Der paysafecard Trojaner

BastusHGW · 15.10.2013, 10:27

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-853A8NF on 15-10-2013 11:08:56
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKU\Sebastian\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\Sebastian\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1813928 2013-10-09] (Valve Corporation)
HKU\Sebastian\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3551576 2013-09-30] (Electronic Arts)
HKU\Sebastian\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135672 2013-09-29] (PC Utilities Pro)
HKU\Sebastian\...\Winlogon: [Shell] explorer.exe,C:\Users\Sebastian\AppData\Roaming\data.dat [192512 2013-08-29] () <==== ATTENTION 
AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL [2603312 2013-10-14] ()
AppInit_DLLs-x32: c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll  c:\progra~2\optimi~1\optpro~1.dll [2869720 2013-10-03] ()

==================== Services (Whitelisted) =================

S2 70e6ca8c; c:\progra~2\optimi~1\OptProCrash.exe [143488 2013-10-14] ()
S2 BitGuard; C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2845664 2013-09-23] ()
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-14] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-14] (BonanzaDeals)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-07-12] ()
S2 Update Whilokii; C:\Program Files (x86)\Whilokii\updateWhilokii.exe [65304 2013-10-05] (Whilokii)
S2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2013-03-21] ()
S2 WajamUpdaterV2; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV2.exe [113152 2013-10-10] (Wajam)
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [1706064 2013-10-14] (Wsys Co., Ltd.)

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2013-07-19] ()
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-06-13] (Etron Technology Inc)
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [77040 2012-11-02] (Fresco Logic)
S0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46016 2012-07-24] ()
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [39704 2012-10-31] (Atheros)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2013-07-19] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-05-14] ()
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
S3 qca_shb; C:\Windows\system32\drivers\qca_shb.sys [99328 2012-10-31] (Qualcomm Atheros Communications Inc.)
S3 rusb3hub; C:\Windows\system32\drivers\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\system32\drivers\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-15 11:08 - 2013-10-15 11:08 - 00000000 ____D C:\FRST
2013-10-15 09:34 - 2013-10-15 10:00 - 00000004 _____ C:\Users\Sebastian\AppData\Roaming\settings.ini
2013-10-15 08:18 - 2013-10-15 10:00 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-10-14 21:45 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-14 21:45 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-14 21:45 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-14 21:45 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-14 21:45 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-14 21:45 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-14 21:45 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-14 21:45 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-14 21:45 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-14 21:45 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-14 21:45 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-14 21:45 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-14 21:45 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-14 21:45 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-14 21:45 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-14 21:45 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-14 21:45 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-14 21:45 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-14 21:45 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-14 21:45 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-14 21:45 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-14 21:45 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-14 21:45 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-14 21:45 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-14 21:45 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-14 21:45 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-14 21:45 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-14 21:45 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-14 21:45 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-14 21:45 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-14 21:45 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-14 21:35 - 2013-10-14 21:35 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-10-14 21:35 - 2013-10-14 21:35 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-10-14 15:24 - 2013-10-14 15:24 - 00000000 ____D C:\Users\Sebastian\Documents\Optimizer Pro
2013-10-14 15:24 - 2013-10-14 15:24 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Optimizer Pro
2013-10-14 15:22 - 2013-10-15 09:03 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Skype
2013-10-14 15:22 - 2013-10-14 15:22 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-10-14 15:22 - 2013-10-14 15:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-14 15:21 - 2013-10-14 15:22 - 00000000 ____D C:\ProgramData\Skype
2013-10-14 15:20 - 2013-10-14 15:21 - 32542880 _____ (Skype Technologies S.A.) C:\Users\Sebastian\Downloads\Skype69SetupFull.exe
2013-10-14 15:19 - 2013-10-14 15:19 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Amazon Browser Bar
2013-10-14 15:18 - 2013-10-14 15:19 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-10-14 15:18 - 2013-10-14 15:19 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Bar
2013-10-14 15:18 - 2013-10-14 15:18 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.6444.dll
2013-10-14 15:18 - 2013-10-14 15:18 - 00000000 ____D C:\Program Files (x86)\Whilokii
2013-10-14 15:17 - 2013-10-15 08:46 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-14 15:16 - 2013-10-15 09:58 - 00000928 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-10-14 15:16 - 2013-10-15 09:58 - 00000000 ____D C:\ProgramData\eSafe
2013-10-14 15:16 - 2013-10-15 09:21 - 00000932 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-10-14 15:16 - 2013-10-15 08:24 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Systweak
2013-10-14 15:16 - 2013-10-14 15:18 - 00003538 _____ C:\Windows\System32\Tasks\UpdaterEX
2013-10-14 15:16 - 2013-10-14 15:16 - 00003928 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
2013-10-14 15:16 - 2013-10-14 15:16 - 00003676 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
2013-10-14 15:16 - 2013-10-14 15:16 - 00003410 _____ C:\Windows\System32\Tasks\EPUpdater
2013-10-14 15:16 - 2013-10-14 15:16 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\UpdaterEX
2013-10-14 15:16 - 2013-10-14 15:16 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\BabSolution
2013-10-14 15:16 - 2013-10-14 15:16 - 00000000 ____D C:\Users\Sebastian\AppData\Local\BonanzaDealsLive
2013-10-14 15:16 - 2013-10-14 15:16 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-10-14 15:16 - 2013-10-14 15:16 - 00000000 ____D C:\ProgramData\BitGuard
2013-10-14 15:16 - 2013-10-14 15:16 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-10-14 15:16 - 2013-10-14 15:16 - 00000000 ____D C:\Program Files (x86)\searchgol
2013-10-14 15:16 - 2013-10-14 15:16 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-10-14 15:16 - 2013-07-22 15:07 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\System32\roboot64.exe
2013-10-14 15:15 - 2013-10-14 15:15 - 00003394 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-10-14 15:15 - 2013-10-14 15:15 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Google
2013-10-14 15:15 - 2013-10-14 15:15 - 00000000 ____D C:\ProgramData\Babylon
2013-10-14 15:15 - 2013-10-14 15:15 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-10-14 10:25 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-10-14 10:25 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-14 10:25 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-10-14 10:25 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-14 10:25 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-14 10:25 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-10-14 10:25 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2013-10-14 10:25 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-10-14 10:25 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2013-10-14 10:25 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-14 10:25 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-14 10:25 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-14 10:25 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-14 10:25 - 2013-08-29 02:50 - 00192512 _____ C:\Users\Sebastian\AppData\Roaming\data.dat
2013-10-14 10:25 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-14 10:25 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-14 10:25 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-14 10:25 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-14 10:25 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-14 10:25 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-14 10:25 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-14 10:25 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-10-14 10:25 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-14 10:25 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-14 10:25 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-14 10:25 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-14 10:25 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-10-14 10:25 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-14 10:25 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-10-14 10:25 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-14 10:25 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-14 10:25 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-14 10:25 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-10-14 10:25 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-14 10:25 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-14 10:25 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-14 10:25 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-14 10:25 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-14 10:25 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-14 10:25 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-14 10:25 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-14 10:25 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-14 10:25 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-14 10:25 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-14 10:25 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-14 10:25 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-01 16:13 - 2013-10-01 16:13 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Guild Wars 2
2013-09-30 21:56 - 2013-10-14 15:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-15 11:08 - 2013-10-15 11:08 - 00000000 ____D C:\FRST
2013-10-15 10:00 - 2013-10-15 09:34 - 00000004 _____ C:\Users\Sebastian\AppData\Roaming\settings.ini
2013-10-15 10:00 - 2013-10-15 08:18 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-10-15 09:58 - 2013-10-14 15:16 - 00000928 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-10-15 09:58 - 2013-10-14 15:16 - 00000000 ____D C:\ProgramData\eSafe
2013-10-15 09:58 - 2013-06-28 16:55 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-15 09:58 - 2013-06-28 16:45 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-15 09:58 - 2013-06-26 10:23 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-15 09:58 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-15 09:58 - 2009-07-14 05:51 - 00048098 _____ C:\Windows\setupact.log
2013-10-15 09:51 - 2013-06-28 16:19 - 01305671 _____ C:\Windows\WindowsUpdate.log
2013-10-15 09:51 - 2009-07-14 05:45 - 00031856 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-15 09:51 - 2009-07-14 05:45 - 00031856 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-15 09:42 - 2010-11-21 07:50 - 00697072 _____ C:\Windows\System32\perfh007.dat
2013-10-15 09:42 - 2010-11-21 07:50 - 00148110 _____ C:\Windows\System32\perfc007.dat
2013-10-15 09:42 - 2009-07-14 06:13 - 01614036 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-15 09:21 - 2013-10-14 15:16 - 00000932 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-10-15 09:03 - 2013-10-14 15:22 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Skype
2013-10-15 08:46 - 2013-10-14 15:17 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-15 08:24 - 2013-10-14 15:16 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Systweak
2013-10-15 08:20 - 2009-07-14 05:45 - 00275856 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-15 08:15 - 2010-11-21 04:47 - 00134404 _____ C:\Windows\PFRO.log
2013-10-14 21:44 - 2013-07-12 13:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-14 21:44 - 2013-07-12 13:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-14 21:43 - 2012-01-13 14:27 - 01590994 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-14 21:35 - 2013-10-14 21:35 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-10-14 21:35 - 2013-10-14 21:35 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-10-14 15:24 - 2013-10-14 15:24 - 00000000 ____D C:\Users\Sebastian\Documents\Optimizer Pro
2013-10-14 15:24 - 2013-10-14 15:24 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Optimizer Pro
2013-10-14 15:22 - 2013-10-14 15:22 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-10-14 15:22 - 2013-10-14 15:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-14 15:22 - 2013-10-14 15:21 - 00000000 ____D C:\ProgramData\Skype
2013-10-14 15:21 - 2013-10-14 15:20 - 32542880 _____ (Skype Technologies S.A.) C:\Users\Sebastian\Downloads\Skype69SetupFull.exe
2013-10-14 15:19 - 2013-10-14 15:19 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Amazon Browser Bar
2013-10-14 15:19 - 2013-10-14 15:18 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-10-14 15:19 - 2013-10-14 15:18 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Bar
2013-10-14 15:18 - 2013-10-14 15:18 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.6444.dll
2013-10-14 15:18 - 2013-10-14 15:18 - 00000000 ____D C:\Program Files (x86)\Whilokii
2013-10-14 15:18 - 2013-10-14 15:16 - 00003538 _____ C:\Windows\System32\Tasks\UpdaterEX
2013-10-14 15:16 - 2013-10-14 15:16 - 00003928 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
2013-10-14 15:16 - 2013-10-14 15:16 - 00003676 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
2013-10-14 15:16 - 2013-10-14 15:16 - 00003410 _____ C:\Windows\System32\Tasks\EPUpdater
2013-10-14 15:16 - 2013-10-14 15:16 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\UpdaterEX
2013-10-14 15:16 - 2013-10-14 15:16 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\BabSolution
2013-10-14 15:16 - 2013-10-14 15:16 - 00000000 ____D C:\Users\Sebastian\AppData\Local\BonanzaDealsLive
2013-10-14 15:16 - 2013-10-14 15:16 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-10-14 15:16 - 2013-10-14 15:16 - 00000000 ____D C:\ProgramData\BitGuard
2013-10-14 15:16 - 2013-10-14 15:16 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-10-14 15:16 - 2013-10-14 15:16 - 00000000 ____D C:\Program Files (x86)\searchgol
2013-10-14 15:16 - 2013-10-14 15:16 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-10-14 15:16 - 2013-09-30 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-14 15:16 - 2013-06-28 16:30 - 00001443 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-14 15:16 - 2013-06-28 16:19 - 00001705 _____ C:\Users\Sebastian\Desktop\Internet Explorer.lnk
2013-10-14 15:15 - 2013-10-14 15:15 - 00003394 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-10-14 15:15 - 2013-10-14 15:15 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Google
2013-10-14 15:15 - 2013-10-14 15:15 - 00000000 ____D C:\ProgramData\Babylon
2013-10-14 15:15 - 2013-10-14 15:15 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-10-06 18:01 - 2013-06-28 16:35 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-10-06 17:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2013-10-02 12:29 - 2013-08-22 16:58 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\SoftGrid Client
2013-10-02 08:51 - 2013-06-28 16:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-01 16:13 - 2013-10-01 16:13 - 00000000 ____D C:\Users\Sebastian\AppData\Roaming\Guild Wars 2
2013-10-01 16:13 - 2013-07-22 11:59 - 00000000 ____D C:\Users\Sebastian\Documents\Guild Wars 2
2013-10-01 07:18 - 2013-06-28 16:31 - 00000000 ____D C:\Users\Sebastian\AppData\Local\Mozilla
2013-09-23 00:28 - 2013-10-14 21:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 00:28 - 2013-10-14 21:45 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 00:27 - 2013-10-14 21:45 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 00:27 - 2013-10-14 21:45 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 00:27 - 2013-10-14 21:45 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 00:27 - 2013-10-14 21:45 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 00:27 - 2013-10-14 21:45 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 00:27 - 2013-10-14 21:45 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 00:27 - 2013-10-14 21:45 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 00:27 - 2013-10-14 21:45 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 00:27 - 2013-10-14 21:45 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 00:27 - 2013-10-14 21:45 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 00:27 - 2013-10-14 21:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-22 23:55 - 2013-10-14 21:45 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-22 23:55 - 2013-10-14 21:45 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-22 23:55 - 2013-10-14 21:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-22 23:54 - 2013-10-14 21:45 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-22 23:54 - 2013-10-14 21:45 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-22 23:54 - 2013-10-14 21:45 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-22 23:54 - 2013-10-14 21:45 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-22 23:54 - 2013-10-14 21:45 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-22 23:54 - 2013-10-14 21:45 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-22 23:54 - 2013-10-14 21:45 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-22 23:54 - 2013-10-14 21:45 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-22 23:54 - 2013-10-14 21:45 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-22 23:54 - 2013-10-14 21:45 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-22 23:54 - 2013-10-14 21:45 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-21 04:38 - 2013-10-14 21:45 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-21 04:30 - 2013-10-14 21:45 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 03:48 - 2013-10-14 21:45 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 03:39 - 2013-10-14 21:45 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-17 15:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache

Files to move or delete:
====================
C:\Users\Sebastian\AppData\Roaming\data.dat
C:\Users\Sebastian\AppData\Roaming\settings.ini
C:\Users\Public\AlexaNSISPlugin.6444.dll
C:\Users\Sebastian\AppData\Roaming\i.ini


Some content of TEMP:
====================
C:\Users\Sebastian\AppData\Local\Temp\BackupSetup.exe
C:\Users\Sebastian\AppData\Local\Temp\brxnaunykr.exe
C:\Users\Sebastian\AppData\Local\Temp\Gw2.exe
C:\Users\Sebastian\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Sebastian\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Sebastian\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Sebastian\AppData\Local\Temp\nvStInst.exe
C:\Users\Sebastian\AppData\Local\Temp\vcredist_x64.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

5
Restore point made on: 2013-09-29 08:41:55
Restore point made on: 2013-10-01 22:00:45
Restore point made on: 2013-10-05 07:48:30
Restore point made on: 2013-10-14 10:21:41
Restore point made on: 2013-10-14 21:35:34

==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 4078.12 MB
Available physical RAM: 3501.75 MB
Total Pagefile: 4076.32 MB
Available Pagefile: 3486.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:200 GB) (Free:88.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:731.51 GB) (Free:701.98 GB) NTFS
Drive f: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2C780479)
Partition 1: (Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=732 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2013-10-02 14:44

==================== End Of Log ============================

Der paysafecard Trojaner

Log-Analyse und Auswertung: Der paysafecard Trojaner

Der paysafecard Trojaner

Ähnliche Themen: Der paysafecard Trojaner