11-02 15:01 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-11 18:24 - 2008-07-22 21:56 - 00000000 ____D C:\ProgramData\Adobe
2013-09-11 18:23 - 2012-02-20 12:06 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Adobe
2013-09-11 18:21 - 2011-02-22 21:57 - 00000850 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-11 18:19 - 2013-09-11 18:19 - 00282008 _____ (Mozilla) C:\Users\Anja\Downloads\Firefox Setup Stub 23.0.1.exe
2013-09-10 23:00 - 2011-02-22 21:54 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-10 22:40 - 2013-09-10 22:40 - 00001103 _____ C:\Users\Anja\Desktop\checkup.txt
2013-09-10 22:31 - 2013-09-10 22:31 - 00891144 _____ C:\Users\Anja\Desktop\SecurityCheck.exe
2013-09-09 22:28 - 2013-09-09 22:28 - 02347384 _____ (ESET) C:\Users\Anja\Desktop\esetsmartinstaller_enu.exe
2013-09-08 19:15 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-09-08 19:11 - 2008-12-30 15:20 - 00000000 ____D C:\Users\Scott\AppData\Local\Google
2013-09-08 17:19 - 2013-09-08 19:08 - 00000915 _____ C:\Users\Anja\Desktop\JRT.txt
2013-09-08 17:19 - 2013-09-08 17:19 - 00000915 _____ C:\Users\Scott\Desktop\JRT.txt
2013-09-08 17:11 - 2013-09-08 17:11 - 01029490 _____ (Thisisu) C:\Users\Anja\Desktop\JRT.exe
2013-09-08 17:11 - 2013-09-08 17:11 - 00000000 ____D C:\Windows\ERUNT
2013-09-08 17:03 - 2013-09-08 17:08 - 00021902 _____ C:\Users\Anja\Desktop\AdwCleaner[S0].txt
2013-09-08 17:03 - 2013-09-08 16:43 - 00000000 ____D C:\AdwCleaner
2013-09-08 16:42 - 2013-09-08 16:42 - 01037278 _____ C:\Users\Anja\Desktop\adwcleaner.exe
2013-09-08 15:42 - 2013-05-18 03:41 - 00000000 ____D C:\Users\Anja\AppData\Roaming\aqva
2013-09-08 15:42 - 2013-05-18 03:39 - 00000000 _RSHD C:\Users\Anja\AppData\Roaming\Ewqj
2013-09-08 15:13 - 2013-09-08 15:13 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Malwarebytes
2013-09-08 15:12 - 2013-09-08 15:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 15:11 - 2013-09-08 15:10 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Anja\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-07 14:00 - 2013-09-07 14:00 - 00018106 _____ C:\ComboFix.txt
2013-09-07 14:00 - 2013-09-07 13:37 - 00000000 ____D C:\ComboFix
2013-09-07 14:00 - 2013-09-05 21:43 - 00000000 ____D C:\Qoobox
2013-09-07 14:00 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-09-07 13:56 - 2013-09-05 21:42 - 00000000 ____D C:\Windows\erdnt
2013-09-07 13:55 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-09-07 13:22 - 2008-07-22 21:25 - 00000000 ____D C:\ProgramData\McAfee
2013-09-07 13:22 - 2008-07-22 21:25 - 00000000 ____D C:\Program Files\McAfee
2013-09-07 13:16 - 2008-07-22 21:27 - 00000000 ____D C:\ProgramData\SiteAdvisor
2013-09-05 22:13 - 2006-11-02 12:22 - 48234496 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-09-05 22:13 - 2006-11-02 12:22 - 38535168 _____ C:\Windows\system32\config\COMPON~3.bak
2013-09-05 22:13 - 2006-11-02 12:22 - 22806528 _____ C:\Windows\system32\config\SYSTEM.bak
2013-09-05 22:13 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2013-09-05 22:13 - 2006-11-02 12:22 - 00135168 _____ C:\Windows\system32\config\SAM.bak
2013-09-05 22:13 - 2006-11-02 12:22 - 00028672 _____ C:\Windows\system32\config\SECURITY.bak
2013-09-05 22:08 - 2012-02-15 20:46 - 00000000 ____D C:\Users\Anja
2013-09-05 21:39 - 2013-09-05 21:38 - 05120804 ____R (Swearware) C:\Users\Anja\Desktop\ComboFix.exe
2013-09-03 22:03 - 2013-09-03 22:03 - 00377856 _____ C:\Users\Anja\Desktop\gmer_2.1.19163.exe
2013-09-03 21:52 - 2013-09-03 21:47 - 00025860 _____ C:\Users\Anja\Desktop\Addition.txt
2013-09-03 21:45 - 2013-09-03 21:45 - 00000000 ____D C:\FRST
2013-09-03 21:39 - 2013-09-03 21:38 - 00000472 _____ C:\Users\Anja\Desktop\defogger_disable.log
2013-09-03 21:38 - 2013-09-03 21:38 - 00000000 _____ C:\Users\Scott\defogger_reenable
2013-09-03 21:38 - 2008-12-30 15:18 - 00000000 ____D C:\Users\Scott
2013-09-03 21:07 - 2013-09-03 21:07 - 00050477 _____ C:\Users\Anja\Desktop\Defogger.exe
2013-08-31 02:45 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-17 03:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-15 02:22 - 2013-08-15 02:16 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 02:16 - 2012-09-03 16:29 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Anja\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Scott\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 18:37

==================== End Of Log ============================
         
--- --- ---

Antwort

Themen zu Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden
beseitigt, fehlermeldung, gmer, mehrere trojaner, pup.blabbers, pup.optional.iminent.a, pup.optional.tarma.a, rechner, scan, schließen, starte, systems, tauchen, trojan.agent.ed, trojan.bitcoin, trojan.bitminer, trojan.downloader, trojaner, viren, windows, windows vista



Ähnliche Themen: Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden


  1. Windows 8.1: Avira Free Antivirus findet mehrere Viren und Trojaner
    Log-Analyse und Auswertung - 31.03.2015 (11)
  2. Ein großes Dankeschön an schrauber: Windows 8.1: Avira Free Antivirus findet mehrere Viren und Trojaner
    Lob, Kritik und Wünsche - 30.03.2015 (0)
  3. Windows 7: Mehrere Trojaner gefunden
    Log-Analyse und Auswertung - 27.01.2015 (5)
  4. Nach Virensuche mit Desinfect mehrere Viren gefunden
    Log-Analyse und Auswertung - 29.03.2014 (1)
  5. Mehrere Funde von Java-Viren durch Avira
    Log-Analyse und Auswertung - 23.02.2014 (16)
  6. Avast! hat mehrere Viren gefunden
    Plagegeister aller Art und deren Bekämpfung - 12.01.2014 (22)
  7. Laptop extrem langsam, Firewall nicht aktivierbar, Malwarebytes hat mehrere Viren gefunden
    Log-Analyse und Auswertung - 11.12.2013 (17)
  8. Windows 7: Viren im System gefunden > Hinweis durch Brief der Dt. Telekom auf "Hacking"
    Log-Analyse und Auswertung - 14.09.2013 (9)
  9. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  10. Mehrere Viren in Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (9)
  11. mehrere Trojaner gefunden durch Malwarebytes Antimalware
    Log-Analyse und Auswertung - 28.02.2012 (44)
  12. Mehrere Trojaner gefunden in windows/assembly/tmp/u vermutlich nach OTR Benutzung
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (47)
  13. Mehrere unbekannte Viren und Trojaner, nicht entfernbar durch AntiVirenProgramm
    Log-Analyse und Auswertung - 09.08.2011 (1)
  14. mehrere Viren gefunden
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (9)
  15. Pc in letzer zeit langsam - Mehrere Trojaner/Viren Gefunden
    Log-Analyse und Auswertung - 19.11.2009 (1)
  16. Mehrere Trojaner bzw Viren gefunden ( u.a. TR/Downloader.Gen)
    Log-Analyse und Auswertung - 28.10.2008 (1)
  17. Windows Security Alert / Mehrere Trojaner gefunden u.a. Trojan-Spy.Win32.GreenScreen
    Plagegeister aller Art und deren Bekämpfung - 01.09.2008 (12)

Zum Thema Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden - Die Viren CD von der Ct hat auf meinem Windows Vista gleich mehrere Trojaner gefunden und sie zwar beseitigt, aber es tauchen trotzdem immer wieder Meldungen auf, die auf eine - Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden...
Archiv
Du betrachtest: Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.