| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner, der Spammails verschicktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.08.2014, 12:53
| #9 |
 |  Trojaner, der Spammails verschickt FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Sascha (administrator) on SASCHA-PC on 07-08-2014 13:47:38
Running from C:\Users\Sascha\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Hama\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Hama\Common\RaRegistry64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Hama\Common\RaUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Samsung Electronics Co., Ltd.) F:\Programme\Kies\KiesTrayAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [KiesTrayAgent] => F:\Programme\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2178990997-2898133636-4236303039-1000\...\Run: [EADM] => F:\Spiele\Origin\Origin.exe [3595608 2014-07-26] (Electronic Arts)
HKU\S-1-5-21-2178990997-2898133636-4236303039-1000\...\Run: [Steam] => F:\Spiele\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-2178990997-2898133636-4236303039-1000\...\Policies\system: [DisableLockWorkstation] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
ShortcutTarget: Hama Wireless LAN Utility.lnk -> C:\Program Files (x86)\Hama\Common\RaUI.exe (Ralink Technology, Corp.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB6686B0E66B0CE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {BC282D49-DBE7-4cde-A4CA-C7F07227FDD1} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\ttn4rkj9.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> F:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\ttn4rkj9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-07] () [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-27] ()
R2 RalinkRegistryWriter; C:\Program Files (x86)\Hama\Common\RaRegistry.exe [193888 2010-06-01] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Hama\Common\RaRegistry64.exe [211296 2010-06-01] (Ralink Technology, Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-10] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-04-12] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-04-12] (FNet Co., Ltd.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-07 13:40 - 2014-08-07 13:40 - 00000756 _____ () C:\Users\Sascha\Desktop\JRT.txt
2014-08-07 13:33 - 2014-08-07 13:33 - 01016261 _____ (Thisisu) C:\Users\Sascha\Desktop\JRT.exe
2014-08-07 13:33 - 2014-08-07 13:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-07 13:28 - 2014-08-07 13:28 - 01475072 _____ () C:\Users\Sascha\Desktop\adwcleaner_3.303.exe
2014-08-07 13:27 - 2014-08-07 13:27 - 00001159 _____ () C:\Users\Sascha\Desktop\mbam.txt
2014-08-07 01:48 - 2014-08-07 01:48 - 00000888 _____ () C:\Users\Sascha\Desktop\Cop-Dm_Keybinder starten.lnk
2014-08-06 16:59 - 2014-08-06 16:59 - 00014421 _____ () C:\ComboFix.txt
2014-08-06 16:36 - 2014-08-06 16:59 - 00000000 ____D () C:\Qoobox
2014-08-06 16:36 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-06 16:36 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-06 16:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-06 16:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-06 16:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-06 16:36 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-06 16:36 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-06 16:36 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-06 16:35 - 2014-08-06 16:58 - 00000000 ____D () C:\Windows\erdnt
2014-08-06 16:33 - 2014-08-06 16:33 - 05567759 ____R (Swearware) C:\Users\Sascha\Desktop\ComboFix.exe
2014-08-05 22:35 - 2014-08-07 02:31 - 00000000 ____D () C:\Users\Sascha\Documents\Loeh-Keybinder
2014-08-04 20:54 - 2014-08-07 13:47 - 00014596 _____ () C:\Users\Sascha\Desktop\FRST.txt
2014-08-04 20:54 - 2014-08-04 20:55 - 00040822 _____ () C:\Users\Sascha\Desktop\Addition.txt
2014-08-04 20:53 - 2014-08-07 13:47 - 00000000 ____D () C:\FRST
2014-08-04 20:53 - 2014-08-04 20:53 - 02094080 _____ (Farbar) C:\Users\Sascha\Desktop\FRST64.exe
2014-08-04 19:57 - 2014-08-05 22:40 - 00000948 _____ () C:\Users\Sascha\Desktop\DM-Keybinder.lnk
2014-08-04 19:57 - 2014-08-05 22:40 - 00000000 ____D () C:\Users\Sascha\Documents\DM-Keybinder von Alan.Miller
2014-08-04 19:57 - 2014-08-04 20:06 - 00000048 _____ () C:\Users\Sascha\Desktop\Update.ini
2014-08-04 19:06 - 2014-08-07 13:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 19:05 - 2014-08-04 19:05 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-04 19:05 - 2014-08-04 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-04 19:05 - 2014-08-04 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 19:05 - 2014-08-04 19:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-04 19:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-04 19:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-04 19:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-31 21:32 - 2014-08-02 13:05 - 00000000 ____D () C:\Users\Sascha\Documents\Overlay-Optionen
2014-07-30 15:43 - 2014-07-30 15:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 20:05 - 2014-07-27 20:05 - 00001306 _____ () C:\Users\Sascha\Desktop\SAMP.lnk
2014-07-15 09:14 - 2014-07-15 09:14 - 00123566 _____ () C:\Users\Sascha\Desktop\Projekt.rar
2014-07-15 09:09 - 2014-07-14 17:05 - 00003845 _____ () C:\Users\Sascha\Desktop\projekt.sql
2014-07-13 14:33 - 2014-07-13 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2014-07-13 14:30 - 2014-07-13 20:47 - 00000000 ____D () C:\xampp
2014-07-12 16:20 - 2014-07-13 15:27 - 00003306 _____ () C:\projekt.sql
2014-07-12 12:41 - 2014-07-12 13:57 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Notepad++
2014-07-12 12:41 - 2014-07-12 12:41 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-07-12 12:41 - 2014-07-12 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-07-11 21:28 - 2014-07-11 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Maps Radar - Made by OVPD Badge 169
2014-07-09 00:27 - 2014-07-09 00:27 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-07-09 00:21 - 2014-07-09 00:21 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-07-08 22:57 - 2014-07-08 22:57 - 00000967 _____ () C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
2014-07-08 21:58 - 2014-07-09 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-07-08 21:29 - 2014-07-09 18:48 - 00000990 _____ () C:\Users\Public\Desktop\MTA San Andreas 1.4.lnk
2014-07-08 21:29 - 2014-07-08 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.4
2014-07-08 21:27 - 2014-07-08 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-07 13:48 - 2014-08-04 20:54 - 00014596 _____ () C:\Users\Sascha\Desktop\FRST.txt
2014-08-07 13:47 - 2014-08-04 20:53 - 00000000 ____D () C:\FRST
2014-08-07 13:44 - 2014-04-04 20:28 - 13708891 _____ () C:\Windows\setupact.log
2014-08-07 13:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 13:43 - 2012-10-12 15:33 - 01985849 _____ () C:\Windows\WindowsUpdate.log
2014-08-07 13:40 - 2014-08-07 13:40 - 00000756 _____ () C:\Users\Sascha\Desktop\JRT.txt
2014-08-07 13:38 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-07 13:38 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-07 13:33 - 2014-08-07 13:33 - 01016261 _____ (Thisisu) C:\Users\Sascha\Desktop\JRT.exe
2014-08-07 13:33 - 2014-08-07 13:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-07 13:30 - 2014-05-13 18:09 - 00012588 _____ () C:\Windows\PFRO.log
2014-08-07 13:29 - 2014-07-07 19:52 - 00000000 ____D () C:\AdwCleaner
2014-08-07 13:28 - 2014-08-07 13:28 - 01475072 _____ () C:\Users\Sascha\Desktop\adwcleaner_3.303.exe
2014-08-07 13:27 - 2014-08-07 13:27 - 00001159 _____ () C:\Users\Sascha\Desktop\mbam.txt
2014-08-07 13:16 - 2013-04-12 22:32 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-07 13:13 - 2014-08-04 19:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 03:09 - 2013-04-12 23:59 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\TS3Client
2014-08-07 02:50 - 2013-04-13 00:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-07 02:31 - 2014-08-05 22:35 - 00000000 ____D () C:\Users\Sascha\Documents\Loeh-Keybinder
2014-08-07 01:48 - 2014-08-07 01:48 - 00000888 _____ () C:\Users\Sascha\Desktop\Cop-Dm_Keybinder starten.lnk
2014-08-06 17:20 - 2013-04-13 10:49 - 00000000 ____D () C:\ProgramData\Origin
2014-08-06 16:59 - 2014-08-06 16:59 - 00014421 _____ () C:\ComboFix.txt
2014-08-06 16:59 - 2014-08-06 16:36 - 00000000 ____D () C:\Qoobox
2014-08-06 16:58 - 2014-08-06 16:35 - 00000000 ____D () C:\Windows\erdnt
2014-08-06 16:57 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-06 16:33 - 2014-08-06 16:33 - 05567759 ____R (Swearware) C:\Users\Sascha\Desktop\ComboFix.exe
2014-08-05 22:40 - 2014-08-04 19:57 - 00000948 _____ () C:\Users\Sascha\Desktop\DM-Keybinder.lnk
2014-08-05 22:40 - 2014-08-04 19:57 - 00000000 ____D () C:\Users\Sascha\Documents\DM-Keybinder von Alan.Miller
2014-08-05 00:00 - 2014-01-10 18:20 - 00007604 _____ () C:\Users\Sascha\AppData\Local\Resmon.ResmonCfg
2014-08-04 20:55 - 2014-08-04 20:54 - 00040822 _____ () C:\Users\Sascha\Desktop\Addition.txt
2014-08-04 20:53 - 2014-08-04 20:53 - 02094080 _____ (Farbar) C:\Users\Sascha\Desktop\FRST64.exe
2014-08-04 20:06 - 2014-08-04 19:57 - 00000048 _____ () C:\Users\Sascha\Desktop\Update.ini
2014-08-04 19:05 - 2014-08-04 19:05 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-04 19:05 - 2014-08-04 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-04 19:05 - 2014-08-04 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 19:05 - 2014-08-04 19:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-02 13:05 - 2014-07-31 21:32 - 00000000 ____D () C:\Users\Sascha\Documents\Overlay-Optionen
2014-07-31 13:11 - 2012-10-12 15:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 15:43 - 2014-07-30 15:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 20:05 - 2014-07-27 20:05 - 00001306 _____ () C:\Users\Sascha\Desktop\SAMP.lnk
2014-07-15 09:14 - 2014-07-15 09:14 - 00123566 _____ () C:\Users\Sascha\Desktop\Projekt.rar
2014-07-14 17:05 - 2014-07-15 09:09 - 00003845 _____ () C:\Users\Sascha\Desktop\projekt.sql
2014-07-13 20:47 - 2014-07-13 14:30 - 00000000 ____D () C:\xampp
2014-07-13 18:06 - 2014-03-10 11:24 - 00000000 ____D () C:\Users\Sascha\Desktop\MET Pack
2014-07-13 15:27 - 2014-07-12 16:20 - 00003306 _____ () C:\projekt.sql
2014-07-13 14:33 - 2014-07-13 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2014-07-12 13:57 - 2014-07-12 12:41 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Notepad++
2014-07-12 12:43 - 2011-04-12 09:43 - 02149600 _____ () C:\Windows\system32\perfh007.dat
2014-07-12 12:43 - 2011-04-12 09:43 - 00601554 _____ () C:\Windows\system32\perfc007.dat
2014-07-12 12:43 - 2009-07-14 07:13 - 00006422 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-12 12:41 - 2014-07-12 12:41 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-07-12 12:41 - 2014-07-12 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-07-11 21:28 - 2014-07-11 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Maps Radar - Made by OVPD Badge 169
2014-07-10 23:13 - 2013-04-12 23:00 - 00000000 ____D () C:\Users\Sascha\AppData\Roaming\vlc
2014-07-09 18:48 - 2014-07-08 21:29 - 00000990 _____ () C:\Users\Public\Desktop\MTA San Andreas 1.4.lnk
2014-07-09 00:27 - 2014-07-09 00:27 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-07-09 00:26 - 2013-11-23 23:14 - 00000000 ____D () C:\Users\Sascha\AppData\Local\Rockstar Games
2014-07-09 00:25 - 2014-07-08 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2014-07-09 00:25 - 2014-06-16 21:02 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-07-09 00:25 - 2013-04-12 21:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-09 00:22 - 2014-06-09 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2014-07-09 00:21 - 2014-07-09 00:21 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-07-08 23:00 - 2014-04-04 21:03 - 00112837 _____ () C:\Windows\DirectX.log
2014-07-08 22:58 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-08 22:57 - 2014-07-08 22:57 - 00000967 _____ () C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
2014-07-08 21:29 - 2014-07-08 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.4
2014-07-08 21:29 - 2013-05-03 21:20 - 00000000 ____D () C:\ProgramData\MTA San Andreas All
2014-07-08 21:27 - 2014-07-08 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3
2014-07-08 20:50 - 2013-04-13 00:09 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 20:50 - 2013-04-13 00:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 20:50 - 2013-04-13 00:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
Some content of TEMP:
====================
C:\Users\Sascha\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-28 18:57
==================== End Of Log ============================
MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 07.08.2014 Suchlauf-Zeit: 13:13:21 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.07.02 Rootkit Datenbank: v2014.08.04.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Sascha Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 309252 Verstrichene Zeit: 7 Min, 31 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.303 - Bericht erstellt am 07/08/2014 um 13:29:26
# Aktualisiert 06/08/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Sascha - SASCHA-PC
# Gestartet von : C:\Users\Sascha\Desktop\adwcleaner_3.303.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16521
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Sascha\AppData\Roaming\Mozilla\Firefox\Profiles\ttn4rkj9.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [3609 octets] - [07/07/2014 19:52:16]
AdwCleaner[R1].txt - [960 octets] - [07/08/2014 13:28:37]
AdwCleaner[S0].txt - [3265 octets] - [07/07/2014 19:53:26]
AdwCleaner[S1].txt - [882 octets] - [07/08/2014 13:29:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [941 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Sascha on 07.08.2014 at 13:33:48,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Sascha\AppData\Roaming\mozilla\firefox\profiles\ttn4rkj9.default\minidumps [351 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.08.2014 at 13:40:02,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
| Themen zu Trojaner, der Spammails verschickt |
| accounts, avast, detected, forum, malwarebytes, protection, system, trojaner, verschickt, viren, wahrscheinlich, website, win32/bundled.toolbar.ask.g, win32/bundled.toolbar.google.d, win32/downware.l, win32/installmonetizer.aq, windows, windows 7 |
Baum-Darstellung