Trojaner windows7 64bit, 100€Mahnung wegen angeblicher Urheberrechtsverletzung, sperrbildschirm

mallemaus · 08.10.2013, 14:45

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-284DM4O on 08-10-2013 15:29:07
Running from D:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2801288 2011-05-31] (Sony Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKU\mallemaus\...\Run: [Phase88FireWireService] - C:\Program Files (x86)\Common Files\TerraTec\PhaseFW\driver\PhaseFWService.exe [102400 2005-01-27] (TerraTec Electronic GmbH)
HKU\mallemaus\...\Run: [Spotify Web Helper] - C:\Users\mallemaus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-07] (Spotify Ltd)
Startup: C:\Users\mallemaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\mallemaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wljlc4lrj.lnk
ShortcutTarget: wljlc4lrj.lnk -> C:\PROGRA~3\jrl4cljlw.plz ()

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-07-05] (Atheros)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)
S2 Winmgmt; C:\PROGRA~3\wljlc4lrj.pzz [60512 2013-10-08] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~3\wljlc4lrj.pzz [60512 2013-10-08] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-02] (Avira Operations GmbH & Co. KG)
S1 cdrblock; C:\Windows\System32\DRIVERS\cdrblock.sys [34360 2008-05-30] (Canopus Co,. Ltd.)
S3 KeyControl25; C:\Windows\System32\drivers\esikey25.sys [36448 2010-07-22] (ESI)
S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio)
S2 risdsnpe; C:\Windows\System32\DRIVERS\risdsnxc64.sys [98816 2011-06-23] (REDC)
S3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [765288 2011-10-01] (Microsoft Corporation)
S3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [268648 2011-10-01] (Microsoft Corporation)
S3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [25960 2011-10-01] (Microsoft Corporation)
S3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [22376 2011-10-01] (Microsoft Corporation)
S0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2012-01-17] (Acronis)
S3 TTPhase1394; C:\Windows\System32\Drivers\TTPhase1394.sys [183328 2007-06-23] (BridgeCo AG)
S3 TTPhaseA; C:\Windows\System32\Drivers\TTPhaseA.sys [68640 2007-06-23] (BridgeCo AG)
S4 aksfridge; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-08 15:18 - 2013-10-08 15:18 - 00000000 ____D C:\FRST
2013-10-08 13:17 - 2013-10-08 14:08 - 95025368 ____T C:\ProgramData\wljlc4lrj.pff
2013-10-08 13:17 - 2013-10-08 14:08 - 00000000 _____ C:\ProgramData\wljlc4lrj.ctrl
2013-10-08 13:17 - 2013-10-08 13:17 - 00104960 _____ C:\ProgramData\jrl4cljlw.plz
2013-10-08 13:17 - 2013-10-08 13:17 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\wljlc4lrj.pzz
2013-10-08 13:16 - 2013-10-08 13:16 - 00000000 ____D C:\Windows\Sun
2013-10-08 10:15 - 2013-10-08 10:15 - 00000146 _____ C:\Users\mallemaus\Desktop\Sound - Verknüpfung.lnk
2013-10-07 18:59 - 2013-10-07 18:59 - 00000000 ____D C:\Users\mallemaus\AppData\Local\{6FF85131-CF1B-4FA3-B039-143C393F306C}
2013-10-01 09:33 - 2013-10-01 09:33 - 00000000 ____D C:\Users\mallemaus\AppData\Local\{A9CC2940-070F-431F-A02D-3599D4933A49}
2013-09-26 11:18 - 2013-10-08 12:08 - 00000000 ____D C:\Users\mallemaus\AppData\Roaming\vlc
2013-09-26 11:18 - 2013-09-26 11:18 - 00001108 _____ C:\Users\Public\Desktop\VLC media player.lnk

==================== One Month Modified Files and Folders =======

2013-10-08 15:18 - 2013-10-08 15:18 - 00000000 ____D C:\FRST
2013-10-08 14:08 - 2013-10-08 13:17 - 95025368 ____T C:\ProgramData\wljlc4lrj.pff
2013-10-08 14:08 - 2013-10-08 13:17 - 00000000 _____ C:\ProgramData\wljlc4lrj.ctrl
2013-10-08 14:08 - 2013-07-13 09:06 - 00037183 _____ C:\Windows\setupact.log
2013-10-08 14:08 - 2013-02-09 20:21 - 00000000 ____D C:\Users\mallemaus\AppData\Roaming\Dropbox
2013-10-08 13:38 - 2009-07-14 05:45 - 00020992 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-08 13:38 - 2009-07-14 05:45 - 00020992 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-08 13:20 - 2013-02-09 20:22 - 00000000 ___RD C:\Users\mallemaus\Dropbox
2013-10-08 13:17 - 2013-10-08 13:17 - 00104960 _____ C:\ProgramData\jrl4cljlw.plz
2013-10-08 13:17 - 2013-10-08 13:17 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\wljlc4lrj.pzz
2013-10-08 13:16 - 2013-10-08 13:16 - 00000000 ____D C:\Windows\Sun
2013-10-08 13:06 - 2011-10-06 04:00 - 00697534 _____ C:\Windows\System32\perfh007.dat
2013-10-08 13:06 - 2011-10-06 04:00 - 00148540 _____ C:\Windows\System32\perfc007.dat
2013-10-08 13:06 - 2009-07-14 06:13 - 01614892 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-08 12:09 - 2011-11-20 17:11 - 00000000 ____D C:\Users\mallemaus\AppData\Roaming\SoftGrid Client
2013-10-08 12:08 - 2013-09-26 11:18 - 00000000 ____D C:\Users\mallemaus\AppData\Roaming\vlc
2013-10-08 10:15 - 2013-10-08 10:15 - 00000146 _____ C:\Users\mallemaus\Desktop\Sound - Verknüpfung.lnk
2013-10-08 07:35 - 2012-06-19 00:04 - 00000000 ____D C:\Users\mallemaus\AppData\Local\CrashDumps
2013-10-07 19:20 - 2013-07-11 17:10 - 00000000 ____D C:\Users\mallemaus\AppData\Roaming\Spotify
2013-10-07 18:59 - 2013-10-07 18:59 - 00000000 ____D C:\Users\mallemaus\AppData\Local\{6FF85131-CF1B-4FA3-B039-143C393F306C}
2013-10-07 18:58 - 2013-07-11 17:10 - 00000000 ____D C:\Users\mallemaus\AppData\Local\Spotify
2013-10-01 09:33 - 2013-10-01 09:33 - 00000000 ____D C:\Users\mallemaus\AppData\Local\{A9CC2940-070F-431F-A02D-3599D4933A49}
2013-09-26 11:18 - 2013-09-26 11:18 - 00001108 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-26 11:15 - 2012-04-07 21:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-26 11:15 - 2012-04-07 21:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-26 11:15 - 2011-10-05 18:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\jrl4cljlw.plz
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\ProgramData\wljlc4lrj.ctrl
C:\ProgramData\wljlc4lrj.pff


Some content of TEMP:
====================
C:\Users\mallemaus\AppData\Local\Temp\ijl11.dll
C:\Users\mallemaus\AppData\Local\Temp\pegavi.dll
C:\Users\mallemaus\AppData\Local\Temp\pegcore.dll
C:\Users\mallemaus\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\mallemaus\AppData\Local\Temp\~tmf7702404795667212206.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

9
Restore point made on: 2013-06-20 18:35:02
Restore point made on: 2013-06-20 18:41:37
Restore point made on: 2013-06-20 18:42:05
Restore point made on: 2013-06-20 18:42:21
Restore point made on: 2013-06-20 22:34:45
Restore point made on: 2013-06-20 22:38:46
Restore point made on: 2013-06-23 16:53:24
Restore point made on: 2013-07-15 14:59:33
Restore point made on: 2013-07-30 12:28:56

==================== Memory info =========================== 

Percentage of memory in use: 12%
Total physical RAM: 6125.22 MB
Available physical RAM: 5368.88 MB
Total Pagefile: 6123.42 MB
Available Pagefile: 5356.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:302.36 GB) (Free:88.81 GB) NTFS
Drive d: (KINGSTON) (Removable) (Total:14.53 GB) (Free:10.8 GB) NTFS
Drive e: (Volume) (Fixed) (Total:275.44 GB) (Free:47.35 GB) NTFS
Drive g: (Recovery) (Fixed) (Total:18.27 GB) (Free:1.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 4D8196D3)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=302 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=275 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS)


LastRegBack: 2013-06-22 18:54

==================== End Of Log ============================

Trojaner windows7 64bit, 100€Mahnung wegen angeblicher Urheberrechtsverletzung, sperrbildschirm

Log-Analyse und Auswertung: Trojaner windows7 64bit, 100€Mahnung wegen angeblicher Urheberrechtsverletzung, sperrbildschirm

Trojaner windows7 64bit, 100€Mahnung wegen angeblicher Urheberrechtsverletzung, sperrbildschirm

Ähnliche Themen: Trojaner windows7 64bit, 100€Mahnung wegen angeblicher Urheberrechtsverletzung, sperrbildschirm