| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Svhost.exe /Backdoor.Agent + PUP.BitCoinMinerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.09.2014, 19:47
| #16 |
| /// the machine /// TB-Ausbilder    |  Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner hi, Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.09.2014, 08:58
| #17 |
 | Svhost.exe /Backdoor.Agent + PUP.BitCoinMinerFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by SYSTEM on MININT-2TDH7Q5 on 20-09-2014 09:51:29
Running from f:\
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-07-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\Shu\...\Run: [VSA] => C:\Users\Shu\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe [1751552 2013-05-07] (Microsoft Corporation)
HKU\Shu\...\Run: [Akamai NetSession Interface] => C:\Users\Shu\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
Startup: C:\Users\Shu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-09] (Advanced Micro Devices, Inc.)
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-01-08] ()
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-08-12] (Perfect World Entertainment Inc)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-10-08] ()
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-08-09] (BitRaider, LLC)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5128944 2013-11-19] (INCA Internet Co., Ltd.)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-04] ()
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-13] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [59624 2014-01-08] (Advanced Micro Devices)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-06] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-06] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-06] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-06] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-06] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-06] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-06] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-06] ()
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-13] (Disc Soft Ltd)
S3 gouranga; C:\Windows\System32\DRIVERS\gouranga.sys [16384 2014-08-04] (GSPOON CO., LTD.)
S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0081.sys [28768 2014-01-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SEE; C:\Windows\System32\drivers\see.sys [38240 2014-06-03] (SoftEther VPN Project at University of Tsukuba, Japan.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 Synth3dVsc; No ImagePath
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 tsusbhub; No ImagePath
S3 VGPU; No ImagePath
S3 VIAHdAudAddService; No ImagePath
S3 X6va015; No ImagePath
S3 X6va016; No ImagePath
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-19 15:52 - 2014-09-19 15:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 07:33 - 2014-09-18 07:33 - 00854417 _____ () C:\Users\Shu\Desktop\SecurityCheck.exe
2014-09-18 07:33 - 2014-09-18 07:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-18 07:32 - 2014-09-18 07:32 - 02347384 _____ (ESET) C:\Users\Shu\Desktop\esetsmartinstaller_deu.exe
2014-09-17 10:44 - 2014-09-18 13:33 - 00038667 _____ () C:\Users\Shu\Downloads\FRST.txt
2014-09-17 10:43 - 2014-09-17 10:43 - 00001460 _____ () C:\Users\Shu\Desktop\JRT.txt
2014-09-17 10:38 - 2014-09-17 10:38 - 00000000 ____D () C:\Windows\ERUNT
2014-09-17 10:37 - 2014-09-17 10:37 - 00002349 _____ () C:\Users\Shu\Desktop\AdwCleaner[S3].txt
2014-09-17 10:30 - 2014-09-17 10:30 - 00001491 _____ () C:\Users\Shu\Desktop\mbar.txt
2014-09-17 10:01 - 2014-09-17 10:01 - 01373475 _____ () C:\Users\Shu\Desktop\AdwCleaner_3.310.exe
2014-09-17 10:01 - 2014-09-17 10:01 - 01016035 _____ (Thisisu) C:\Users\Shu\Desktop\JRT.exe
2014-09-16 15:11 - 2014-09-16 15:11 - 00029566 _____ () C:\ComboFix.txt
2014-09-16 14:53 - 2014-09-16 14:53 - 00001130 _____ () C:\Users\Shu\Desktop\ComboFix.exe - Verknüpfung.lnk
2014-09-15 19:14 - 2014-09-15 19:15 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Shu\Downloads\tdsskiller.exe
2014-09-15 18:32 - 2014-09-15 18:32 - 00002165 _____ () C:\Users\Shu\Desktop\Dragon Nest Europe.lnk
2014-09-15 17:23 - 2014-09-15 17:23 - 00262144 ____N () C:\Windows\Minidump\091514-23150-01.dmp
2014-09-15 10:27 - 2014-09-15 10:28 - 00018397 _____ () C:\Windows\DirectX.log
2014-09-15 08:43 - 2014-09-20 09:51 - 00000000 ____D () C:\FRST
2014-09-15 08:43 - 2014-09-15 08:51 - 00038153 _____ () C:\Users\Shu\Desktop\FRST.txt
2014-09-15 08:43 - 2014-09-15 08:44 - 00053678 _____ () C:\Users\Shu\Desktop\Addition.txt
2014-09-15 08:42 - 2014-09-15 08:42 - 01102777 _____ () C:\Users\Shu\Desktop\Scan Results.140915-0942.txt
2014-09-15 08:41 - 2014-09-15 08:41 - 02105856 _____ (Farbar) C:\Users\Shu\Downloads\FRST64.exe
2014-09-15 08:29 - 2014-09-15 08:30 - 00000000 ____D () C:\Users\Shu\Downloads\SGN SW Torrent
2014-09-15 07:53 - 2014-09-15 07:53 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-15 07:53 - 2013-09-20 09:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2014-09-15 07:52 - 2014-09-15 07:52 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Shu\Downloads\spybot-2.4.exe
2014-09-14 21:25 - 2014-09-14 21:25 - 00000085 _____ () C:\Windows\wininit.ini
2014-09-14 21:25 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-14 21:25 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-14 21:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-14 21:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-14 21:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-14 21:25 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-14 21:25 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-14 21:25 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-14 21:20 - 2014-09-14 21:20 - 00000000 ____D () C:\Users\Shu\Documents\ProcAlyzer Dumps
2014-09-14 21:12 - 2014-09-16 15:11 - 00000000 ____D () C:\Qoobox
2014-09-14 21:12 - 2014-09-14 21:35 - 00000000 ____D () C:\Windows\erdnt
2014-09-14 21:07 - 2014-09-16 14:54 - 05579386 ____R (Swearware) C:\Users\Shu\Downloads\ComboFix.exe
2014-09-14 21:00 - 2014-09-17 10:34 - 00006220 _____ () C:\Windows\PFRO.log
2014-09-14 20:45 - 2014-09-14 21:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 20:44 - 2014-09-14 20:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Shu\Downloads\mbar-1.07.0.1012.exe
2014-09-14 09:40 - 2014-09-14 09:40 - 00692832 _____ ( ) C:\Users\Shu\Downloads\DNDownloader96.exe
2014-09-14 08:04 - 2014-09-20 08:44 - 00001671 _____ () C:\Windows\setupact.log
2014-09-14 08:04 - 2014-09-14 08:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-13 11:13 - 2014-09-13 11:13 - 01942203 _____ () C:\Users\Shu\Desktop\vitctorian houses.zip
2014-09-13 09:53 - 2014-09-13 09:53 - 06057862 _____ (Tim Kosse) C:\Users\Shu\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-12 13:52 - 2014-09-12 13:56 - 00000000 ____D () C:\Users\Shu\Desktop\world
2014-09-10 11:28 - 2014-09-10 11:28 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 09:00 - 2014-09-10 12:33 - 00000000 ____D () C:\Users\Shu\Desktop\Minecraft
2014-09-09 11:47 - 2014-09-16 14:53 - 00000000 ____D () C:\Users\Shu\Powersaves3DS
2014-09-09 11:47 - 2014-09-09 11:47 - 00000000 ____D () C:\Program Files (x86)\Action Replay PowerSaves 3DS
2014-09-05 20:02 - 2014-09-05 20:02 - 01402920 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.1_149.exe
2014-09-02 09:00 - 2014-09-02 09:06 - 00000000 ____D () C:\Users\Shu\AppData\Local\lab_1_54
2014-09-01 20:30 - 2014-09-01 20:30 - 00003088 _____ () C:\Windows\System32\Tasks\{CA426A73-A1F4-4917-967B-CDAE3FBA6F61}
2014-09-01 10:32 - 2014-09-01 10:33 - 00000000 ____D () C:\Program Files\WorldPainter
2014-08-31 16:06 - 2014-08-31 16:06 - 01397992 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.0_148.exe
2014-08-22 16:46 - 2014-08-22 16:46 - 00000000 ____D () C:\Users\Shu\Downloads\Content
2014-08-22 16:46 - 2014-08-07 03:45 - 00450560 _____ (seismic) C:\Users\Shu\Downloads\SeismicGame.exe
2014-08-22 16:46 - 2014-05-23 00:11 - 00683008 _____ () C:\Users\Shu\Downloads\MonoGame.Framework.dll
2014-08-22 16:46 - 2014-04-06 04:51 - 03290624 _____ (The Open Toolkit Library) C:\Users\Shu\Downloads\OpenTK.dll
2014-08-22 16:46 - 2014-02-20 16:59 - 00069632 _____ (Tao Framework -- hxxp://www.taoframework.com) C:\Users\Shu\Downloads\Tao.Sdl.dll
2014-08-22 16:46 - 2013-10-29 06:41 - 00445952 _____ (Mark Heath) C:\Users\Shu\Downloads\NAudio.dll
2014-08-22 16:46 - 2009-10-04 19:02 - 00139264 _____ (Osamu TAKEUCHI <osamu@big.jp>) C:\Users\Shu\Downloads\YamlSerializer.dll
2014-08-22 16:15 - 2014-08-22 16:46 - 114383892 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part2.rar
2014-08-22 16:14 - 2014-08-22 16:25 - 209715200 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part1.rar
2014-08-21 16:51 - 2014-08-21 19:12 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Arc
2014-08-21 16:50 - 2014-08-21 18:19 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-08-21 07:28 - 2014-08-21 07:28 - 01014036 _____ () C:\Program Files (x86)\translation.bin
2014-08-21 07:28 - 2014-08-21 07:28 - 00044544 _____ () C:\Program Files (x86)\translator.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-20 09:51 - 2014-09-15 08:43 - 00000000 ____D () C:\FRST
2014-09-20 08:48 - 2013-10-04 16:02 - 01543006 _____ () C:\Windows\WindowsUpdate.log
2014-09-20 08:48 - 2009-07-14 05:45 - 00020672 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-20 08:48 - 2009-07-14 05:45 - 00020672 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-20 08:44 - 2014-09-14 08:04 - 00001671 _____ () C:\Windows\setupact.log
2014-09-20 08:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-20 08:42 - 2009-07-14 18:58 - 01309856 _____ () C:\Windows\System32\perfh007.dat
2014-09-20 08:42 - 2009-07-14 18:58 - 00338988 _____ () C:\Windows\System32\perfc007.dat
2014-09-20 08:42 - 2009-07-14 06:13 - 00006224 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-09-20 08:28 - 2013-10-04 17:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-20 08:24 - 2013-10-04 16:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-20 08:24 - 2013-10-04 16:21 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-19 19:30 - 2013-10-04 19:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-19 16:04 - 2013-10-04 17:09 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\TS3Client
2014-09-19 15:52 - 2014-09-19 15:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 19:58 - 2013-10-04 16:53 - 00000000 ____D () C:\ProgramData\Origin
2014-09-18 18:45 - 2013-10-04 16:53 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-18 13:33 - 2014-09-17 10:44 - 00038667 _____ () C:\Users\Shu\Downloads\FRST.txt
2014-09-18 10:36 - 2014-07-04 19:28 - 00000000 ____D () C:\Users\Shu\AppData\Local\Warframe
2014-09-18 07:33 - 2014-09-18 07:33 - 00854417 _____ () C:\Users\Shu\Desktop\SecurityCheck.exe
2014-09-18 07:33 - 2014-09-18 07:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-18 07:32 - 2014-09-18 07:32 - 02347384 _____ (ESET) C:\Users\Shu\Desktop\esetsmartinstaller_deu.exe
2014-09-17 10:43 - 2014-09-17 10:43 - 00001460 _____ () C:\Users\Shu\Desktop\JRT.txt
2014-09-17 10:38 - 2014-09-17 10:38 - 00000000 ____D () C:\Windows\ERUNT
2014-09-17 10:37 - 2014-09-17 10:37 - 00002349 _____ () C:\Users\Shu\Desktop\AdwCleaner[S3].txt
2014-09-17 10:34 - 2014-09-14 21:00 - 00006220 _____ () C:\Windows\PFRO.log
2014-09-17 10:33 - 2013-10-26 09:34 - 00000000 ____D () C:\AdwCleaner
2014-09-17 10:30 - 2014-09-17 10:30 - 00001491 _____ () C:\Users\Shu\Desktop\mbar.txt
2014-09-17 10:29 - 2014-07-10 12:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-09-17 10:24 - 2013-10-04 16:55 - 00000000 ____D () C:\Windows\Panther
2014-09-17 10:01 - 2014-09-17 10:01 - 01373475 _____ () C:\Users\Shu\Desktop\AdwCleaner_3.310.exe
2014-09-17 10:01 - 2014-09-17 10:01 - 01016035 _____ (Thisisu) C:\Users\Shu\Desktop\JRT.exe
2014-09-17 10:00 - 2014-02-19 02:00 - 00000000 ____D () C:\Users\Shu\AppData\Local\Apps\2.0
2014-09-16 15:11 - 2014-09-16 15:11 - 00029566 _____ () C:\ComboFix.txt
2014-09-16 15:11 - 2014-09-14 21:12 - 00000000 ____D () C:\Qoobox
2014-09-16 15:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-16 14:58 - 2013-10-28 09:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-16 14:54 - 2014-09-14 21:07 - 05579386 ____R (Swearware) C:\Users\Shu\Downloads\ComboFix.exe
2014-09-16 14:53 - 2014-09-16 14:53 - 00001130 _____ () C:\Users\Shu\Desktop\ComboFix.exe - Verknüpfung.lnk
2014-09-16 14:53 - 2014-09-09 11:47 - 00000000 ____D () C:\Users\Shu\Powersaves3DS
2014-09-15 19:45 - 2013-10-04 17:48 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-09-15 19:35 - 2013-10-04 17:48 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-09-15 19:15 - 2014-09-15 19:14 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Shu\Downloads\tdsskiller.exe
2014-09-15 18:35 - 2013-10-04 20:28 - 00000000 ____D () C:\Users\Shu\Documents\DragonNest
2014-09-15 18:32 - 2014-09-15 18:32 - 00002165 _____ () C:\Users\Shu\Desktop\Dragon Nest Europe.lnk
2014-09-15 18:11 - 2014-03-22 20:48 - 00000000 ____D () C:\Users\Shu\Desktop\Bewerbungskram
2014-09-15 17:24 - 2013-11-18 12:06 - 00000000 ____D () C:\Windows\Minidump
2014-09-15 17:23 - 2014-09-15 17:23 - 00262144 ____N () C:\Windows\Minidump\091514-23150-01.dmp
2014-09-15 17:21 - 2014-06-14 12:20 - 00000000 ____D () C:\Program Files (x86)\SDGi Europe
2014-09-15 13:29 - 2014-07-23 17:04 - 00000000 ____D () C:\Users\Shu\AppData\Local\ftblauncher
2014-09-15 13:29 - 2014-02-28 20:04 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\FTB
2014-09-15 10:28 - 2014-09-15 10:27 - 00018397 _____ () C:\Windows\DirectX.log
2014-09-15 08:51 - 2014-09-15 08:43 - 00038153 _____ () C:\Users\Shu\Desktop\FRST.txt
2014-09-15 08:44 - 2014-09-15 08:43 - 00053678 _____ () C:\Users\Shu\Desktop\Addition.txt
2014-09-15 08:42 - 2014-09-15 08:42 - 01102777 _____ () C:\Users\Shu\Desktop\Scan Results.140915-0942.txt
2014-09-15 08:41 - 2014-09-15 08:41 - 02105856 _____ (Farbar) C:\Users\Shu\Downloads\FRST64.exe
2014-09-15 08:41 - 2014-01-13 23:52 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\uTorrent
2014-09-15 08:30 - 2014-09-15 08:29 - 00000000 ____D () C:\Users\Shu\Downloads\SGN SW Torrent
2014-09-15 08:24 - 2014-06-27 21:11 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\NexonLauncher
2014-09-15 08:24 - 2014-06-27 21:10 - 00000000 ____D () C:\Program Files (x86)\Nexon
2014-09-15 07:58 - 2013-10-28 09:13 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-15 07:53 - 2014-09-15 07:53 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-15 07:52 - 2014-09-15 07:52 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Shu\Downloads\spybot-2.4.exe
2014-09-15 07:29 - 2014-02-19 02:00 - 00000000 ____D () C:\Users\Shu\AppData\Local\Deployment
2014-09-14 21:56 - 2014-09-14 20:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 21:36 - 2009-07-14 04:20 - 00000000 __RHD () C:\users\Default
2014-09-14 21:35 - 2014-09-14 21:12 - 00000000 ____D () C:\Windows\erdnt
2014-09-14 21:34 - 2013-10-04 16:04 - 00000000 ____D () C:\users\Shu
2014-09-14 21:25 - 2014-09-14 21:25 - 00000085 _____ () C:\Windows\wininit.ini
2014-09-14 21:20 - 2014-09-14 21:20 - 00000000 ____D () C:\Users\Shu\Documents\ProcAlyzer Dumps
2014-09-14 21:03 - 2014-05-23 07:35 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-09-14 21:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\IME
2014-09-14 20:44 - 2014-09-14 20:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Shu\Downloads\mbar-1.07.0.1012.exe
2014-09-14 16:48 - 2013-10-31 23:27 - 00000000 ____D () C:\Users\Shu\Desktop\PS CS6 Portable By KaelAlexander
2014-09-14 09:40 - 2014-09-14 09:40 - 00692832 _____ ( ) C:\Users\Shu\Downloads\DNDownloader96.exe
2014-09-14 08:12 - 2013-11-06 21:37 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\FileZilla
2014-09-14 08:04 - 2014-09-14 08:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-13 16:46 - 2013-11-04 23:02 - 00000132 _____ () C:\Users\Shu\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-09-13 11:23 - 2013-10-04 19:52 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Skype
2014-09-13 11:13 - 2014-09-13 11:13 - 01942203 _____ () C:\Users\Shu\Desktop\vitctorian houses.zip
2014-09-13 09:53 - 2014-09-13 09:53 - 06057862 _____ (Tim Kosse) C:\Users\Shu\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-12 14:19 - 2014-02-18 17:05 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\.minecraft
2014-09-12 13:56 - 2014-09-12 13:52 - 00000000 ____D () C:\Users\Shu\Desktop\world
2014-09-10 12:33 - 2014-09-10 09:00 - 00000000 ____D () C:\Users\Shu\Desktop\Minecraft
2014-09-10 11:28 - 2014-09-10 11:28 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 11:28 - 2013-10-04 17:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 11:28 - 2013-10-04 17:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 11:28 - 2013-10-04 17:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 11:47 - 2014-09-09 11:47 - 00000000 ____D () C:\Program Files (x86)\Action Replay PowerSaves 3DS
2014-09-07 14:07 - 2013-10-09 14:33 - 00000000 ____D () C:\Users\Shu\Documents\My Games
2014-09-06 07:47 - 2013-10-04 17:49 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-09-05 20:02 - 2014-09-05 20:02 - 01402920 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.1_149.exe
2014-09-03 07:13 - 2013-10-10 22:58 - 00000000 ____D () C:\Users\Shu\AppData\Local\PMB Files
2014-09-02 22:38 - 2013-10-10 22:58 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-02 18:33 - 2014-07-11 19:50 - 00000000 ____D () C:\Users\Shu\Documents\survarium
2014-09-02 18:32 - 2014-04-10 11:15 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-09-02 09:06 - 2014-09-02 09:00 - 00000000 ____D () C:\Users\Shu\AppData\Local\lab_1_54
2014-09-01 22:37 - 2014-04-10 11:15 - 00000000 ____D () C:\Users\Shu\Downloads\Gameforge Live
2014-09-01 20:30 - 2014-09-01 20:30 - 00003088 _____ () C:\Windows\System32\Tasks\{CA426A73-A1F4-4917-967B-CDAE3FBA6F61}
2014-09-01 20:29 - 2013-10-04 19:52 - 00000000 ____D () C:\ProgramData\Skype
2014-09-01 10:57 - 2014-01-22 11:40 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\WorldPainter
2014-09-01 10:33 - 2014-09-01 10:32 - 00000000 ____D () C:\Program Files\WorldPainter
2014-08-31 16:06 - 2014-08-31 16:06 - 01397992 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.0_148.exe
2014-08-29 10:38 - 2014-07-09 13:42 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-08-24 17:39 - 2013-10-19 20:11 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-08-22 19:06 - 2013-11-13 12:49 - 00000000 ____D () C:\Users\Shu\AppData\Local\JDownloader v2.0
2014-08-22 16:46 - 2014-08-22 16:46 - 00000000 ____D () C:\Users\Shu\Downloads\Content
2014-08-22 16:46 - 2014-08-22 16:15 - 114383892 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part2.rar
2014-08-22 16:25 - 2014-08-22 16:14 - 209715200 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part1.rar
2014-08-21 19:12 - 2014-08-21 16:51 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Arc
2014-08-21 18:25 - 2014-05-07 10:43 - 00000000 ____D () C:\ArcTemp
2014-08-21 18:19 - 2014-08-21 16:50 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-08-21 16:51 - 2013-10-04 16:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-21 07:31 - 2013-10-05 12:31 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-08-21 07:31 - 2013-10-05 12:31 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-08-21 07:28 - 2014-08-21 07:28 - 01014036 _____ () C:\Program Files (x86)\translation.bin
2014-08-21 07:28 - 2014-08-21 07:28 - 00044544 _____ () C:\Program Files (x86)\translator.dll
2014-08-21 07:28 - 2014-08-20 21:36 - 01014036 _____ () C:\translation.bin
2014-08-21 07:28 - 2014-08-20 21:36 - 00044544 _____ () C:\translator.dll
2014-08-21 07:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
Files to move or delete:
====================
C:\Users\Shu\worldpainter_64_1.8.1.exe
Some content of TEMP:
====================
C:\Users\Shu\AppData\Local\Temp\Quarantine.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2014-09-18 11:39:52
==================== Memory info ===========================
Percentage of memory in use: 6%
Total physical RAM: 24574.05 MB
Available physical RAM: 23032.5 MB
Total Pagefile: 24572.2 MB
Available Pagefile: 23037.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:385.36 GB) NTFS
Drive f: (SHU) (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EBA5D4A6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 964 MB) (Disk ID: 6E652072)
No partition Table on disk 1.
LastRegBack: 2014-09-17 11:17
==================== End Of Log ============================
PC Fährt jedenfalls um einiges schneller hoch als zuvor, jedoch kann ich das nirgends zuordnen. Grüße |
|
20.09.2014, 17:33
| #18 |
| /// the machine /// TB-Ausbilder | Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner FRST nochmal in der Recovery starten. In das Search Feld folgendes eintippen.
__________________svhost.exe auf File Search klicken. Wenn fertig, auf Reg Search klicken. Search Log hier posten.
__________________ |
|
20.09.2014, 22:24
| #19 |
| | Svhost.exe /Backdoor.Agent + PUP.BitCoinMinerCode:
ATTFilter Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by SYSTEM at 2014-09-20 21:19:57
Running from f:\
Boot Mode: Recovery
================== Search Files: "svhost.exe" =============
C:\Users\Shu\AppData\Roaming\Microsoft\svhost.exe
[2014-09-17 10:35][2013-04-23 16:03] 0435712 ____A () CDBB2D86AC108D86DC9EE673BA18D424
C:\Users\Shu\AppData\Roaming\Microsoft\IE10\svhost.exe
[2014-09-17 10:27][2013-04-23 16:03] 0435712 ____A () CDBB2D86AC108D86DC9EE673BA18D424
====== End Of Search ======
Code:
ATTFilter Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Shu at 2014-09-20 21:29:52
Running from C:\Users\Shu\Downloads
Boot Mode: Normal
================== Search Registry: "svhost.exe" ===========
====== End Of Search ======
Edit: Registry ging nur in Normal |
|
21.09.2014, 10:04
| #20 |
| /// the machine /// TB-Ausbilder | Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner Recovery: Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Shu\AppData\Roaming\Microsoft\svhost.exe
C:\Users\Shu\AppData\Roaming\Microsoft\IE10\svhost.exe
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.09.2014, 10:36
| #21 |
| | Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner Beim Hochfahren kam zurzeit kein Fehler, werde es gleich nochmal neu starten lassen  FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by SYSTEM on MININT-97DNA0C on 21-09-2014 11:28:11
Running from f:\
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-07-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\Shu\...\Run: [VSA] => C:\Users\Shu\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe [1751552 2013-05-07] (Microsoft Corporation)
HKU\Shu\...\Run: [Akamai NetSession Interface] => C:\Users\Shu\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
Startup: C:\Users\Shu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-09] (Advanced Micro Devices, Inc.)
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-01-08] ()
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-08-12] (Perfect World Entertainment Inc)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-10-08] ()
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-08-09] (BitRaider, LLC)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5128944 2013-11-19] (INCA Internet Co., Ltd.)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-04] ()
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-13] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [59624 2014-01-08] (Advanced Micro Devices)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-06] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-06] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-06] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-06] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-06] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-06] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-06] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-06] ()
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-13] (Disc Soft Ltd)
S3 gouranga; C:\Windows\System32\DRIVERS\gouranga.sys [16384 2014-08-04] (GSPOON CO., LTD.)
S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0081.sys [28768 2014-01-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SEE; C:\Windows\System32\drivers\see.sys [38240 2014-06-03] (SoftEther VPN Project at University of Tsukuba, Japan.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 Synth3dVsc; No ImagePath
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 tsusbhub; No ImagePath
S3 VGPU; No ImagePath
S3 VIAHdAudAddService; No ImagePath
S3 X6va015; No ImagePath
S3 X6va016; No ImagePath
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-21 09:11 - 2014-09-21 09:11 - 00000000 ____D () C:\Users\Shu\AppData\Local\Adobe
2014-09-20 20:29 - 2014-09-20 20:29 - 00000242 _____ () C:\Users\Shu\Downloads\Search.txt
2014-09-20 19:30 - 2014-09-20 19:30 - 19829279 _____ () C:\Users\Shu\Downloads\Flareon_A4.rar
2014-09-19 15:52 - 2014-09-19 15:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 07:33 - 2014-09-18 07:33 - 00854417 _____ () C:\Users\Shu\Desktop\SecurityCheck.exe
2014-09-18 07:33 - 2014-09-18 07:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-18 07:32 - 2014-09-18 07:32 - 02347384 _____ (ESET) C:\Users\Shu\Desktop\esetsmartinstaller_deu.exe
2014-09-17 10:44 - 2014-09-18 13:33 - 00038667 _____ () C:\Users\Shu\Downloads\FRST.txt
2014-09-17 10:43 - 2014-09-17 10:43 - 00001460 _____ () C:\Users\Shu\Desktop\JRT.txt
2014-09-17 10:38 - 2014-09-17 10:38 - 00000000 ____D () C:\Windows\ERUNT
2014-09-17 10:37 - 2014-09-17 10:37 - 00002349 _____ () C:\Users\Shu\Desktop\AdwCleaner[S3].txt
2014-09-17 10:30 - 2014-09-17 10:30 - 00001491 _____ () C:\Users\Shu\Desktop\mbar.txt
2014-09-17 10:01 - 2014-09-17 10:01 - 01373475 _____ () C:\Users\Shu\Desktop\AdwCleaner_3.310.exe
2014-09-17 10:01 - 2014-09-17 10:01 - 01016035 _____ (Thisisu) C:\Users\Shu\Desktop\JRT.exe
2014-09-16 15:11 - 2014-09-16 15:11 - 00029566 _____ () C:\ComboFix.txt
2014-09-16 14:53 - 2014-09-16 14:53 - 00001130 _____ () C:\Users\Shu\Desktop\ComboFix.exe - Verknüpfung.lnk
2014-09-15 19:14 - 2014-09-15 19:15 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Shu\Downloads\tdsskiller.exe
2014-09-15 18:32 - 2014-09-15 18:32 - 00002165 _____ () C:\Users\Shu\Desktop\Dragon Nest Europe.lnk
2014-09-15 17:23 - 2014-09-15 17:23 - 00262144 ____N () C:\Windows\Minidump\091514-23150-01.dmp
2014-09-15 10:27 - 2014-09-15 10:28 - 00018397 _____ () C:\Windows\DirectX.log
2014-09-15 08:43 - 2014-09-21 11:28 - 00000000 ____D () C:\FRST
2014-09-15 08:43 - 2014-09-15 08:51 - 00038153 _____ () C:\Users\Shu\Desktop\FRST.txt
2014-09-15 08:43 - 2014-09-15 08:44 - 00053678 _____ () C:\Users\Shu\Desktop\Addition.txt
2014-09-15 08:42 - 2014-09-15 08:42 - 01102777 _____ () C:\Users\Shu\Desktop\Scan Results.140915-0942.txt
2014-09-15 08:41 - 2014-09-15 08:41 - 02105856 _____ (Farbar) C:\Users\Shu\Downloads\FRST64.exe
2014-09-15 08:29 - 2014-09-15 08:30 - 00000000 ____D () C:\Users\Shu\Downloads\SGN SW Torrent
2014-09-15 07:53 - 2014-09-15 07:53 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-15 07:53 - 2013-09-20 09:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2014-09-15 07:52 - 2014-09-15 07:52 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Shu\Downloads\spybot-2.4.exe
2014-09-14 21:25 - 2014-09-14 21:25 - 00000085 _____ () C:\Windows\wininit.ini
2014-09-14 21:25 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-14 21:25 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-14 21:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-14 21:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-14 21:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-14 21:25 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-14 21:25 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-14 21:25 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-14 21:20 - 2014-09-14 21:20 - 00000000 ____D () C:\Users\Shu\Documents\ProcAlyzer Dumps
2014-09-14 21:12 - 2014-09-16 15:11 - 00000000 ____D () C:\Qoobox
2014-09-14 21:12 - 2014-09-14 21:35 - 00000000 ____D () C:\Windows\erdnt
2014-09-14 21:07 - 2014-09-16 14:54 - 05579386 ____R (Swearware) C:\Users\Shu\Downloads\ComboFix.exe
2014-09-14 21:00 - 2014-09-17 10:34 - 00006220 _____ () C:\Windows\PFRO.log
2014-09-14 20:45 - 2014-09-14 21:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 20:44 - 2014-09-14 20:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Shu\Downloads\mbar-1.07.0.1012.exe
2014-09-14 09:40 - 2014-09-14 09:40 - 00692832 _____ ( ) C:\Users\Shu\Downloads\DNDownloader96.exe
2014-09-14 08:04 - 2014-09-21 07:53 - 00001839 _____ () C:\Windows\setupact.log
2014-09-14 08:04 - 2014-09-14 08:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-13 11:13 - 2014-09-13 11:13 - 01942203 _____ () C:\Users\Shu\Desktop\vitctorian houses.zip
2014-09-13 09:53 - 2014-09-13 09:53 - 06057862 _____ (Tim Kosse) C:\Users\Shu\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-12 13:52 - 2014-09-12 13:56 - 00000000 ____D () C:\Users\Shu\Desktop\world
2014-09-10 11:28 - 2014-09-10 11:28 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 09:00 - 2014-09-10 12:33 - 00000000 ____D () C:\Users\Shu\Desktop\Minecraft
2014-09-09 11:47 - 2014-09-20 11:48 - 00000000 ____D () C:\Users\Shu\Powersaves3DS
2014-09-09 11:47 - 2014-09-09 11:47 - 00000000 ____D () C:\Program Files (x86)\Action Replay PowerSaves 3DS
2014-09-05 20:02 - 2014-09-05 20:02 - 01402920 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.1_149.exe
2014-09-02 09:00 - 2014-09-02 09:06 - 00000000 ____D () C:\Users\Shu\AppData\Local\lab_1_54
2014-09-01 20:30 - 2014-09-01 20:30 - 00003088 _____ () C:\Windows\System32\Tasks\{CA426A73-A1F4-4917-967B-CDAE3FBA6F61}
2014-09-01 10:32 - 2014-09-01 10:33 - 00000000 ____D () C:\Program Files\WorldPainter
2014-08-31 16:06 - 2014-08-31 16:06 - 01397992 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.0_148.exe
2014-08-22 16:46 - 2014-08-22 16:46 - 00000000 ____D () C:\Users\Shu\Downloads\Content
2014-08-22 16:46 - 2014-08-07 03:45 - 00450560 _____ (seismic) C:\Users\Shu\Downloads\SeismicGame.exe
2014-08-22 16:46 - 2014-05-23 00:11 - 00683008 _____ () C:\Users\Shu\Downloads\MonoGame.Framework.dll
2014-08-22 16:46 - 2014-04-06 04:51 - 03290624 _____ (The Open Toolkit Library) C:\Users\Shu\Downloads\OpenTK.dll
2014-08-22 16:46 - 2014-02-20 16:59 - 00069632 _____ (Tao Framework -- hxxp://www.taoframework.com) C:\Users\Shu\Downloads\Tao.Sdl.dll
2014-08-22 16:46 - 2013-10-29 06:41 - 00445952 _____ (Mark Heath) C:\Users\Shu\Downloads\NAudio.dll
2014-08-22 16:46 - 2009-10-04 19:02 - 00139264 _____ (Osamu TAKEUCHI <osamu@big.jp>) C:\Users\Shu\Downloads\YamlSerializer.dll
2014-08-22 16:15 - 2014-08-22 16:46 - 114383892 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part2.rar
2014-08-22 16:14 - 2014-08-22 16:25 - 209715200 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part1.rar
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-21 11:28 - 2014-09-15 08:43 - 00000000 ____D () C:\FRST
2014-09-21 10:24 - 2013-10-04 16:02 - 01555472 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 09:42 - 2013-10-04 19:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-21 09:28 - 2013-10-04 17:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-21 09:11 - 2014-09-21 09:11 - 00000000 ____D () C:\Users\Shu\AppData\Local\Adobe
2014-09-21 08:05 - 2014-07-23 17:04 - 00000000 ____D () C:\Users\Shu\AppData\Local\ftblauncher
2014-09-21 08:04 - 2014-02-28 20:04 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\FTB
2014-09-21 08:01 - 2009-07-14 05:45 - 00020672 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-21 08:01 - 2009-07-14 05:45 - 00020672 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-21 07:53 - 2014-09-14 08:04 - 00001839 _____ () C:\Windows\setupact.log
2014-09-21 07:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-20 22:25 - 2013-10-04 16:53 - 00000000 ____D () C:\ProgramData\Origin
2014-09-20 22:21 - 2013-10-04 17:09 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\TS3Client
2014-09-20 21:51 - 2013-10-04 17:48 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-09-20 21:51 - 2013-10-04 17:48 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-09-20 21:05 - 2013-10-04 16:53 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-20 20:44 - 2014-03-22 20:48 - 00000000 ____D () C:\Users\Shu\Desktop\Bewerbungskram
2014-09-20 20:29 - 2014-09-20 20:29 - 00000242 _____ () C:\Users\Shu\Downloads\Search.txt
2014-09-20 20:28 - 2013-10-04 16:21 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-20 19:30 - 2014-09-20 19:30 - 19829279 _____ () C:\Users\Shu\Downloads\Flareon_A4.rar
2014-09-20 16:53 - 2014-07-04 19:28 - 00000000 ____D () C:\Users\Shu\AppData\Local\Warframe
2014-09-20 11:48 - 2014-09-09 11:47 - 00000000 ____D () C:\Users\Shu\Powersaves3DS
2014-09-20 09:02 - 2009-07-14 18:58 - 01324398 _____ () C:\Windows\System32\perfh007.dat
2014-09-20 09:02 - 2009-07-14 18:58 - 00343506 _____ () C:\Windows\System32\perfc007.dat
2014-09-20 09:02 - 2009-07-14 06:13 - 00006224 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-09-20 08:24 - 2013-10-04 16:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-19 15:52 - 2014-09-19 15:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 13:33 - 2014-09-17 10:44 - 00038667 _____ () C:\Users\Shu\Downloads\FRST.txt
2014-09-18 07:33 - 2014-09-18 07:33 - 00854417 _____ () C:\Users\Shu\Desktop\SecurityCheck.exe
2014-09-18 07:33 - 2014-09-18 07:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-18 07:32 - 2014-09-18 07:32 - 02347384 _____ (ESET) C:\Users\Shu\Desktop\esetsmartinstaller_deu.exe
2014-09-17 10:43 - 2014-09-17 10:43 - 00001460 _____ () C:\Users\Shu\Desktop\JRT.txt
2014-09-17 10:38 - 2014-09-17 10:38 - 00000000 ____D () C:\Windows\ERUNT
2014-09-17 10:37 - 2014-09-17 10:37 - 00002349 _____ () C:\Users\Shu\Desktop\AdwCleaner[S3].txt
2014-09-17 10:34 - 2014-09-14 21:00 - 00006220 _____ () C:\Windows\PFRO.log
2014-09-17 10:33 - 2013-10-26 09:34 - 00000000 ____D () C:\AdwCleaner
2014-09-17 10:30 - 2014-09-17 10:30 - 00001491 _____ () C:\Users\Shu\Desktop\mbar.txt
2014-09-17 10:29 - 2014-07-10 12:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-09-17 10:24 - 2013-10-04 16:55 - 00000000 ____D () C:\Windows\Panther
2014-09-17 10:01 - 2014-09-17 10:01 - 01373475 _____ () C:\Users\Shu\Desktop\AdwCleaner_3.310.exe
2014-09-17 10:01 - 2014-09-17 10:01 - 01016035 _____ (Thisisu) C:\Users\Shu\Desktop\JRT.exe
2014-09-17 10:00 - 2014-02-19 02:00 - 00000000 ____D () C:\Users\Shu\AppData\Local\Apps\2.0
2014-09-16 15:11 - 2014-09-16 15:11 - 00029566 _____ () C:\ComboFix.txt
2014-09-16 15:11 - 2014-09-14 21:12 - 00000000 ____D () C:\Qoobox
2014-09-16 15:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-16 14:58 - 2013-10-28 09:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-16 14:54 - 2014-09-14 21:07 - 05579386 ____R (Swearware) C:\Users\Shu\Downloads\ComboFix.exe
2014-09-16 14:53 - 2014-09-16 14:53 - 00001130 _____ () C:\Users\Shu\Desktop\ComboFix.exe - Verknüpfung.lnk
2014-09-15 19:15 - 2014-09-15 19:14 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Shu\Downloads\tdsskiller.exe
2014-09-15 18:35 - 2013-10-04 20:28 - 00000000 ____D () C:\Users\Shu\Documents\DragonNest
2014-09-15 18:32 - 2014-09-15 18:32 - 00002165 _____ () C:\Users\Shu\Desktop\Dragon Nest Europe.lnk
2014-09-15 17:24 - 2013-11-18 12:06 - 00000000 ____D () C:\Windows\Minidump
2014-09-15 17:23 - 2014-09-15 17:23 - 00262144 ____N () C:\Windows\Minidump\091514-23150-01.dmp
2014-09-15 17:21 - 2014-06-14 12:20 - 00000000 ____D () C:\Program Files (x86)\SDGi Europe
2014-09-15 10:28 - 2014-09-15 10:27 - 00018397 _____ () C:\Windows\DirectX.log
2014-09-15 08:51 - 2014-09-15 08:43 - 00038153 _____ () C:\Users\Shu\Desktop\FRST.txt
2014-09-15 08:44 - 2014-09-15 08:43 - 00053678 _____ () C:\Users\Shu\Desktop\Addition.txt
2014-09-15 08:42 - 2014-09-15 08:42 - 01102777 _____ () C:\Users\Shu\Desktop\Scan Results.140915-0942.txt
2014-09-15 08:41 - 2014-09-15 08:41 - 02105856 _____ (Farbar) C:\Users\Shu\Downloads\FRST64.exe
2014-09-15 08:41 - 2014-01-13 23:52 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\uTorrent
2014-09-15 08:30 - 2014-09-15 08:29 - 00000000 ____D () C:\Users\Shu\Downloads\SGN SW Torrent
2014-09-15 08:24 - 2014-06-27 21:11 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\NexonLauncher
2014-09-15 08:24 - 2014-06-27 21:10 - 00000000 ____D () C:\Program Files (x86)\Nexon
2014-09-15 07:58 - 2013-10-28 09:13 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-15 07:53 - 2014-09-15 07:53 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-15 07:52 - 2014-09-15 07:52 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Shu\Downloads\spybot-2.4.exe
2014-09-15 07:29 - 2014-02-19 02:00 - 00000000 ____D () C:\Users\Shu\AppData\Local\Deployment
2014-09-14 21:56 - 2014-09-14 20:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 21:36 - 2009-07-14 04:20 - 00000000 __RHD () C:\users\Default
2014-09-14 21:35 - 2014-09-14 21:12 - 00000000 ____D () C:\Windows\erdnt
2014-09-14 21:34 - 2013-10-04 16:04 - 00000000 ____D () C:\users\Shu
2014-09-14 21:25 - 2014-09-14 21:25 - 00000085 _____ () C:\Windows\wininit.ini
2014-09-14 21:20 - 2014-09-14 21:20 - 00000000 ____D () C:\Users\Shu\Documents\ProcAlyzer Dumps
2014-09-14 21:03 - 2014-05-23 07:35 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-09-14 21:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\IME
2014-09-14 20:44 - 2014-09-14 20:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Shu\Downloads\mbar-1.07.0.1012.exe
2014-09-14 16:48 - 2013-10-31 23:27 - 00000000 ____D () C:\Users\Shu\Desktop\PS CS6 Portable By KaelAlexander
2014-09-14 09:40 - 2014-09-14 09:40 - 00692832 _____ ( ) C:\Users\Shu\Downloads\DNDownloader96.exe
2014-09-14 08:12 - 2013-11-06 21:37 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\FileZilla
2014-09-14 08:04 - 2014-09-14 08:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-13 16:46 - 2013-11-04 23:02 - 00000132 _____ () C:\Users\Shu\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-09-13 11:23 - 2013-10-04 19:52 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Skype
2014-09-13 11:13 - 2014-09-13 11:13 - 01942203 _____ () C:\Users\Shu\Desktop\vitctorian houses.zip
2014-09-13 09:53 - 2014-09-13 09:53 - 06057862 _____ (Tim Kosse) C:\Users\Shu\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-12 14:19 - 2014-02-18 17:05 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\.minecraft
2014-09-12 13:56 - 2014-09-12 13:52 - 00000000 ____D () C:\Users\Shu\Desktop\world
2014-09-10 12:33 - 2014-09-10 09:00 - 00000000 ____D () C:\Users\Shu\Desktop\Minecraft
2014-09-10 11:28 - 2014-09-10 11:28 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 11:28 - 2013-10-04 17:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 11:28 - 2013-10-04 17:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 11:28 - 2013-10-04 17:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 11:47 - 2014-09-09 11:47 - 00000000 ____D () C:\Program Files (x86)\Action Replay PowerSaves 3DS
2014-09-07 14:07 - 2013-10-09 14:33 - 00000000 ____D () C:\Users\Shu\Documents\My Games
2014-09-06 07:47 - 2013-10-04 17:49 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-09-05 20:02 - 2014-09-05 20:02 - 01402920 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.1_149.exe
2014-09-03 07:13 - 2013-10-10 22:58 - 00000000 ____D () C:\Users\Shu\AppData\Local\PMB Files
2014-09-02 22:38 - 2013-10-10 22:58 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-02 18:33 - 2014-07-11 19:50 - 00000000 ____D () C:\Users\Shu\Documents\survarium
2014-09-02 18:32 - 2014-04-10 11:15 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-09-02 09:06 - 2014-09-02 09:00 - 00000000 ____D () C:\Users\Shu\AppData\Local\lab_1_54
2014-09-01 22:37 - 2014-04-10 11:15 - 00000000 ____D () C:\Users\Shu\Downloads\Gameforge Live
2014-09-01 20:30 - 2014-09-01 20:30 - 00003088 _____ () C:\Windows\System32\Tasks\{CA426A73-A1F4-4917-967B-CDAE3FBA6F61}
2014-09-01 20:29 - 2013-10-04 19:52 - 00000000 ____D () C:\ProgramData\Skype
2014-09-01 10:57 - 2014-01-22 11:40 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\WorldPainter
2014-09-01 10:33 - 2014-09-01 10:32 - 00000000 ____D () C:\Program Files\WorldPainter
2014-08-31 16:06 - 2014-08-31 16:06 - 01397992 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.0_148.exe
2014-08-29 10:38 - 2014-07-09 13:42 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-08-24 17:39 - 2013-10-19 20:11 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-08-22 19:06 - 2013-11-13 12:49 - 00000000 ____D () C:\Users\Shu\AppData\Local\JDownloader v2.0
2014-08-22 16:46 - 2014-08-22 16:46 - 00000000 ____D () C:\Users\Shu\Downloads\Content
2014-08-22 16:46 - 2014-08-22 16:15 - 114383892 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part2.rar
2014-08-22 16:25 - 2014-08-22 16:14 - 209715200 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part1.rar
Files to move or delete:
====================
C:\Users\Shu\worldpainter_64_1.8.1.exe
Some content of TEMP:
====================
C:\Users\Shu\AppData\Local\Temp\Quarantine.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2014-09-18 11:39:52
==================== Memory info ===========================
Percentage of memory in use: 6%
Total physical RAM: 24574.05 MB
Available physical RAM: 23032.95 MB
Total Pagefile: 24572.2 MB
Available Pagefile: 23039.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:382.3 GB) NTFS
Drive f: (SHU) (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EBA5D4A6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 964 MB) (Disk ID: 6E652072)
No partition Table on disk 1.
LastRegBack: 2014-09-17 11:17
==================== End Of Log ============================
Edit: Zu früh gefreut  Nun springt avast! an und ne weitere Meldung. gruß Geändert von NyanShu (21.09.2014 um 10:49 Uhr) |
|
22.09.2014, 07:36
| #22 |
| /// the machine /// TB-Ausbilder | Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Shu\...\Run: [VSA] => C:\Users\Shu\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe [1751552 2013-05-07] (Microsoft Corporation)
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Nochmal ne File Suche in der Recovery bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.09.2014, 15:16
| #23 |
| | Svhost.exe /Backdoor.Agent + PUP.BitCoinMinerFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by SYSTEM on MININT-UCCND7M on 22-09-2014 15:58:45
Running from f:\
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-07-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\Shu\...\Run: [Akamai NetSession Interface] => C:\Users\Shu\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
Startup: C:\Users\Shu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-09] (Advanced Micro Devices, Inc.)
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-01-08] ()
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-08-12] (Perfect World Entertainment Inc)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-10-08] ()
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-08-09] (BitRaider, LLC)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5128944 2013-11-19] (INCA Internet Co., Ltd.)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-04] ()
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-13] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [59624 2014-01-08] (Advanced Micro Devices)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-06] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-06] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-06] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-06] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-06] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-06] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-06] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-06] ()
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-13] (Disc Soft Ltd)
S3 gouranga; C:\Windows\System32\DRIVERS\gouranga.sys [16384 2014-08-04] (GSPOON CO., LTD.)
S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0081.sys [28768 2014-01-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SEE; C:\Windows\System32\drivers\see.sys [38240 2014-06-03] (SoftEther VPN Project at University of Tsukuba, Japan.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 Synth3dVsc; No ImagePath
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 tsusbhub; No ImagePath
S3 VGPU; No ImagePath
S3 VIAHdAudAddService; No ImagePath
S3 X6va015; No ImagePath
S3 X6va016; No ImagePath
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-21 09:11 - 2014-09-21 09:11 - 00000000 ____D () C:\Users\Shu\AppData\Local\Adobe
2014-09-20 20:29 - 2014-09-20 20:29 - 00000242 _____ () C:\Users\Shu\Downloads\Search.txt
2014-09-20 19:30 - 2014-09-20 19:30 - 19829279 _____ () C:\Users\Shu\Downloads\Flareon_A4.rar
2014-09-19 15:52 - 2014-09-19 15:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 07:33 - 2014-09-18 07:33 - 00854417 _____ () C:\Users\Shu\Desktop\SecurityCheck.exe
2014-09-18 07:33 - 2014-09-18 07:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-18 07:32 - 2014-09-18 07:32 - 02347384 _____ (ESET) C:\Users\Shu\Desktop\esetsmartinstaller_deu.exe
2014-09-17 10:44 - 2014-09-18 13:33 - 00038667 _____ () C:\Users\Shu\Downloads\FRST.txt
2014-09-17 10:43 - 2014-09-17 10:43 - 00001460 _____ () C:\Users\Shu\Desktop\JRT.txt
2014-09-17 10:38 - 2014-09-17 10:38 - 00000000 ____D () C:\Windows\ERUNT
2014-09-17 10:37 - 2014-09-17 10:37 - 00002349 _____ () C:\Users\Shu\Desktop\AdwCleaner[S3].txt
2014-09-17 10:30 - 2014-09-17 10:30 - 00001491 _____ () C:\Users\Shu\Desktop\mbar.txt
2014-09-17 10:01 - 2014-09-17 10:01 - 01373475 _____ () C:\Users\Shu\Desktop\AdwCleaner_3.310.exe
2014-09-17 10:01 - 2014-09-17 10:01 - 01016035 _____ (Thisisu) C:\Users\Shu\Desktop\JRT.exe
2014-09-16 15:11 - 2014-09-16 15:11 - 00029566 _____ () C:\ComboFix.txt
2014-09-16 14:53 - 2014-09-16 14:53 - 00001130 _____ () C:\Users\Shu\Desktop\ComboFix.exe - Verknüpfung.lnk
2014-09-15 19:14 - 2014-09-15 19:15 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Shu\Downloads\tdsskiller.exe
2014-09-15 18:32 - 2014-09-15 18:32 - 00002165 _____ () C:\Users\Shu\Desktop\Dragon Nest Europe.lnk
2014-09-15 17:23 - 2014-09-15 17:23 - 00262144 ____N () C:\Windows\Minidump\091514-23150-01.dmp
2014-09-15 10:27 - 2014-09-15 10:28 - 00018397 _____ () C:\Windows\DirectX.log
2014-09-15 08:43 - 2014-09-22 15:58 - 00000000 ____D () C:\FRST
2014-09-15 08:43 - 2014-09-15 08:51 - 00038153 _____ () C:\Users\Shu\Desktop\FRST.txt
2014-09-15 08:43 - 2014-09-15 08:44 - 00053678 _____ () C:\Users\Shu\Desktop\Addition.txt
2014-09-15 08:42 - 2014-09-15 08:42 - 01102777 _____ () C:\Users\Shu\Desktop\Scan Results.140915-0942.txt
2014-09-15 08:41 - 2014-09-15 08:41 - 02105856 _____ (Farbar) C:\Users\Shu\Downloads\FRST64.exe
2014-09-15 08:29 - 2014-09-15 08:30 - 00000000 ____D () C:\Users\Shu\Downloads\SGN SW Torrent
2014-09-15 07:53 - 2014-09-15 07:53 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-15 07:53 - 2013-09-20 09:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2014-09-15 07:52 - 2014-09-15 07:52 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Shu\Downloads\spybot-2.4.exe
2014-09-14 21:25 - 2014-09-14 21:25 - 00000085 _____ () C:\Windows\wininit.ini
2014-09-14 21:25 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-14 21:25 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-14 21:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-14 21:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-14 21:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-14 21:25 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-14 21:25 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-14 21:25 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-14 21:20 - 2014-09-14 21:20 - 00000000 ____D () C:\Users\Shu\Documents\ProcAlyzer Dumps
2014-09-14 21:12 - 2014-09-16 15:11 - 00000000 ____D () C:\Qoobox
2014-09-14 21:12 - 2014-09-14 21:35 - 00000000 ____D () C:\Windows\erdnt
2014-09-14 21:07 - 2014-09-16 14:54 - 05579386 ____R (Swearware) C:\Users\Shu\Downloads\ComboFix.exe
2014-09-14 21:00 - 2014-09-17 10:34 - 00006220 _____ () C:\Windows\PFRO.log
2014-09-14 20:45 - 2014-09-14 21:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 20:44 - 2014-09-14 20:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Shu\Downloads\mbar-1.07.0.1012.exe
2014-09-14 09:40 - 2014-09-14 09:40 - 00692832 _____ ( ) C:\Users\Shu\Downloads\DNDownloader96.exe
2014-09-14 08:04 - 2014-09-22 09:08 - 00002063 _____ () C:\Windows\setupact.log
2014-09-14 08:04 - 2014-09-14 08:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-13 11:13 - 2014-09-13 11:13 - 01942203 _____ () C:\Users\Shu\Desktop\vitctorian houses.zip
2014-09-13 09:53 - 2014-09-13 09:53 - 06057862 _____ (Tim Kosse) C:\Users\Shu\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-12 13:52 - 2014-09-12 13:56 - 00000000 ____D () C:\Users\Shu\Desktop\world
2014-09-10 11:28 - 2014-09-10 11:28 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 09:00 - 2014-09-10 12:33 - 00000000 ____D () C:\Users\Shu\Desktop\Minecraft
2014-09-09 11:47 - 2014-09-22 13:45 - 00000000 ____D () C:\Users\Shu\Powersaves3DS
2014-09-09 11:47 - 2014-09-09 11:47 - 00000000 ____D () C:\Program Files (x86)\Action Replay PowerSaves 3DS
2014-09-05 20:02 - 2014-09-05 20:02 - 01402920 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.1_149.exe
2014-09-02 09:00 - 2014-09-02 09:06 - 00000000 ____D () C:\Users\Shu\AppData\Local\lab_1_54
2014-09-01 20:30 - 2014-09-01 20:30 - 00003088 _____ () C:\Windows\System32\Tasks\{CA426A73-A1F4-4917-967B-CDAE3FBA6F61}
2014-09-01 10:32 - 2014-09-01 10:33 - 00000000 ____D () C:\Program Files\WorldPainter
2014-08-31 16:06 - 2014-08-31 16:06 - 01397992 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.0_148.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-22 15:58 - 2014-09-15 08:43 - 00000000 ____D () C:\FRST
2014-09-22 14:56 - 2013-10-04 16:02 - 01572305 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 14:28 - 2013-10-04 17:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 14:22 - 2013-10-04 19:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-22 13:45 - 2014-09-09 11:47 - 00000000 ____D () C:\Users\Shu\Powersaves3DS
2014-09-22 12:55 - 2014-07-23 17:04 - 00000000 ____D () C:\Users\Shu\AppData\Local\ftblauncher
2014-09-22 12:54 - 2014-07-04 19:28 - 00000000 ____D () C:\Users\Shu\AppData\Local\Warframe
2014-09-22 12:54 - 2014-02-28 20:04 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\FTB
2014-09-22 09:16 - 2009-07-14 05:45 - 00020672 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 09:16 - 2009-07-14 05:45 - 00020672 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 09:10 - 2013-10-04 16:21 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-22 09:08 - 2014-09-14 08:04 - 00002063 _____ () C:\Windows\setupact.log
2014-09-22 09:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-21 20:13 - 2013-10-04 16:53 - 00000000 ____D () C:\ProgramData\Origin
2014-09-21 20:12 - 2013-10-04 17:09 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\TS3Client
2014-09-21 19:40 - 2013-10-04 17:48 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-09-21 17:00 - 2013-10-04 16:53 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-21 16:18 - 2013-10-04 19:52 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Skype
2014-09-21 09:11 - 2014-09-21 09:11 - 00000000 ____D () C:\Users\Shu\AppData\Local\Adobe
2014-09-20 21:51 - 2013-10-04 17:48 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-09-20 20:44 - 2014-03-22 20:48 - 00000000 ____D () C:\Users\Shu\Desktop\Bewerbungskram
2014-09-20 20:29 - 2014-09-20 20:29 - 00000242 _____ () C:\Users\Shu\Downloads\Search.txt
2014-09-20 19:30 - 2014-09-20 19:30 - 19829279 _____ () C:\Users\Shu\Downloads\Flareon_A4.rar
2014-09-20 09:02 - 2009-07-14 18:58 - 01324398 _____ () C:\Windows\System32\perfh007.dat
2014-09-20 09:02 - 2009-07-14 18:58 - 00343506 _____ () C:\Windows\System32\perfc007.dat
2014-09-20 09:02 - 2009-07-14 06:13 - 00006224 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-09-20 08:24 - 2013-10-04 16:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-19 15:52 - 2014-09-19 15:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 13:33 - 2014-09-17 10:44 - 00038667 _____ () C:\Users\Shu\Downloads\FRST.txt
2014-09-18 07:33 - 2014-09-18 07:33 - 00854417 _____ () C:\Users\Shu\Desktop\SecurityCheck.exe
2014-09-18 07:33 - 2014-09-18 07:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-18 07:32 - 2014-09-18 07:32 - 02347384 _____ (ESET) C:\Users\Shu\Desktop\esetsmartinstaller_deu.exe
2014-09-17 10:43 - 2014-09-17 10:43 - 00001460 _____ () C:\Users\Shu\Desktop\JRT.txt
2014-09-17 10:38 - 2014-09-17 10:38 - 00000000 ____D () C:\Windows\ERUNT
2014-09-17 10:37 - 2014-09-17 10:37 - 00002349 _____ () C:\Users\Shu\Desktop\AdwCleaner[S3].txt
2014-09-17 10:34 - 2014-09-14 21:00 - 00006220 _____ () C:\Windows\PFRO.log
2014-09-17 10:33 - 2013-10-26 09:34 - 00000000 ____D () C:\AdwCleaner
2014-09-17 10:30 - 2014-09-17 10:30 - 00001491 _____ () C:\Users\Shu\Desktop\mbar.txt
2014-09-17 10:29 - 2014-07-10 12:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-09-17 10:24 - 2013-10-04 16:55 - 00000000 ____D () C:\Windows\Panther
2014-09-17 10:01 - 2014-09-17 10:01 - 01373475 _____ () C:\Users\Shu\Desktop\AdwCleaner_3.310.exe
2014-09-17 10:01 - 2014-09-17 10:01 - 01016035 _____ (Thisisu) C:\Users\Shu\Desktop\JRT.exe
2014-09-17 10:00 - 2014-02-19 02:00 - 00000000 ____D () C:\Users\Shu\AppData\Local\Apps\2.0
2014-09-16 15:11 - 2014-09-16 15:11 - 00029566 _____ () C:\ComboFix.txt
2014-09-16 15:11 - 2014-09-14 21:12 - 00000000 ____D () C:\Qoobox
2014-09-16 15:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-16 14:58 - 2013-10-28 09:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-16 14:54 - 2014-09-14 21:07 - 05579386 ____R (Swearware) C:\Users\Shu\Downloads\ComboFix.exe
2014-09-16 14:53 - 2014-09-16 14:53 - 00001130 _____ () C:\Users\Shu\Desktop\ComboFix.exe - Verknüpfung.lnk
2014-09-15 19:15 - 2014-09-15 19:14 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Shu\Downloads\tdsskiller.exe
2014-09-15 18:35 - 2013-10-04 20:28 - 00000000 ____D () C:\Users\Shu\Documents\DragonNest
2014-09-15 18:32 - 2014-09-15 18:32 - 00002165 _____ () C:\Users\Shu\Desktop\Dragon Nest Europe.lnk
2014-09-15 17:24 - 2013-11-18 12:06 - 00000000 ____D () C:\Windows\Minidump
2014-09-15 17:23 - 2014-09-15 17:23 - 00262144 ____N () C:\Windows\Minidump\091514-23150-01.dmp
2014-09-15 17:21 - 2014-06-14 12:20 - 00000000 ____D () C:\Program Files (x86)\SDGi Europe
2014-09-15 10:28 - 2014-09-15 10:27 - 00018397 _____ () C:\Windows\DirectX.log
2014-09-15 08:51 - 2014-09-15 08:43 - 00038153 _____ () C:\Users\Shu\Desktop\FRST.txt
2014-09-15 08:44 - 2014-09-15 08:43 - 00053678 _____ () C:\Users\Shu\Desktop\Addition.txt
2014-09-15 08:42 - 2014-09-15 08:42 - 01102777 _____ () C:\Users\Shu\Desktop\Scan Results.140915-0942.txt
2014-09-15 08:41 - 2014-09-15 08:41 - 02105856 _____ (Farbar) C:\Users\Shu\Downloads\FRST64.exe
2014-09-15 08:41 - 2014-01-13 23:52 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\uTorrent
2014-09-15 08:30 - 2014-09-15 08:29 - 00000000 ____D () C:\Users\Shu\Downloads\SGN SW Torrent
2014-09-15 08:24 - 2014-06-27 21:11 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\NexonLauncher
2014-09-15 08:24 - 2014-06-27 21:10 - 00000000 ____D () C:\Program Files (x86)\Nexon
2014-09-15 07:58 - 2013-10-28 09:13 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-15 07:53 - 2014-09-15 07:53 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-15 07:52 - 2014-09-15 07:52 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Shu\Downloads\spybot-2.4.exe
2014-09-15 07:29 - 2014-02-19 02:00 - 00000000 ____D () C:\Users\Shu\AppData\Local\Deployment
2014-09-14 21:56 - 2014-09-14 20:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 21:36 - 2009-07-14 04:20 - 00000000 __RHD () C:\users\Default
2014-09-14 21:35 - 2014-09-14 21:12 - 00000000 ____D () C:\Windows\erdnt
2014-09-14 21:34 - 2013-10-04 16:04 - 00000000 ____D () C:\users\Shu
2014-09-14 21:25 - 2014-09-14 21:25 - 00000085 _____ () C:\Windows\wininit.ini
2014-09-14 21:20 - 2014-09-14 21:20 - 00000000 ____D () C:\Users\Shu\Documents\ProcAlyzer Dumps
2014-09-14 21:03 - 2014-05-23 07:35 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-09-14 21:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\IME
2014-09-14 20:44 - 2014-09-14 20:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Shu\Downloads\mbar-1.07.0.1012.exe
2014-09-14 16:48 - 2013-10-31 23:27 - 00000000 ____D () C:\Users\Shu\Desktop\PS CS6 Portable By KaelAlexander
2014-09-14 09:40 - 2014-09-14 09:40 - 00692832 _____ ( ) C:\Users\Shu\Downloads\DNDownloader96.exe
2014-09-14 08:12 - 2013-11-06 21:37 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\FileZilla
2014-09-14 08:04 - 2014-09-14 08:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-13 16:46 - 2013-11-04 23:02 - 00000132 _____ () C:\Users\Shu\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-09-13 11:13 - 2014-09-13 11:13 - 01942203 _____ () C:\Users\Shu\Desktop\vitctorian houses.zip
2014-09-13 09:53 - 2014-09-13 09:53 - 06057862 _____ (Tim Kosse) C:\Users\Shu\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-12 14:19 - 2014-02-18 17:05 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\.minecraft
2014-09-12 13:56 - 2014-09-12 13:52 - 00000000 ____D () C:\Users\Shu\Desktop\world
2014-09-10 12:33 - 2014-09-10 09:00 - 00000000 ____D () C:\Users\Shu\Desktop\Minecraft
2014-09-10 11:28 - 2014-09-10 11:28 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 11:28 - 2013-10-04 17:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 11:28 - 2013-10-04 17:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 11:28 - 2013-10-04 17:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 11:47 - 2014-09-09 11:47 - 00000000 ____D () C:\Program Files (x86)\Action Replay PowerSaves 3DS
2014-09-07 14:07 - 2013-10-09 14:33 - 00000000 ____D () C:\Users\Shu\Documents\My Games
2014-09-06 07:47 - 2013-10-04 17:49 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-09-05 20:02 - 2014-09-05 20:02 - 01402920 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.1_149.exe
2014-09-03 07:13 - 2013-10-10 22:58 - 00000000 ____D () C:\Users\Shu\AppData\Local\PMB Files
2014-09-02 22:38 - 2013-10-10 22:58 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-02 18:33 - 2014-07-11 19:50 - 00000000 ____D () C:\Users\Shu\Documents\survarium
2014-09-02 18:32 - 2014-04-10 11:15 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-09-02 09:06 - 2014-09-02 09:00 - 00000000 ____D () C:\Users\Shu\AppData\Local\lab_1_54
2014-09-01 22:37 - 2014-04-10 11:15 - 00000000 ____D () C:\Users\Shu\Downloads\Gameforge Live
2014-09-01 20:30 - 2014-09-01 20:30 - 00003088 _____ () C:\Windows\System32\Tasks\{CA426A73-A1F4-4917-967B-CDAE3FBA6F61}
2014-09-01 20:29 - 2013-10-04 19:52 - 00000000 ____D () C:\ProgramData\Skype
2014-09-01 10:57 - 2014-01-22 11:40 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\WorldPainter
2014-09-01 10:33 - 2014-09-01 10:32 - 00000000 ____D () C:\Program Files\WorldPainter
2014-08-31 16:06 - 2014-08-31 16:06 - 01397992 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.0_148.exe
2014-08-29 10:38 - 2014-07-09 13:42 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-08-24 17:39 - 2013-10-19 20:11 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
Files to move or delete:
====================
C:\Users\Shu\worldpainter_64_1.8.1.exe
Some content of TEMP:
====================
C:\Users\Shu\AppData\Local\Temp\Quarantine.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2014-09-22 10:51:53
==================== Memory info ===========================
Percentage of memory in use: 6%
Total physical RAM: 24574.05 MB
Available physical RAM: 23015.34 MB
Total Pagefile: 24572.2 MB
Available Pagefile: 23019.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:382.67 GB) NTFS
Drive f: (SHU) (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EBA5D4A6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 964 MB) (Disk ID: 6E652072)
No partition Table on disk 1.
LastRegBack: 2014-09-17 11:17
==================== End Of Log ============================
Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by SYSTEM at 2014-09-22 15:58:28 Run:2
Running from f:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
HKU\Shu\...\Run: [VSA] => C:\Users\Shu\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe [1751552 2013-05-07] (Microsoft Corporation)
*****************
HKU\Shu\Software\Microsoft\Windows\CurrentVersion\Run\\VSA => value deleted successfully.
==== End of Fixlog ====
|
|
22.09.2014, 17:10
| #24 |
| /// the machine /// TB-Ausbilder | Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner und die File Suche?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.09.2014, 17:29
| #25 |
| | Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner Hab ich ganz vergessen, zu viel Stress gerade >_< Werde das sobald wie möglich nachreichen! Code:
ATTFilter Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by SYSTEM at 2014-09-22 18:32:33
Running from f:\
Boot Mode: Recovery
================== Search Files: "svhost.exe" =============
C:\Users\Shu\AppData\Roaming\Microsoft\svhost.exe
[2014-09-22 09:08][2013-04-23 16:03] 0435712 ____A () CDBB2D86AC108D86DC9EE673BA18D424
C:\Users\Shu\AppData\Roaming\Microsoft\IE10\svhost.exe
[2014-09-21 14:25][2013-04-23 16:03] 0435712 ____A () CDBB2D86AC108D86DC9EE673BA18D424
====== End Of Search ======
Geändert von NyanShu (22.09.2014 um 17:41 Uhr) |
|
23.09.2014, 18:22
| #26 |
| /// the machine /// TB-Ausbilder | Svhost.exe /Backdoor.Agent + PUP.BitCoinMinerCode:
ATTFilter C:\Users\Shu\AppData\Roaming\Microsoft\svhost.exe
C:\Users\Shu\AppData\Roaming\Microsoft\IE10\svhost.exe
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.09.2014, 19:43
| #27 |
| | Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner Und was soll ich jetzt genau machen? bin etwas verwirrt, musst aber hinzufügen, das ich keine weitere Fehlermeldungen nun habe beim Starten. Gruß |
|
24.09.2014, 11:36
| #28 |
| /// the machine /// TB-Ausbilder | Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner Lol, da hat sich mein Text verabschiedet Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Shu\AppData\Roaming\Microsoft\svhost.exe
C:\Users\Shu\AppData\Roaming\Microsoft\IE10\svhost.exe
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.09.2014, 14:44
| #29 |
| | Svhost.exe /Backdoor.Agent + PUP.BitCoinMinerCode:
ATTFilter Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by SYSTEM at 2014-09-24 15:33:21
Running from f:\
Boot Mode: Recovery
================== Search Files: "svhost.exe" =============
====== End Of Search ======
Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by SYSTEM at 2014-09-24 15:33:07 Run:3
Running from f:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
C:\Users\Shu\AppData\Roaming\Microsoft\svhost.exe
C:\Users\Shu\AppData\Roaming\Microsoft\IE10\svhost.exe
*****************
C:\Users\Shu\AppData\Roaming\Microsoft\svhost.exe => Moved successfully.
C:\Users\Shu\AppData\Roaming\Microsoft\IE10\svhost.exe => Moved successfully.
==== End of Fixlog ====
|
|
25.09.2014, 08:50
| #30 |
| /// the machine /// TB-Ausbilder | Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner Neue Dateisuche in der Recovery bitte. Dann noch ein Scanlog mit FRST vom Desktop aus. Bestehen noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
