| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Cross Scripting Verdacht und TrojanerfundeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.07.2014, 20:02
| #3 |
 |  Cross Scripting Verdacht und Trojanerfunde Vielen lieben Dank für die schnelle Antwort.
__________________Anbei die Logfiles. Der Text für Addition war leider zu groß für den Post und ist deswegen angehängt. FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by *** (administrator) on PAOLO on 28-07-2014 19:58:38
Running from C:\Users\***\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) D:\Programm\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Toshiba) C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Elaborate Bytes AG) D:\Programm\VirtualCloneDrive\VCDDaemon.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Safer-Networking Ltd.) D:\Programm\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\Run: [TOSCDSPD] => TOSCDSPD.EXE
HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\Run: [SpybotSD TeaTimer] => D:\Programm\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\MountPoints2: {4763afb9-43cd-11df-b2c2-001e338ab817} - G:\autorun.exe
HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\MountPoints2: {c10936aa-532f-11e1-bdfa-001e338ab817} - I:\Menu.exe
HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\MountPoints2: {fe1c3ae9-ff78-11dd-b909-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-3147029616-3348592130-1442432417-1000\...\MountPoints2: {fff61ac0-033e-11e1-863a-806e6f6e6963} - H:\Autorun.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicyUsers\S-1-5-21-3147029616-3348592130-1442432417-1049\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM - {E5F4146A-5E91-4B00-A1AB-A498D2FBB078} URL = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
SearchScopes: HKCU - DefaultScope {E5F4146A-5E91-4B00-A1AB-A498D2FBB078} URL = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_de
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {E5F4146A-5E91-4B00-A1AB-A498D2FBB078} URL = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_de
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> D:\Programm\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9fyl39vc.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - D:\Programm\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - D:\Programm\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ghostery - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9fyl39vc.default\Extensions\firefox@ghostery.com.xpi [2014-07-28]
FF Extension: NoScript - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9fyl39vc.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-28]
FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9fyl39vc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-27]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-10]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S2 gupdate1c9c76df710d1a6; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-04-27] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [937984 2007-10-30] (Atheros Communications, Inc.) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] () [File not signed]
R2 SBSDWSCService; D:\Programm\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R3 SmartFaceVWatchSrv; C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba) [File not signed]
R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-07-21] (Toshiba Europe GmbH)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S2 TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 AFS; C:\Windows\system32\Drivers\AFS.sys [77004 2010-11-02] (Oak Technology Inc.) [File not signed]
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 AswRdr; C:\Windows\system32\Drivers\AswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-12-03] (Lavasoft AB)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-06-29] (Duplex Secure Ltd.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-12] (The OpenVPN Project)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22792 2009-09-11] (Logitech Inc.)
R3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [35592 2009-09-11] (Logitech Inc.)
R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14984 2009-09-11] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66056 2009-09-11] (Logitech Inc.)
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Tosrfcom; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-28 19:57 - 2014-07-28 19:57 - 00000000 ____D () C:\Users\***\Desktop\Neuer Ordner
2014-07-28 19:56 - 2014-07-28 19:56 - 00170734 _____ () C:\Users\***\Desktop\Addition1.txt
2014-07-28 19:56 - 2014-07-28 19:56 - 00028447 _____ () C:\Users\***\Desktop\FRST1.txt
2014-07-28 19:46 - 2014-07-28 19:47 - 00170734 _____ () C:\Users\***\Desktop\Addition.txt
2014-07-28 19:45 - 2014-07-28 19:58 - 00018664 _____ () C:\Users\***\Desktop\FRST.txt
2014-07-28 19:45 - 2014-07-28 19:58 - 00000000 ____D () C:\FRST
2014-07-28 19:44 - 2014-07-28 19:44 - 01084416 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2014-07-28 17:25 - 2014-07-28 17:25 - 00000851 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-28 17:13 - 2014-07-28 17:13 - 00000574 _____ () C:\Windows\PFRO.log
2014-07-28 16:50 - 2014-07-28 16:51 - 32047680 _____ () C:\Users\***\Downloads\Firefox Setup 31.0.exe
2014-07-28 16:33 - 2014-07-28 16:35 - 32047680 _____ () C:\Users\***\Downloads\Firefox_Setup_de31.0(1).exe
2014-07-28 16:32 - 2014-07-28 16:36 - 32047680 _____ () C:\Users\***\Downloads\Firefox_Setup_de31.0.exe
2014-07-19 18:39 - 2014-07-19 18:40 - 29677544 _____ (Mozilla) C:\Users\***\Downloads\Firefox Setup 30.0.exe
2014-07-19 01:30 - 2014-07-19 01:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-19 01:28 - 2014-07-19 01:28 - 00512784 _____ (AVAST Software) C:\Users\***\Downloads\avastclear_9.0.2013.exe.part
2014-07-19 01:24 - 2014-07-19 01:29 - 91906368 _____ (AVAST Software) C:\Users\***\Downloads\avast_free_antivirus_setup_9.0.2021.exe
2014-07-17 19:38 - 2014-07-17 19:40 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\***\Downloads\spybot-2.4.exe
2014-07-17 19:31 - 2014-07-17 19:31 - 01348263 _____ () C:\Users\***\Downloads\adwcleaner_3.215.exe
2014-07-17 19:23 - 2014-07-17 19:23 - 02953520 _____ (AVAST Software) C:\Users\***\Downloads\avast-browser-cleanup_9.0.0.224.exe
2014-07-17 17:08 - 2014-07-17 17:08 - 00131095 _____ () C:\Users\***\Downloads\***.de - Rücksendezentrum.htm
2014-06-29 21:10 - 2014-06-29 21:10 - 00000000 ____D () C:\Users\***\Documents\TecmoKoei
2014-06-29 20:13 - 2014-06-29 20:13 - 00000654 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2014-06-29 20:10 - 2014-06-29 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-06-29 18:23 - 2014-06-29 18:23 - 00000000 ____D () C:\Users\***\{f61e8412-1a9e-4215-926c-e70b7baf2ccd}
2014-06-29 17:53 - 2014-06-29 17:54 - 01640984 _____ () C:\Users\***\Downloads\SetupVirtualCloneDrive547.exe
2014-06-29 16:42 - 2014-06-29 16:42 - 00025169 _____ () C:\Users\***\Desktop\20140629.txt
2014-06-29 16:32 - 2014-06-29 16:32 - 00000000 ____D () C:\Users\***\AppData\Roaming\toshiba
2014-06-29 01:20 - 2014-06-29 01:20 - 00001268 _____ () C:\Users\***\Desktop\dsgfsdf.txt
2014-06-29 00:40 - 2014-07-28 14:42 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-29 00:40 - 2014-06-29 00:40 - 00000911 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-29 00:40 - 2014-06-29 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-29 00:39 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-29 00:39 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-28 19:58 - 2014-07-28 19:45 - 00018664 _____ () C:\Users\***\Desktop\FRST.txt
2014-07-28 19:58 - 2014-07-28 19:45 - 00000000 ____D () C:\FRST
2014-07-28 19:57 - 2014-07-28 19:57 - 00000000 ____D () C:\Users\***\Desktop\Neuer Ordner
2014-07-28 19:56 - 2014-07-28 19:56 - 00170734 _____ () C:\Users\***\Desktop\Addition1.txt
2014-07-28 19:56 - 2014-07-28 19:56 - 00028447 _____ () C:\Users\***\Desktop\FRST1.txt
2014-07-28 19:47 - 2014-07-28 19:46 - 00170734 _____ () C:\Users\***\Desktop\Addition.txt
2014-07-28 19:44 - 2014-07-28 19:44 - 01084416 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2014-07-28 19:13 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-28 19:13 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-28 19:05 - 2009-06-30 14:08 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-28 19:02 - 2009-02-20 19:59 - 01251258 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 17:25 - 2014-07-28 17:25 - 00000851 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-28 17:25 - 2013-07-04 01:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-28 17:25 - 2009-04-14 19:10 - 00000000 ____D () C:\Users\***\AppData\Roaming\Mozilla
2014-07-28 17:16 - 2009-06-30 14:08 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-28 17:13 - 2014-07-28 17:13 - 00000574 _____ () C:\Windows\PFRO.log
2014-07-28 17:13 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-28 17:12 - 2006-11-02 15:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-28 16:51 - 2014-07-28 16:50 - 32047680 _____ () C:\Users\***\Downloads\Firefox Setup 31.0.exe
2014-07-28 16:36 - 2014-07-28 16:32 - 32047680 _____ () C:\Users\***\Downloads\Firefox_Setup_de31.0.exe
2014-07-28 16:35 - 2014-07-28 16:33 - 32047680 _____ () C:\Users\***\Downloads\Firefox_Setup_de31.0(1).exe
2014-07-28 15:49 - 2009-06-29 20:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-28 14:42 - 2014-06-29 00:40 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 12:31 - 2014-02-09 16:18 - 00000000 ____D () C:\Users\***\AppData\Roaming\vlc
2014-07-27 22:01 - 2009-02-23 03:59 - 00198656 _____ () C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-19 18:40 - 2014-07-19 18:39 - 29677544 _____ (Mozilla) C:\Users\***\Downloads\Firefox Setup 30.0.exe
2014-07-19 01:31 - 2014-07-19 01:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\***\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-19 01:29 - 2014-07-19 01:24 - 91906368 _____ (AVAST Software) C:\Users\***\Downloads\avast_free_antivirus_setup_9.0.2021.exe
2014-07-19 01:28 - 2014-07-19 01:28 - 00512784 _____ (AVAST Software) C:\Users\***\Downloads\avastclear_9.0.2013.exe.part
2014-07-17 19:40 - 2014-07-17 19:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\***\Downloads\spybot-2.4.exe
2014-07-17 19:31 - 2014-07-17 19:31 - 01348263 _____ () C:\Users\***\Downloads\adwcleaner_3.215.exe
2014-07-17 19:23 - 2014-07-17 19:23 - 02953520 _____ (AVAST Software) C:\Users\***\Downloads\avast-browser-cleanup_9.0.0.224.exe
2014-07-17 17:08 - 2014-07-17 17:08 - 00131095 _____ () C:\Users\***\Downloads\***.de - Rücksendezentrum.htm
2014-07-02 13:31 - 2009-03-01 23:53 - 00007728 _____ () C:\Users\***\AppData\Local\d3d9caps.dat
2014-06-29 21:10 - 2014-06-29 21:10 - 00000000 ____D () C:\Users\***\Documents\TecmoKoei
2014-06-29 20:29 - 2008-01-21 09:16 - 01600466 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-29 20:13 - 2014-06-29 20:13 - 00000654 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2014-06-29 20:13 - 2009-02-20 22:15 - 00000000 ____D () C:\Users\***
2014-06-29 20:10 - 2014-06-29 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-06-29 18:23 - 2014-06-29 18:23 - 00000000 ____D () C:\Users\***\{f61e8412-1a9e-4215-926c-e70b7baf2ccd}
2014-06-29 18:17 - 2010-04-09 13:40 - 00320120 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-06-29 17:59 - 2012-08-10 19:33 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-06-29 17:54 - 2014-06-29 17:53 - 01640984 _____ () C:\Users\***\Downloads\SetupVirtualCloneDrive547.exe
2014-06-29 16:45 - 2008-07-03 10:50 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-29 16:42 - 2014-06-29 16:42 - 00025169 _____ () C:\Users\***\Desktop\20140629.txt
2014-06-29 16:32 - 2014-06-29 16:32 - 00000000 ____D () C:\Users\***\AppData\Roaming\toshiba
2014-06-29 12:15 - 2006-11-02 12:23 - 00450844 ____R () C:\Windows\system32\Drivers\etc\hosts.20140629-122231.backup
2014-06-29 01:20 - 2014-06-29 01:20 - 00001268 _____ () C:\Users\***\Desktop\dsgfsdf.txt
2014-06-29 00:40 - 2014-06-29 00:40 - 00000911 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-29 00:40 - 2014-06-29 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-29 00:40 - 2012-08-10 19:33 - 00000000 ____D () C:\Users\***\AppData\Roaming\Malwarebytes
2014-06-29 00:39 - 2012-08-10 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-29 00:24 - 2010-04-09 13:38 - 00000000 ____D () C:\Users\***\AppData\Roaming\DAEMON Tools Lite
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-28 17:20
==================== End Of Log ============================
--- --- --- |
| Themen zu Cross Scripting Verdacht und Trojanerfunde |
| administrator, anti-malware, autostart, avast, blockiert, browser, dateien, e-mail, ergebnis, explorer, fehlalarm, firefox, gelöscht, icq, infiziert, installation, logfile, löschen, malwarebytes, modem, nicht mehr, ordner, system, vista, windows |
Baum-Darstellung