Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne

Mülltonne: 2x | Malware bei Facebook

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 09.07.2015, 09:48   #1
susi16
 
2x | Malware bei Facebook - Standard

2x | Malware bei Facebook



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015
Ran by Rijo (administrator) on BÜCHER-PC on 09-07-2015 09:55:13
Running from C:\Users\Rijo\Desktop
Loaded Profiles: Rijo (Available Profiles: Rijo & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.7.0.11\n360.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.7.0.11\n360.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.7.0.11\coNatHst.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1150976 2009-01-19] (Brother Industries, Ltd.)
HKU\S-1-5-21-2435575737-2959328486-3478796703-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6405912 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-2435575737-2959328486-3478796703-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2435575737-2959328486-3478796703-1000 -> {52C652A9-EF35-4469-9B14-FD27F5A40C87} URL = https://www.google.com/search?q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-19] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-19] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2435575737-2959328486-3478796703-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\..\Interfaces\{8FA4F53C-3552-4666-882D-06F5AA1831E1}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-19] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-06-28]
FF Extension: NASA Night Launch - C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default\Extensions\nasanightlaunch@example.com.xpi [2014-11-06]
FF Extension: NoScript - C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-06]
FF Extension: FXChrome - C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2014-11-06]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn [2015-07-09]
FF Extension: No Name - C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default\extensions\sweetsearch@gmail.com [not found]
FF Extension: No Name - C:\Users\Rijo\AppData\Roaming\Mozilla\Firefox\Profiles\y5p5duzu.default\extensions\iobitascsurfingprotection@iobit.com [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR Profile: C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Brushed) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2015-07-09]
CHR Extension: (Adblock Plus) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-30]
CHR Extension: (AdBlock) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-30]
CHR Extension: (Norton Identity Safe) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-26]
CHR Extension: (GPS Tracking Application) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiopjmhfcjjclkkkoanfenmofekjlebf [2015-07-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-30]
CHR Extension: (Messenger (Unofficial)) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2015-06-30]
CHR Extension: (Norton Security Toolbar) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-07-09]
CHR Extension: (Google Wallet) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-10]
CHR Extension: (Simple FB Messenger) - C:\Users\Rijo\AppData\Local\Google\Chrome\User Data\Default\Extensions\omjfcpmgchkdbfhpgboehgknlhnhhnnh [2015-06-30]
CHR HKLM\...\Chrome\Extension: [eblihieomkjeiobglmnbmidkajdcfkpa] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-06-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [176128 2011-04-19] () [File not signed]
S4 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2015-04-20] (Fork, Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\21.7.0.11\N360.exe [265000 2015-03-07] (Symantec Corporation)
S4 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S4 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
S4 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-02-12] (Enigma Software Group USA, LLC.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed]
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20150706.001\BHDrvx86.sys [1181424 2015-06-25] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1507000.00B\ccSetx86.sys [127064 2014-02-21] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-06-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [122192 2015-06-28] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-02-12] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-02-12] ()
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed]
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20150708.001\IDSvix86.sys [523512 2015-06-26] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20150708.005\NAVENG.SYS [104440 2015-07-07] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20150708.005\NAVEX15.SYS [1645432 2015-07-07] (Symantec Corporation)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1507000.00B\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1507000.00B\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1507000.00B\SYMDS.SYS [367704 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1507000.00B\SYMEFA.SYS [936152 2014-08-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2015-06-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1507000.00B\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1507000.00B\SYMTDIV.SYS [384728 2014-08-26] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SipIMNDI; system32\DRIVERS\SipIMNDI.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 09:55 - 2015-07-09 09:55 - 00016190 _____ C:\Users\Rijo\Desktop\FRST.txt
2015-07-09 09:54 - 2015-07-09 09:55 - 00000000 ____D C:\FRST
2015-07-09 09:52 - 2015-07-09 09:52 - 01636352 _____ (Farbar) C:\Users\Rijo\Desktop\frst.exe
2015-07-09 01:28 - 2015-03-24 00:17 - 00111368 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp32.sys
2015-07-08 21:40 - 2015-07-09 09:37 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-08 21:36 - 2015-07-08 21:36 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Rijo\Downloads\malwarebytes.exe
2015-07-08 21:36 - 2015-07-08 21:36 - 00000899 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-08 21:36 - 2015-07-08 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-07-08 21:36 - 2015-07-08 21:36 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware
2015-07-08 21:36 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-08 21:36 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-08 21:36 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-08 12:42 - 2015-07-08 12:42 - 00000000 ____D C:\Users\Rijo\AppData\Local\F-Secure
2015-07-08 01:59 - 2015-07-08 22:52 - 00000000 ____D C:\Users\Rijo\Desktop\Schwanenkind Werbung
2015-07-08 01:58 - 2015-07-08 01:58 - 00033408 _____ C:\Users\Rijo\AppData\Local\recently-used.xbel
2015-07-03 07:47 - 2015-07-03 07:47 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\ProductData
2015-07-02 05:26 - 2015-07-02 05:25 - 00001974 _____ C:\Users\Rijo\Desktop\Kaspersky Anti-Virus.lnk
2015-07-02 00:16 - 2015-07-02 00:17 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\IObit
2015-07-02 00:16 - 2015-07-02 00:17 - 00000000 ____D C:\ProgramData\IObit
2015-07-02 00:16 - 2015-07-02 00:16 - 00000000 ____D C:\Program Files\IObit
2015-06-30 11:47 - 2015-06-30 11:47 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\dlg
2015-06-30 11:38 - 2015-06-30 11:38 - 00517568 _____ ( ) C:\Users\Rijo\Downloads\ms-windows-tool-zum-entfernen-boesartiger-software-5.24-setup.exe
2015-06-30 09:56 - 2015-07-08 10:15 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-30 09:17 - 2015-06-30 09:17 - 00000000 ____D C:\ProgramData\Emsisoft
2015-06-30 08:35 - 2015-07-09 09:36 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-06-30 08:33 - 2015-06-30 08:34 - 163617512 _____ (Emsisoft Ltd. ) C:\Users\Rijo\Downloads\EmsisoftAntiMalwareSetup_10.0.0.5366.exe
2015-06-28 19:02 - 2015-06-28 19:04 - 06565736 _____ (Piriform Ltd) C:\Users\Rijo\Downloads\ccsetup507.exe
2015-06-28 16:26 - 2015-06-28 16:28 - 00279552 _____ C:\Users\Rijo\Documents\Barbara Costa.ppt
2015-06-28 13:51 - 2015-06-28 13:51 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2015-06-28 13:51 - 2015-06-28 13:51 - 00008194 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2015-06-28 13:51 - 2015-06-28 13:51 - 00002050 _____ C:\Users\Rijo\Downloads\Norton 360 (2).lnk
2015-06-28 13:50 - 2015-06-30 07:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-06-28 13:50 - 2015-06-30 07:43 - 00000000 ____D C:\Windows\system32\Drivers\N360
2015-06-28 13:50 - 2015-06-28 13:50 - 00000000 ____D C:\Program Files\Norton 360
2015-06-28 13:39 - 2015-06-28 13:46 - 191136136 _____ (Symantec Corporation) C:\Users\Rijo\Downloads\norton_360_setup (3).exe
2015-06-28 12:56 - 2015-06-28 13:03 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-06-28 12:55 - 2015-06-28 12:55 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-06-26 11:28 - 2015-06-26 11:28 - 01387520 _____ C:\Users\Rijo\Documents\Hörnchen Reihe.ppt
2015-06-23 22:49 - 2015-06-23 22:49 - 00243592 _____ C:\Users\Rijo\Downloads\Firefox Setup Stub 38.0.5.exe
2015-06-22 08:52 - 2015-06-28 23:54 - 00000000 ____D C:\Users\Rijo\Desktop\Daggi neu für Janette
2015-06-18 07:12 - 2015-06-18 07:12 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-12 17:27 - 2015-06-12 17:27 - 00000000 ____D C:\Users\Rijo\{988e4c9b-05d4-49e6-bff6-6eb6db3f887a}
2015-06-12 17:27 - 2015-06-12 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver 1.0
2015-06-12 17:27 - 2015-06-12 17:27 - 00000000 ____D C:\Driver 1.0

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 09:46 - 2014-09-02 19:25 - 00000000 ____D C:\Users\Rijo\Desktop\Werbesprüche und anderes
2015-07-09 09:44 - 2014-07-21 10:55 - 00000000 ____D C:\Users\Rijo\Desktop\Püppi Grüße
2015-07-09 09:40 - 2006-11-02 14:52 - 01524486 _____ C:\Windows\WindowsUpdate.log
2015-07-09 09:37 - 2014-05-10 15:19 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-09 09:37 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-09 09:37 - 2006-11-02 14:47 - 00004448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-09 09:37 - 2006-11-02 14:47 - 00004448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-09 09:36 - 2006-11-02 15:01 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-09 01:08 - 2014-05-10 15:19 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-09 01:05 - 2014-05-11 07:56 - 01798608 _____ C:\Windows\PFRO.log
2015-07-09 01:02 - 2014-05-15 03:25 - 00000000 ____D C:\AdwCleaner
2015-07-09 00:14 - 2014-05-10 21:03 - 00000000 ____D C:\Program Files\CCleaner
2015-07-08 22:40 - 2006-11-02 12:33 - 01559094 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-08 14:48 - 2014-05-10 16:14 - 00000824 _____ C:\Users\Rijo\AppData\Roaming\wklnhst.dat
2015-07-08 14:47 - 2014-11-29 18:47 - 00040960 _____ C:\Users\Rijo\Desktop\Haushalt 2015.xlr
2015-07-08 13:06 - 2014-11-05 20:51 - 00000000 ____D C:\ProgramData\F-Secure
2015-07-08 08:28 - 2014-05-10 13:58 - 00000000 ____D C:\Users\Rijo
2015-07-08 05:44 - 2014-05-10 17:39 - 00000000 ____D C:\Users\Rijo\Desktop\Arbeitsprogramme
2015-07-08 03:19 - 2015-01-19 17:55 - 00000000 ____D C:\Users\Rijo\Desktop\Hinweisschilder mit Püppi
2015-07-08 01:59 - 2014-05-10 21:48 - 00000000 ____D C:\Users\Rijo\.gimp-2.8
2015-07-08 01:58 - 2014-05-10 21:52 - 00000000 ____D C:\Users\Rijo\AppData\Local\gtk-2.0
2015-07-07 23:34 - 2014-05-11 09:40 - 00000000 ____D C:\Program Files\SpeedFan
2015-07-07 16:28 - 2014-05-10 17:42 - 00124928 _____ C:\Users\Rijo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-06 14:27 - 2014-06-24 10:03 - 00000000 ____D C:\Users\Rijo\Documents\My Kindle Content
2015-07-06 03:41 - 2014-08-16 19:32 - 00000000 ____D C:\Program Files\PDF24
2015-07-05 22:37 - 2014-05-10 17:44 - 00000000 ___RD C:\Users\Rijo\Desktop\Johann
2015-07-05 19:47 - 2014-05-10 17:49 - 00000000 ___RD C:\Users\Rijo\Desktop\Fertige Bücher
2015-07-05 19:42 - 2014-05-10 17:47 - 00000000 ___RD C:\Users\Rijo\Desktop\gemischte programme
2015-07-05 03:07 - 2014-05-11 16:10 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\Skype
2015-07-05 00:32 - 2014-06-09 17:44 - 00000000 ____D C:\Users\Rijo\AppData\Local\CrashDumps
2015-07-02 09:44 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2015-07-02 05:26 - 2014-05-10 18:24 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-07-02 00:16 - 2014-06-21 08:51 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\Apple Computer
2015-07-01 13:15 - 2014-05-10 17:39 - 00000000 ___RD C:\Users\Rijo\Desktop\Rita
2015-06-30 18:27 - 2014-05-10 19:37 - 00034304 _____ C:\Users\Rijo\Desktop\gas 2006-2015.xlr
2015-06-30 10:25 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2015-06-28 19:09 - 2014-05-10 21:03 - 00000804 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-28 13:53 - 2014-05-10 18:35 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-06-28 13:50 - 2014-05-10 19:12 - 00000000 ____D C:\ProgramData\Norton
2015-06-27 00:30 - 2014-05-26 11:53 - 00000000 ____D C:\Users\Rijo\AppData\Local\NPE
2015-06-27 00:26 - 2014-05-26 11:56 - 00000000 ____D C:\NPE
2015-06-26 19:00 - 2015-05-28 08:28 - 00000000 ____D C:\Users\Rijo\Desktop\Alle wichtigen Ordner
2015-06-25 09:25 - 2015-04-03 08:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2015-06-22 06:49 - 2015-05-01 10:49 - 00000000 ____D C:\Program Files\Formatierungstool
2015-06-15 23:38 - 2015-01-01 14:31 - 00000000 ____D C:\Users\Rijo\AppData\Roaming\PhotoScape
2015-06-15 13:09 - 2015-01-01 14:36 - 00000000 ____D C:\output
2015-06-15 13:08 - 2015-01-01 14:32 - 00024576 ____H C:\Users\Rijo\Desktop\photothumb.db
2015-06-13 21:07 - 2014-05-11 13:28 - 00028581 _____ C:\Windows\setupact.log

==================== Files in the root of some directories =======

2014-05-10 19:18 - 2014-05-10 19:18 - 0024206 _____ () C:\Users\Rijo\AppData\Roaming\UserTile.png
2014-11-08 22:43 - 2014-11-24 06:43 - 0000163 _____ () C:\Users\Rijo\AppData\Roaming\WB.CFG
2014-05-10 16:14 - 2015-07-08 14:48 - 0000824 _____ () C:\Users\Rijo\AppData\Roaming\wklnhst.dat
2014-05-10 13:58 - 2015-02-13 10:02 - 0001356 _____ () C:\Users\Rijo\AppData\Local\d3d9caps.dat
2014-05-10 17:42 - 2015-07-07 16:28 - 0124928 _____ () C:\Users\Rijo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-10 12:43 - 2014-11-22 10:43 - 0000001 _____ () C:\Users\Rijo\AppData\Local\DSI.DAT
2014-07-24 12:23 - 2014-07-24 12:23 - 0000292 _____ () C:\Users\Rijo\AppData\Local\HamsterBookConverter.cfg
2014-12-11 09:05 - 2014-12-11 09:05 - 0004096 ____H () C:\Users\Rijo\AppData\Local\keyfile3.drm
2015-07-08 01:58 - 2015-07-08 01:58 - 0033408 _____ () C:\Users\Rijo\AppData\Local\recently-used.xbel
2014-09-30 23:10 - 2014-09-30 23:10 - 0000000 _____ () C:\Users\Rijo\AppData\Local\{3854974C-D01A-4F55-B4A7-ABAAE1A01FC5}
2014-05-10 17:01 - 2014-08-24 13:47 - 0034800 _____ () C:\ProgramData\nvModes.001
2014-05-10 17:01 - 2014-08-24 13:47 - 0034800 _____ () C:\ProgramData\nvModes.dat

Some files in TEMP:
====================
C:\Users\Rijo\AppData\Local\Temp\Quarantine.exe
C:\Users\Rijo\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-09 09:42

==================== End of log ============================

Alt 09.07.2015, 09:51   #2
Warlord711
/// TB-Ausbilder
 
2x | Malware bei Facebook - Standard

2x | Malware bei Facebook



Doppelposting !

Bitte in http://www.trojaner-board.de/168557-...-facebook.html weitermachen !
__________________

__________________

 

Themen zu 2x | Malware bei Facebook
administrator, adobe, browser, ccsetup, defender, esgscanner.sys, explorer, explorer.exe, google, helper, home, kaspersky, launch, malware, malwarebytes, mozilla, neu, nvidia, registry, security, services.exe, software, svchost.exe, symantec, system, temp, windows, winlogon.exe



Ähnliche Themen: 2x | Malware bei Facebook


  1. Malware bei Facebook
    Plagegeister aller Art und deren Bekämpfung - 16.07.2015 (17)
  2. Malware bei Facebook
    Log-Analyse und Auswertung - 09.07.2015 (6)
  3. Malware bei Facebook
    Log-Analyse und Auswertung - 09.07.2015 (1)
  4. Malware bei Facebook
    Mülltonne - 09.07.2015 (1)
  5. Malware bei Facebook
    Plagegeister aller Art und deren Bekämpfung - 09.07.2015 (1)
  6. Facebook bereinigt zwei Millionen Computer von Malware
    Nachrichten - 24.06.2015 (0)
  7. Facebook: "Dein Computer muss gereinigt werden" (Virus/Malware?)
    Plagegeister aller Art und deren Bekämpfung - 12.11.2014 (11)
  8. Facebook-Malware, brwlrg113.z
    Plagegeister aller Art und deren Bekämpfung - 28.06.2014 (18)
  9. Malware über Facebook-PN?
    Smartphone, Tablet & Handy Security - 08.05.2014 (1)
  10. Facebook geperrt: Malware oder Trojaner verlangt Kreditkartenangaben zur Entsperrung des Accounts
    Plagegeister aller Art und deren Bekämpfung - 17.07.2013 (15)
  11. Facebook spielt verrückt; Malware ?
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (1)
  12. Facebook Malware durch: http://www.offisense.co.il/lang/images.php?facebookimage=...6704
    Plagegeister aller Art und deren Bekämpfung - 29.11.2011 (3)
  13. Facebook-Trojaner: vinamost.net/images/facebook/get.php?image=IMG39348819.JPG
    Log-Analyse und Auswertung - 21.11.2011 (42)
  14. Facebook Malware, Antivieren-Programme finden nichts - Wie werde ich sie los?
    Log-Analyse und Auswertung - 21.11.2011 (16)
  15. Facebook Trojaner runtergeladen und Antivir findet andauernd neue Malware
    Plagegeister aller Art und deren Bekämpfung - 01.11.2011 (18)
  16. Zuerst Facebook-Virus-Neu aufgesetzt,cpu Auslastung 100%,bei Facebook-Games extrem lahm!
    Log-Analyse und Auswertung - 03.02.2011 (11)
  17. Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php
    Plagegeister aller Art und deren Bekämpfung - 27.08.2010 (6)

Zum Thema 2x | Malware bei Facebook - Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015 Ran by Rijo (administrator) on BÜCHER-PC on 09-07-2015 09:55:13 Running from C:\Users\Rijo\Desktop Loaded Profiles: Rijo (Available Profiles: Rijo & - 2x | Malware bei Facebook...
Archiv
Du betrachtest: 2x | Malware bei Facebook auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.