|
Mülltonne: Malware bei FacebookWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
09.07.2015, 09:11 | #1 |
| Malware bei Facebook Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015 Ran by Rijo (administrator) on BÜCHER-PC on 09-07-2015 09:55:13 Running from C:\Users\Rijo\Desktop Loaded Profiles: Rijo (Available Profiles: Rijo & UpdatusUser) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe (Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Symantec Corporation) C:\Program Files\Norton 360\Engine\21.7.0.11\n360.exe (Symantec Corporation) C:\Program Files\Norton 360\Engine\21.7.0.11\n360.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Symantec Corporation) C:\Program Files\Norton 360\Engine\21.7.0.11\coNatHst.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1150976 2009-01-19] (Brother Industries, Ltd.) HKU\S-1-5-21-2435575737-2959328486-3478796703-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6405912 2015-06-01] (Piriform Ltd) HKU\S-1-5-21-2435575737-2959328486-3478796703-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2435575737-2959328486-3478796703-1000 -> {52C652A9-EF35-4469-9B14-FD27F5A40C87} URL = https://www.google.com/search?q={searchTerms} BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation) BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-19] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-19] (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation) Toolbar: HKU\S-1-5-21-2435575737-2959328486-3478796703-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\..\Interfaces\{8FA4F53C-3552-4666-882D-06F5AA1831E1}: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-19] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-19] (Oracle Corporation) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.) FF Extension: WOT - C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-06-28] FF Extension: NASA Night Launch - C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default\Extensions\nasanightlaunch@example.com.xpi [2014-11-06] FF Extension: NoScript - C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-06] FF Extension: FXChrome - C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2014-11-06] FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn [2015-07-09] FF Extension: No Name - C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default\extensions\sweetsearch@gmail.com [not found] FF Extension: No Name - C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default\extensions\iobitascsurfingprotection@iobit.com [not found] FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Chrome: ======= CHR Profile: C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Brushed) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2015-07-09] CHR Extension: (Adblock Plus) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-30] CHR Extension: (AdBlock) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-30] CHR Extension: (Norton Identity Safe) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-26] CHR Extension: (GPS Tracking Application) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiopjmhfcjjclkkkoanfenmofekjlebf [2015-07-08] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-30] CHR Extension: (Messenger (Unofficial)) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2015-06-30] CHR Extension: (Norton Security Toolbar) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-07-09] CHR Extension: (Google Wallet) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-10] CHR Extension: (Simple FB Messenger) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\omjfcpmgchkdbfhpgboehgknlhnhhnnh [2015-06-30] CHR HKLM\...\Chrome\Extension: [eblihieomkjeiobglmnbmidkajdcfkpa] - No Path Or update_url value CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-06-29] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [176128 2011-04-19] () [File not signed] S4 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2015-04-20] (Fork, Ltd.) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 N360; C:\Program Files\Norton 360\Engine\21.7.0.11\N360.exe [265000 2015-03-07] (Symantec Corporation) S4 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) S4 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed] S4 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-02-12] (Enigma Software Group USA, LLC.) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed] R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20150706.001\BHDrvx86.sys [1181424 2015-06-25] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360\1507000.00B\ccSetx86.sys [127064 2014-02-21] (Symantec Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-06-28] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [122192 2015-06-28] (Symantec Corporation) S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-02-12] (Enigma Software Group USA, LLC.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-02-12] () S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed] R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed] R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20150708.001\IDSvix86.sys [523512 2015-06-26] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20150708.005\NAVENG.SYS [104440 2015-07-07] (Symantec Corporation) R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20150708.005\NAVEX15.SYS [1645432 2015-07-07] (Symantec Corporation) R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software) R3 SRTSP; C:\Windows\System32\Drivers\N360\1507000.00B\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360\1507000.00B\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360\1507000.00B\SYMDS.SYS [367704 2013-08-01] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360\1507000.00B\SYMEFA.SYS [936152 2014-08-26] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2015-06-28] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360\1507000.00B\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation) R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1507000.00B\SYMTDIV.SYS [384728 2014-08-26] (Symantec Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 motmodem; system32\DRIVERS\motmodem.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 SipIMNDI; system32\DRIVERS\SipIMNDI.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-09 09:55 - 2015-07-09 09:55 - 00016190 _____ C:\Users\Rijo\Desktop\FRST.txt 2015-07-09 09:54 - 2015-07-09 09:55 - 00000000 ____D C:\FRST 2015-07-09 09:52 - 2015-07-09 09:52 - 01636352 _____ (Farbar) C:\Users\Rijo\Desktop\frst.exe 2015-07-09 01:28 - 2015-03-24 00:17 - 00111368 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp32.sys 2015-07-08 21:40 - 2015-07-09 09:37 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-08 21:36 - 2015-07-08 21:36 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Rijo\Downloads\malwarebytes.exe 2015-07-08 21:36 - 2015-07-08 21:36 - 00000899 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-07-08 21:36 - 2015-07-08 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-07-08 21:36 - 2015-07-08 21:36 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 2015-07-08 21:36 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-07-08 21:36 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-07-08 21:36 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-07-08 12:42 - 2015-07-08 12:42 - 00000000 ____D C:\Users\Rijo\AppData\Local\F-Secure 2015-07-08 01:59 - 2015-07-08 22:52 - 00000000 ____D C:\Users\Rijo\Desktop\Schwanenkind Werbung 2015-07-08 01:58 - 2015-07-08 01:58 - 00033408 _____ C:\Users\Rijo\AppData\Local\recently-used.xbel 2015-07-03 07:47 - 2015-07-03 07:47 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\ProductData 2015-07-02 05:26 - 2015-07-02 05:25 - 00001974 _____ C:\Users\Rijo\Desktop\Kaspersky Anti-Virus.lnk 2015-07-02 00:16 - 2015-07-02 00:17 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\IObit 2015-07-02 00:16 - 2015-07-02 00:17 - 00000000 ____D C:\ProgramData\IObit 2015-07-02 00:16 - 2015-07-02 00:16 - 00000000 ____D C:\Program Files\IObit 2015-06-30 11:47 - 2015-06-30 11:47 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\dlg 2015-06-30 11:38 - 2015-06-30 11:38 - 00517568 _____ ( ) C:\Users\Rijo\Downloads\ms-windows-tool-zum-entfernen-boesartiger-software-5.24-setup.exe 2015-06-30 09:56 - 2015-07-08 10:15 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-06-30 09:17 - 2015-06-30 09:17 - 00000000 ____D C:\ProgramData\Emsisoft 2015-06-30 08:35 - 2015-07-09 09:36 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware 2015-06-30 08:33 - 2015-06-30 08:34 - 163617512 _____ (Emsisoft Ltd. ) C:\Users\Rijo\Downloads\EmsisoftAntiMalwareSetup_10.0.0.5366.exe 2015-06-28 19:02 - 2015-06-28 19:04 - 06565736 _____ (Piriform Ltd) C:\Users\Rijo\Downloads\ccsetup507.exe 2015-06-28 16:26 - 2015-06-28 16:28 - 00279552 _____ C:\Users\Rijo\Documents\Barbara Costa.ppt 2015-06-28 13:51 - 2015-06-28 13:51 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS 2015-06-28 13:51 - 2015-06-28 13:51 - 00008194 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT 2015-06-28 13:51 - 2015-06-28 13:51 - 00002050 _____ C:\Users\Rijo\Downloads\Norton 360 (2).lnk 2015-06-28 13:50 - 2015-06-30 07:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2015-06-28 13:50 - 2015-06-30 07:43 - 00000000 ____D C:\Windows\system32\Drivers\N360 2015-06-28 13:50 - 2015-06-28 13:50 - 00000000 ____D C:\Program Files\Norton 360 2015-06-28 13:39 - 2015-06-28 13:46 - 191136136 _____ (Symantec Corporation) C:\Users\Rijo\Downloads\norton_360_setup (3).exe 2015-06-28 12:56 - 2015-06-28 13:03 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton 2015-06-28 12:55 - 2015-06-28 12:55 - 00000000 ____D C:\Users\Public\Downloads\Norton 2015-06-26 11:28 - 2015-06-26 11:28 - 01387520 _____ C:\Users\Rijo\Documents\Hörnchen Reihe.ppt 2015-06-23 22:49 - 2015-06-23 22:49 - 00243592 _____ C:\Users\Rijo\Downloads\Firefox Setup Stub 38.0.5.exe 2015-06-22 08:52 - 2015-06-28 23:54 - 00000000 ____D C:\Users\Rijo\Desktop\Daggi neu für Janette 2015-06-18 07:12 - 2015-06-18 07:12 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-06-12 17:27 - 2015-06-12 17:27 - 00000000 ____D C:\Users\Rijo\{988e4c9b-05d4-49e6-bff6-6eb6db3f887a} 2015-06-12 17:27 - 2015-06-12 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver 1.0 2015-06-12 17:27 - 2015-06-12 17:27 - 00000000 ____D C:\Driver 1.0 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-09 09:46 - 2014-09-02 19:25 - 00000000 ____D C:\Users\Rijo\Desktop\Werbesprüche und anderes 2015-07-09 09:44 - 2014-07-21 10:55 - 00000000 ____D C:\Users\Rijo\Desktop\Püppi Grüße 2015-07-09 09:40 - 2006-11-02 14:52 - 01524486 _____ C:\Windows\WindowsUpdate.log 2015-07-09 09:37 - 2014-05-10 15:19 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-09 09:37 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-09 09:37 - 2006-11-02 14:47 - 00004448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-09 09:37 - 2006-11-02 14:47 - 00004448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-09 09:36 - 2006-11-02 15:01 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-07-09 01:08 - 2014-05-10 15:19 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-09 01:05 - 2014-05-11 07:56 - 01798608 _____ C:\Windows\PFRO.log 2015-07-09 01:02 - 2014-05-15 03:25 - 00000000 ____D C:\AdwCleaner 2015-07-09 00:14 - 2014-05-10 21:03 - 00000000 ____D C:\Program Files\CCleaner 2015-07-08 22:40 - 2006-11-02 12:33 - 01559094 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-08 14:48 - 2014-05-10 16:14 - 00000824 _____ C:\Users\Rijo\AppData\Roaming\wklnhst.dat 2015-07-08 14:47 - 2014-11-29 18:47 - 00040960 _____ C:\Users\Rijo\Desktop\Haushalt 2015.xlr 2015-07-08 13:06 - 2014-11-05 20:51 - 00000000 ____D C:\ProgramData\F-Secure 2015-07-08 08:28 - 2014-05-10 13:58 - 00000000 ____D C:\Users\Rijo 2015-07-08 05:44 - 2014-05-10 17:39 - 00000000 ____D C:\Users\Rijo\Desktop\Arbeitsprogramme 2015-07-08 03:19 - 2015-01-19 17:55 - 00000000 ____D C:\Users\Rijo\Desktop\Hinweisschilder mit Püppi 2015-07-08 01:59 - 2014-05-10 21:48 - 00000000 ____D C:\Users\Rijo\.gimp-2.8 2015-07-08 01:58 - 2014-05-10 21:52 - 00000000 ____D C:\Users\Rijo\AppData\Local\gtk-2.0 2015-07-07 23:34 - 2014-05-11 09:40 - 00000000 ____D C:\Program Files\SpeedFan 2015-07-07 16:28 - 2014-05-10 17:42 - 00124928 _____ C:\Users\Rijo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-07-06 14:27 - 2014-06-24 10:03 - 00000000 ____D C:\Users\Rijo\Documents\My Kindle Content 2015-07-06 03:41 - 2014-08-16 19:32 - 00000000 ____D C:\Program Files\PDF24 2015-07-05 22:37 - 2014-05-10 17:44 - 00000000 ___RD C:\Users\Rijo\Desktop\Johann 2015-07-05 19:47 - 2014-05-10 17:49 - 00000000 ___RD C:\Users\Rijo\Desktop\Fertige Bücher 2015-07-05 19:42 - 2014-05-10 17:47 - 00000000 ___RD C:\Users\Rijo\Desktop\gemischte programme 2015-07-05 03:07 - 2014-05-11 16:10 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\Skype 2015-07-05 00:32 - 2014-06-09 17:44 - 00000000 ____D C:\Users\Rijo\AppData\Local\CrashDumps 2015-07-02 09:44 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default 2015-07-02 05:26 - 2014-05-10 18:24 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2015-07-02 00:16 - 2014-06-21 08:51 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\Apple Computer 2015-07-01 13:15 - 2014-05-10 17:39 - 00000000 ___RD C:\Users\Rijo\Desktop\Rita 2015-06-30 18:27 - 2014-05-10 19:37 - 00034304 _____ C:\Users\Rijo\Desktop\gas 2006-2015.xlr 2015-06-30 10:25 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public 2015-06-28 19:09 - 2014-05-10 21:03 - 00000804 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-06-28 13:53 - 2014-05-10 18:35 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2015-06-28 13:50 - 2014-05-10 19:12 - 00000000 ____D C:\ProgramData\Norton 2015-06-27 00:30 - 2014-05-26 11:53 - 00000000 ____D C:\Users\Rijo\AppData\Local\NPE 2015-06-27 00:26 - 2014-05-26 11:56 - 00000000 ____D C:\NPE 2015-06-26 19:00 - 2015-05-28 08:28 - 00000000 ____D C:\Users\Rijo\Desktop\Alle wichtigen Ordner 2015-06-25 09:25 - 2015-04-03 08:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger 2015-06-22 06:49 - 2015-05-01 10:49 - 00000000 ____D C:\Program Files\Formatierungstool 2015-06-15 23:38 - 2015-01-01 14:31 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\PhotoScape 2015-06-15 13:09 - 2015-01-01 14:36 - 00000000 ____D C:\output 2015-06-15 13:08 - 2015-01-01 14:32 - 00024576 ____H C:\Users\Rijo\Desktop\photothumb.db 2015-06-13 21:07 - 2014-05-11 13:28 - 00028581 _____ C:\Windows\setupact.log ==================== Files in the root of some directories ======= 2014-05-10 19:18 - 2014-05-10 19:18 - 0024206 _____ () C:\Users\Rijo\AppData\Roaming\UserTile.png 2014-11-08 22:43 - 2014-11-24 06:43 - 0000163 _____ () C:\Users\Rijo\AppData\Roaming\WB.CFG 2014-05-10 16:14 - 2015-07-08 14:48 - 0000824 _____ () C:\Users\Rijo\AppData\Roaming\wklnhst.dat 2014-05-10 13:58 - 2015-02-13 10:02 - 0001356 _____ () C:\Users\Rijo\AppData\Local\d3d9caps.dat 2014-05-10 17:42 - 2015-07-07 16:28 - 0124928 _____ () C:\Users\Rijo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-10 12:43 - 2014-11-22 10:43 - 0000001 _____ () C:\Users\Rijo\AppData\Local\DSI.DAT 2014-07-24 12:23 - 2014-07-24 12:23 - 0000292 _____ () C:\Users\Rijo\AppData\Local\HamsterBookConverter.cfg 2014-12-11 09:05 - 2014-12-11 09:05 - 0004096 ____H () C:\Users\Rijo\AppData\Local\keyfile3.drm 2015-07-08 01:58 - 2015-07-08 01:58 - 0033408 _____ () C:\Users\Rijo\AppData\Local\recently-used.xbel 2014-09-30 23:10 - 2014-09-30 23:10 - 0000000 _____ () C:\Users\Rijo\AppData\Local\{3854974C-D01A-4F55-B4A7-ABAAE1A01FC5} 2014-05-10 17:01 - 2014-08-24 13:47 - 0034800 _____ () C:\ProgramData\nvModes.001 2014-05-10 17:01 - 2014-08-24 13:47 - 0034800 _____ () C:\ProgramData\nvModes.dat Some files in TEMP: ==================== C:\Users\Rijo\AppData\Local\Temp\Quarantine.exe C:\Users\Rijo\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-09 09:42 ==================== End of log ========================== |
09.07.2015, 09:25 | #2 |
/// the machine /// TB-Ausbilder | Malware bei Facebook bitte in deinem bestehenden Thema antworten.
__________________
__________________ |
Themen zu Malware bei Facebook |
administrator, adobe, browser, ccsetup, defender, esgscanner.sys, explorer, explorer.exe, google, helper, home, kaspersky, launch, malware, malwarebytes, mozilla, neu, nvidia, registry, security, services.exe, software, svchost.exe, symantec, system, temp, windows, winlogon.exe |