| |
| |||||||
Log-Analyse und Auswertung: Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AFWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.01.2015, 13:29
| #1 |
 |  Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AFFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-01-2015
Ran by (administrator) on WEB2-PC on 18-01-2015 11:11:34
Running from C:\Users\\Downloads
Loaded Profiles: & Administrator (Available profiles: WEB2 & & Administrator)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 2\creator-ws.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Piriform Ltd) D:\Programme\CCleaner\CCleaner.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcfgex.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2662424 2014-10-06] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Command Processor: <======= ATTENTION
HKU\S-1-5-21-2674687411-896115206-3012793717-1001\...\Run: [] => [X]
HKU\S-1-5-21-2674687411-896115206-3012793717-1001\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\...\Run: [CCleaner Monitoring] => D:\Programme\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\...\MountPoints2: {586c6e4b-c3db-11e3-ab46-0040053254e7} - H:\unlock.exe autoplay=true
HKU\S-1-5-21-2674687411-896115206-3012793717-500\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2295072 2007-12-05] (Hewlett-Packard Company)
HKU\S-1-5-21-2674687411-896115206-3012793717-500\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
HKU\S-1-5-21-2674687411-896115206-3012793717-500\...\Run: [PC Suite Tray] => "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~1.DLL => C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~1.DLL File Not Found
IFEO\backitup.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\cdspeed.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\coverdes.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\drivespeed.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\infotool.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\lightscribecontrolpanel.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\lslauncher.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\nero.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\nerostartsmart.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\pdf architect 2.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\setupx.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\tomtomhome.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\wdsmartware.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe (Samsung Electronics Co., Ltd.)
ShellIconOverlayIdentifiers: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => No File
BootExecute: autocheck autochk /r \??\L:autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-2674687411-896115206-3012793717-1001] => http=;ftp=;https=;
ProxyServer: [S-1-5-21-2674687411-896115206-3012793717-1003] => localhost:8080
HKU\S-1-5-21-2674687411-896115206-3012793717-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2674687411-896115206-3012793717-500 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2674687411-896115206-3012793717-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2674687411-896115206-3012793717-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2674687411-896115206-3012793717-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: - {56F9679E-7826-4C84-81F3-532071A8BCC5} - No File [ ]
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
FireFox:
========
FF ProfilePath: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default
FF NewTab: hxxp://search.conduit.com/?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&ISID=M69DB71F0-F5CD-461A-A83E-7A42A67B3172&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP4CC2324E-7C07-4AB4-85E7-6FF4018BF983
FF SelectedSearchEngine: Conduit Search
FF Homepage: https://www.google.de/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> L:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\3.2.0\\npsitesafety.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF user.js: detected! => C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\user.js
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: HTTPS-Everywhere - C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\Extensions\https-everywhere@eff.org [2014-10-17]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}(2) [2014-04-14]
FF Extension: NoScript - C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-18]
FF Extension: Adblock Plus - C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-14]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Web TuneUp\FireFoxExt\3.2.0.18
FF Extension: AVG Web TuneUp - C:\ProgramData\AVG Web TuneUp\FireFoxExt\3.2.0.18 [2014-10-06]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
CHR Extension: (Google Drive) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (YouTube) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
CHR Extension: (Win7 Scrollbars) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifcnoebhbpdndjendfkpehpfbglgfkc [2014-04-14]
CHR Extension: (Google-Suche) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
CHR Extension: (Google Wallet) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Google Mail) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.0.5.292\avg.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe [800040 2007-09-17] (Nero AG)
S4 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files\PDF Architect 2\creator-ws.exe [738856 2014-06-26] (pdfforge GmbH)
S4 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [379952 2013-05-23] (Samsung Electronics Co., Ltd.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 TomTomHOMEService; D:\Programme\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-08-27] (TomTom)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)
R2 vToolbarUpdater3.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [1843736 2014-08-30] (AVG Secure Search)
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [238592 2011-03-09] (WDC) [File not signed]
S4 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1060864 2011-03-09] () [File not signed]
S4 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2011-03-09] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [136488 2014-12-23] (SlySoft, Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-30] (AVG Technologies)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2014-04-18] (Phoenix Technologies) [File not signed]
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [25600 2010-05-07] (eMPIA Technology, Inc.)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-05-24] (Samsung Electronics) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-06-23] (TuneUp Software)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [583552 2014-04-15] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [840960 2014-04-15] (eMPIA Technology, Inc.)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-18 11:11 - 2015-01-18 11:12 - 00020105 _____ () C:\Users\Bade\Downloads\FRST.txt
2015-01-18 11:09 - 2015-01-18 11:11 - 00000000 ____D () C:\FRST
2015-01-18 11:07 - 2015-01-18 11:07 - 01117696 _____ (Farbar) C:\Users\Bade\Downloads\FRST.exe
2015-01-18 11:04 - 2015-01-18 11:05 - 00000470 _____ () C:\Users\Bade\Downloads\defogger_disable.log
2015-01-18 11:04 - 2015-01-18 11:04 - 00000000 _____ () C:\Users\Bade\defogger_reenable
2015-01-18 11:02 - 2015-01-18 11:02 - 00050477 _____ () C:\Users\Bade\Downloads\Defogger.exe
2015-01-18 10:13 - 2015-01-18 10:13 - 00243728 _____ () C:\Users\Bade\Downloads\Firefox Setup Stub 35.0.exe
2015-01-14 11:44 - 2015-01-14 11:51 - 125285624 _____ (Microsoft Corporation) C:\Users\Bade\Downloads\msert ms safety scanner.exe
2015-01-14 11:36 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 11:36 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 11:36 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 11:36 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 11:36 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:36 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-10 13:35 - 2015-01-10 13:35 - 00000000 ____D () C:\Users\Bade\Documents\ProcAlyzer Dumps
2015-01-10 11:28 - 2015-01-10 11:33 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-10 11:28 - 2015-01-10 11:28 - 00002137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-10 11:28 - 2015-01-10 11:28 - 00002125 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-10 11:28 - 2015-01-10 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-10 11:22 - 2015-01-10 11:25 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Bade\Downloads\spybot-2.4.exe
2014-12-24 09:28 - 2014-12-24 09:29 - 11604456 _____ () C:\Users\Bade\Downloads\SetupAnyDVD7550.exe
2014-12-23 16:41 - 2014-12-23 16:41 - 00136488 _____ (SlySoft, Inc.) C:\Windows\system32\Drivers\AnyDVD.sys
2014-12-22 08:03 - 2015-01-16 10:45 - 00041372 _____ () C:\Windows\PFRO.log
2014-12-21 09:39 - 2015-01-18 10:03 - 00001400 _____ () C:\Windows\setupact.log
2014-12-21 09:39 - 2014-12-21 09:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-20 23:31 - 2014-12-20 23:31 - 00030616 _____ (Elaborate Bytes AG) C:\Windows\system32\Drivers\ElbyCDIO.sys
2014-12-20 09:54 - 2014-12-20 09:54 - 05317104 _____ (Piriform Ltd) C:\Users\Bade\Downloads\ccsetup501.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-18 11:04 - 2014-04-14 14:20 - 00000000 ____D () C:\Users\Bade
2015-01-18 10:27 - 2014-10-01 11:12 - 00000000 ____D () C:\Users\Bade\AppData\Local\Adobe
2015-01-18 10:27 - 2014-04-18 08:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-18 10:27 - 2014-04-18 08:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-18 10:17 - 2014-12-12 18:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-18 10:17 - 2014-07-26 08:49 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-18 10:17 - 2014-07-26 08:49 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-18 10:17 - 2014-04-14 14:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-18 10:14 - 2014-05-11 09:26 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 10:10 - 2009-07-14 05:34 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 10:10 - 2009-07-14 05:34 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 10:09 - 2014-04-14 14:22 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-18 10:09 - 2014-04-14 13:05 - 01916013 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 10:03 - 2014-05-11 09:26 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 10:03 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 08:42 - 2014-10-22 11:31 - 00000957 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-17 08:42 - 2014-04-15 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-15 17:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-15 13:58 - 2010-11-20 22:01 - 01593956 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 12:00 - 2014-04-14 14:22 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-14 11:57 - 2014-04-14 17:41 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:37 - 2014-04-14 17:41 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 13:33 - 2014-04-14 19:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-05 10:54 - 2014-04-14 17:57 - 00000000 ____D () C:\Users\Bade\AppData\Local\Thunderbird
2014-12-24 09:31 - 2013-10-16 14:28 - 00000757 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
2014-12-20 09:58 - 2010-11-09 09:17 - 00000671 _____ () C:\Users\Public\Desktop\CCleaner.lnk
==================== Files in the root of some directories =======
2013-10-16 14:27 - 2013-10-16 14:32 - 0000088 __SHC () C:\ProgramData\.zreglib
2014-04-14 17:51 - 2014-04-14 17:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-16 23:09 - 2014-04-16 23:09 - 0000048 _____ () C:\ProgramData\dummy.txt
2010-01-05 10:25 - 2010-01-05 10:25 - 0005048 ____C () C:\ProgramData\mtbjfghn.xbe
2010-01-24 11:39 - 2014-11-07 13:58 - 0000020 ____H () C:\ProgramData\PKP_DLec.DAT
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\NEventMessages.dll
C:\Users\Administrator\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\WEB2\AppData\Local\Temp\NOSEventMessages.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 23:00
==================== End Of Log ============================
Hallo everybody - habe nach verdächtigen Pop-ups beim Surfen erstmals nach Jahren einen Microsoft Safety Scan zusätzlich zu AVG & Spybot gefahren - dabei wurden 2 Vorkommnisse entdeckt und AVG meldete kurz darauf über den Resident Schutz die Infektionen laut Anlage . Da der Generic als Trojaner identifiziert wurde, habe ich für beide - wie empfohlen - die Sandbox aktiviert und im darauffolgenden Rundum Scan hat AVG alles clean gemeldet. Ein zweiter Tiefenroo0tscan von Spybot zeigte aber nach wie vor die gleichen Rootkitmeldungen an. Scheint also doch erweiterte cleaning Aktion neben sandboxing erforderlich zu sein. Deshalb benötige ich Hilfte. Ich habe bereits defogging und FRST laufen lassen. wenns klappt wie folgt Logfiles: |
| Themen zu Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF |
| .dll, anlage, avg, browser, ccsetup, defender, desktop, explorer, firefox, ftp, helper, home, homepage, mozilla, newtab, registry, rundll, scan, schutz, secure search, services.exe, software, svchost.exe, system, temp, trojaner, usb, vtoolbarupdater, windows, winlogon.exe |
Baum-Darstellung