| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Keylogger oder etwas Anderes 2.0Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.06.2014, 14:30
| #3 |
| |  Keylogger oder etwas Anderes 2.0 Fixlog
__________________Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-06-2014 02
Ran by Name at 2014-06-15 14:59:02 Run:1
Running from C:\Users\Name\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
File: C:\Users\Mayfair2\AppData\Roaming\winlogon.exe
Folder: C:\Users\Mayfair2\AppData\Local\kJKxc2SrE2J0FNouaB
HKLM-x32\...\Run: [Winlogon] => C:\Users\Mayfair2\AppData\Roaming\winlogon.exe [679936 2014-06-14] ()
HKU\S-1-5-21-38518460-617553831-2217780685-1000\...\Run: [Winlogon] => C:\Users\Name\AppData\Roaming\winlogon.exe [679936 2014-06-14] ()
C:\Users\Mayfair2\AppData\Roaming\winlogon.exe
C:\Users\Mayfair2\AppData\Local\kJKxc2SrE2J0FNouaB
*****************
========================= File: C:\Users\Mayfair2\AppData\Roaming\winlogon.exe ========================
MD5: CCB6ACFA577BE95149F8B71B4C2480DC
Creation and modification date: 2014-06-14 17:39 - 2014-06-14 17:24
Size: 0679936
Attributes: ----A
Company Name:
Internal Name: darckcrypt.exe
Original Name: darckcrypt.exe
Product Name:
Description:
File Version: 1.0.0.0
Product Version: 1.0.0.0
Copyright:
====== End Of File: ======
========================= Folder: C:\Users\Mayfair2\AppData\Local\kJKxc2SrE2J0FNouaB ========================
2014-06-14 17:40 - 2014-06-14 17:40 - 0000000 ____D () C:\Users\Mayfair2\AppData\Local\kJKxc2SrE2J0FNouaB\Champion_Picker_v2.exe_Url_ccpaalynb2wogyv4ofp2e3ycpggb41us
2014-06-14 17:40 - 2014-06-14 17:41 - 0000000 ____D () C:\Users\Mayfair2\AppData\Local\kJKxc2SrE2J0FNouaB\Champion_Picker_v2.exe_Url_ccpaalynb2wogyv4ofp2e3ycpggb41us\1.0.0.0
2014-06-14 17:40 - 2014-06-14 17:41 - 0001177 _____ () C:\Users\Mayfair2\AppData\Local\kJKxc2SrE2J0FNouaB\Champion_Picker_v2.exe_Url_ccpaalynb2wogyv4ofp2e3ycpggb41us\1.0.0.0\user.config
====== End of Folder: ======
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Winlogon => value deleted successfully.
HKU\S-1-5-21-38518460-617553831-2217780685-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Winlogon => value deleted successfully.
C:\Users\Mayfair2\AppData\Roaming\winlogon.exe => Moved successfully.
C:\Users\Mayfair2\AppData\Local\kJKxc2SrE2J0FNouaB => Moved successfully.
==== End of Fixlog ====
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
Database version: v2014.06.15.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17126
Name :: NAME-PC [administrator]
15.06.2014 15:06:29
mbar-log-2014-06-15 (15-06-29).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 261283
Time elapsed: 6 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKU\S-1-5-21-38518460-617553831-2217780685-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC (Malware.Trace) -> Delete on reboot. [f3bfef84b8c347ef89bd194afa099a66]
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Users\Name\AppData\Roaming\dclogs (Stolen.Data) -> Delete on reboot. [82307af95c1fd46255b1276b2bd8926e]
Files Detected: 3
C:\Users\Name\AppData\Roaming\dclogs\2014-04-06-1.dc (Stolen.Data) -> Delete on reboot. [82307af95c1fd46255b1276b2bd8926e]
C:\Users\Name\AppData\Roaming\dclogs\2014-04-07-2.dc (Stolen.Data) -> Delete on reboot. [82307af95c1fd46255b1276b2bd8926e]
C:\Users\Name\AppData\Roaming\dclogs\2014-06-14-7.dc (Stolen.Data) -> Delete on reboot. [82307af95c1fd46255b1276b2bd8926e]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
Database version: v2014.06.15.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17126
Name :: NAME-PC [administrator]
15.06.2014 15:18:37
mbar-log-2014-06-15 (15-18-37).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 260761
Time elapsed: 8 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
Baum-Darstellung