|
Plagegeister aller Art und deren Bekämpfung: Cross Scripting Verdacht und TrojanerfundeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.07.2014, 20:02 | #3 |
| Cross Scripting Verdacht und Trojanerfunde Vielen lieben Dank für die schnelle Antwort.
__________________Anbei die Logfiles. Der Text für Addition war leider zu groß für den Post und ist deswegen angehängt. FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014 Ran by *** (administrator) on PAOLO on 28-07-2014 19:58:38 Running from C:\Users\***\Desktop Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Safer Networking Ltd.) D:\Programm\Spybot - Search & Destroy\SDWinSec.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Toshiba) C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe (Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Elaborate Bytes AG) D:\Programm\VirtualCloneDrive\VCDDaemon.exe (TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Safer-Networking Ltd.) D:\Programm\Spybot - Search & Destroy\TeaTimer.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\Run: [TOSCDSPD] => TOSCDSPD.EXE HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\Run: [SpybotSD TeaTimer] => D:\Programm\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\MountPoints2: {4763afb9-43cd-11df-b2c2-001e338ab817} - G:\autorun.exe HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\MountPoints2: {c10936aa-532f-11e1-bdfa-001e338ab817} - I:\Menu.exe HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\MountPoints2: {fe1c3ae9-ff78-11dd-b909-806e6f6e6963} - E:\Autorun.exe HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\MountPoints2: {fff61ac0-033e-11e1-863a-806e6f6e6963} - H:\Autorun.exe Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) GroupPolicyUsers\S-1-5-21-3147029616-3348592130-1442432417-1049\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 SearchScopes: HKLM - {E5F4146A-5E91-4B00-A1AB-A498D2FBB078} URL = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA; SearchScopes: HKCU - DefaultScope {E5F4146A-5E91-4B00-A1AB-A498D2FBB078} URL = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_de SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 SearchScopes: HKCU - {E5F4146A-5E91-4B00-A1AB-A498D2FBB078} URL = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_de BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> D:\Programm\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9fyl39vc.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - D:\Programm\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - D:\Programm\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Ghostery - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9fyl39vc.default\Extensions\firefox@ghostery.com.xpi [2014-07-28] FF Extension: NoScript - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9fyl39vc.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-28] FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9fyl39vc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-28] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-27] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-10] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed] S2 gupdate1c9c76df710d1a6; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-04-27] (Google Inc.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [937984 2007-10-30] (Atheros Communications, Inc.) [File not signed] S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] () [File not signed] R2 SBSDWSCService; D:\Programm\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) R3 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba) [File not signed] R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-07-21] (Toshiba Europe GmbH) R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed] R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed] S2 TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 AFS; C:\Windows\system32\Drivers\AFS.sys [77004 2010-11-02] (Oak Technology Inc.) [File not signed] R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software) R1 AswRdr; C:\Windows\system32\Drivers\AswRdr.sys [49760 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2013-08-30] () R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [177864 2013-08-30] () R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG) R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-12-03] (Lavasoft AB) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-06-29] (Duplex Secure Ltd.) R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-12] (The OpenVPN Project) R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.) R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22792 2009-09-11] (Logitech Inc.) R3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [35592 2009-09-11] (Logitech Inc.) R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14984 2009-09-11] (Logitech Inc.) R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66056 2009-09-11] (Logitech Inc.) S3 igfx; system32\DRIVERS\igdkmd32.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 Tosrfcom; No ImagePath S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-28 19:57 - 2014-07-28 19:57 - 00000000 ____D () C:\Users\***\Desktop\Neuer Ordner 2014-07-28 19:56 - 2014-07-28 19:56 - 00170734 _____ () C:\Users\***\Desktop\Addition1.txt 2014-07-28 19:56 - 2014-07-28 19:56 - 00028447 _____ () C:\Users\***\Desktop\FRST1.txt 2014-07-28 19:46 - 2014-07-28 19:47 - 00170734 _____ () C:\Users\***\Desktop\Addition.txt 2014-07-28 19:45 - 2014-07-28 19:58 - 00018664 _____ () C:\Users\***\Desktop\FRST.txt 2014-07-28 19:45 - 2014-07-28 19:58 - 00000000 ____D () C:\FRST 2014-07-28 19:44 - 2014-07-28 19:44 - 01084416 _____ (Farbar) C:\Users\***\Desktop\FRST.exe 2014-07-28 17:25 - 2014-07-28 17:25 - 00000851 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-07-28 17:13 - 2014-07-28 17:13 - 00000574 _____ () C:\Windows\PFRO.log 2014-07-28 16:50 - 2014-07-28 16:51 - 32047680 _____ () C:\Users\***\Downloads\Firefox Setup 31.0.exe 2014-07-28 16:33 - 2014-07-28 16:35 - 32047680 _____ () C:\Users\***\Downloads\Firefox_Setup_de31.0(1).exe 2014-07-28 16:32 - 2014-07-28 16:36 - 32047680 _____ () C:\Users\***\Downloads\Firefox_Setup_de31.0.exe 2014-07-19 18:39 - 2014-07-19 18:40 - 29677544 _____ (Mozilla) C:\Users\***\Downloads\Firefox Setup 30.0.exe 2014-07-19 01:30 - 2014-07-19 01:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-19 01:28 - 2014-07-19 01:28 - 00512784 _____ (AVAST Software) C:\Users\***\Downloads\avastclear_9.0.2013.exe.part 2014-07-19 01:24 - 2014-07-19 01:29 - 91906368 _____ (AVAST Software) C:\Users\***\Downloads\avast_free_antivirus_setup_9.0.2021.exe 2014-07-17 19:38 - 2014-07-17 19:40 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\***\Downloads\spybot-2.4.exe 2014-07-17 19:31 - 2014-07-17 19:31 - 01348263 _____ () C:\Users\***\Downloads\adwcleaner_3.215.exe 2014-07-17 19:23 - 2014-07-17 19:23 - 02953520 _____ (AVAST Software) C:\Users\***\Downloads\avast-browser-cleanup_9.0.0.224.exe 2014-07-17 17:08 - 2014-07-17 17:08 - 00131095 _____ () C:\Users\***\Downloads\***.de - Rücksendezentrum.htm 2014-06-29 21:10 - 2014-06-29 21:10 - 00000000 ____D () C:\Users\***\Documents\TecmoKoei 2014-06-29 20:13 - 2014-06-29 20:13 - 00000654 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk 2014-06-29 20:10 - 2014-06-29 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes 2014-06-29 18:23 - 2014-06-29 18:23 - 00000000 ____D () C:\Users\***\{f61e8412-1a9e-4215-926c-e70b7baf2ccd} 2014-06-29 17:53 - 2014-06-29 17:54 - 01640984 _____ () C:\Users\***\Downloads\SetupVirtualCloneDrive547.exe 2014-06-29 16:42 - 2014-06-29 16:42 - 00025169 _____ () C:\Users\***\Desktop\20140629.txt 2014-06-29 16:32 - 2014-06-29 16:32 - 00000000 ____D () C:\Users\***\AppData\Roaming\toshiba 2014-06-29 01:20 - 2014-06-29 01:20 - 00001268 _____ () C:\Users\***\Desktop\dsgfsdf.txt 2014-06-29 00:40 - 2014-07-28 14:42 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-29 00:40 - 2014-06-29 00:40 - 00000911 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-29 00:40 - 2014-06-29 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-29 00:39 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-29 00:39 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-28 19:58 - 2014-07-28 19:45 - 00018664 _____ () C:\Users\***\Desktop\FRST.txt 2014-07-28 19:58 - 2014-07-28 19:45 - 00000000 ____D () C:\FRST 2014-07-28 19:57 - 2014-07-28 19:57 - 00000000 ____D () C:\Users\***\Desktop\Neuer Ordner 2014-07-28 19:56 - 2014-07-28 19:56 - 00170734 _____ () C:\Users\***\Desktop\Addition1.txt 2014-07-28 19:56 - 2014-07-28 19:56 - 00028447 _____ () C:\Users\***\Desktop\FRST1.txt 2014-07-28 19:47 - 2014-07-28 19:46 - 00170734 _____ () C:\Users\***\Desktop\Addition.txt 2014-07-28 19:44 - 2014-07-28 19:44 - 01084416 _____ (Farbar) C:\Users\***\Desktop\FRST.exe 2014-07-28 19:13 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-28 19:13 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-28 19:05 - 2009-06-30 14:08 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-28 19:02 - 2009-02-20 19:59 - 01251258 _____ () C:\Windows\WindowsUpdate.log 2014-07-28 17:25 - 2014-07-28 17:25 - 00000851 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-07-28 17:25 - 2013-07-04 01:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-07-28 17:25 - 2009-04-14 19:10 - 00000000 ____D () C:\Users\***\AppData\Roaming\Mozilla 2014-07-28 17:16 - 2009-06-30 14:08 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-28 17:13 - 2014-07-28 17:13 - 00000574 _____ () C:\Windows\PFRO.log 2014-07-28 17:13 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-28 17:12 - 2006-11-02 15:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-07-28 16:51 - 2014-07-28 16:50 - 32047680 _____ () C:\Users\***\Downloads\Firefox Setup 31.0.exe 2014-07-28 16:36 - 2014-07-28 16:32 - 32047680 _____ () C:\Users\***\Downloads\Firefox_Setup_de31.0.exe 2014-07-28 16:35 - 2014-07-28 16:33 - 32047680 _____ () C:\Users\***\Downloads\Firefox_Setup_de31.0(1).exe 2014-07-28 15:49 - 2009-06-29 20:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-07-28 14:42 - 2014-06-29 00:40 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-28 12:31 - 2014-02-09 16:18 - 00000000 ____D () C:\Users\***\AppData\Roaming\vlc 2014-07-27 22:01 - 2009-02-23 03:59 - 00198656 _____ () C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-19 18:40 - 2014-07-19 18:39 - 29677544 _____ (Mozilla) C:\Users\***\Downloads\Firefox Setup 30.0.exe 2014-07-19 01:31 - 2014-07-19 01:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-19 01:29 - 2014-07-19 01:24 - 91906368 _____ (AVAST Software) C:\Users\***\Downloads\avast_free_antivirus_setup_9.0.2021.exe 2014-07-19 01:28 - 2014-07-19 01:28 - 00512784 _____ (AVAST Software) C:\Users\***\Downloads\avastclear_9.0.2013.exe.part 2014-07-17 19:40 - 2014-07-17 19:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\***\Downloads\spybot-2.4.exe 2014-07-17 19:31 - 2014-07-17 19:31 - 01348263 _____ () C:\Users\***\Downloads\adwcleaner_3.215.exe 2014-07-17 19:23 - 2014-07-17 19:23 - 02953520 _____ (AVAST Software) C:\Users\***\Downloads\avast-browser-cleanup_9.0.0.224.exe 2014-07-17 17:08 - 2014-07-17 17:08 - 00131095 _____ () C:\Users\***\Downloads\***.de - Rücksendezentrum.htm 2014-07-02 13:31 - 2009-03-01 23:53 - 00007728 _____ () C:\Users\***\AppData\Local\d3d9caps.dat 2014-06-29 21:10 - 2014-06-29 21:10 - 00000000 ____D () C:\Users\***\Documents\TecmoKoei 2014-06-29 20:29 - 2008-01-21 09:16 - 01600466 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-29 20:13 - 2014-06-29 20:13 - 00000654 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk 2014-06-29 20:13 - 2009-02-20 22:15 - 00000000 ____D () C:\Users\*** 2014-06-29 20:10 - 2014-06-29 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes 2014-06-29 18:23 - 2014-06-29 18:23 - 00000000 ____D () C:\Users\***\{f61e8412-1a9e-4215-926c-e70b7baf2ccd} 2014-06-29 18:17 - 2010-04-09 13:40 - 00320120 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys 2014-06-29 17:59 - 2012-08-10 19:33 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-06-29 17:54 - 2014-06-29 17:53 - 01640984 _____ () C:\Users\***\Downloads\SetupVirtualCloneDrive547.exe 2014-06-29 16:45 - 2008-07-03 10:50 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-06-29 16:42 - 2014-06-29 16:42 - 00025169 _____ () C:\Users\***\Desktop\20140629.txt 2014-06-29 16:32 - 2014-06-29 16:32 - 00000000 ____D () C:\Users\***\AppData\Roaming\toshiba 2014-06-29 12:15 - 2006-11-02 12:23 - 00450844 ____R () C:\Windows\system32\Drivers\etc\hosts.20140629-122231.backup 2014-06-29 01:20 - 2014-06-29 01:20 - 00001268 _____ () C:\Users\***\Desktop\dsgfsdf.txt 2014-06-29 00:40 - 2014-06-29 00:40 - 00000911 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-29 00:40 - 2014-06-29 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-29 00:40 - 2012-08-10 19:33 - 00000000 ____D () C:\Users\***\AppData\Roaming\Malwarebytes 2014-06-29 00:39 - 2012-08-10 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-29 00:24 - 2010-04-09 13:38 - 00000000 ____D () C:\Users\***\AppData\Roaming\DAEMON Tools Lite ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-28 17:20 ==================== End Of Log ============================ --- --- --- |
Themen zu Cross Scripting Verdacht und Trojanerfunde |
administrator, anti-malware, autostart, avast, blockiert, browser, dateien, e-mail, ergebnis, explorer, fehlalarm, firefox, gelöscht, icq, infiziert, installation, logfile, löschen, malwarebytes, modem, nicht mehr, ordner, system, vista, windows |