Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker

cosinus · 21.01.2014, 16:31

Rechner neu starten und wieder frisches Log mit FRST machen

cripo · 21.01.2014, 16:48

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by cripo (administrator) on CRIPO-PC on 21-01-2014 16:46:38
Running from C:\Users\cripo\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415752 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2093064 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4195848 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [ASRockXTU] - [x]
HKCU\...\Run: [zASRockInstantBoot] - [x]
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-03-10] ()
HKCU\...\Run: [Mozilla] - wscript.exe //B "C:\Users\cripo\AppData\Roaming\Mozilla.vbs"
MountPoints2: {0a815ac9-0e2d-11e1-b280-806e6f6e6963} - E:\SETUP.EXE

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD9148EB154EFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-12-08] ()

==================== Drivers (Whitelisted) ====================

R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-25] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2011-11-13] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2011-11-13] (FNet Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-21 15:52 - 2014-01-21 11:43 - 02077184 _____ (Farbar) C:\Users\cripo\Desktop\FRST64.exe
2014-01-21 14:58 - 2014-01-21 16:46 - 00010784 _____ C:\Users\cripo\Desktop\FRST.txt
2014-01-21 14:56 - 2014-01-21 14:56 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64(1).exe
2014-01-21 14:53 - 2014-01-21 14:53 - 00000891 _____ C:\Users\cripo\Desktop\JRT.txt
2014-01-21 14:49 - 2014-01-21 14:49 - 01037068 _____ (Thisisu) C:\Users\cripo\Desktop\JRT.exe
2014-01-21 14:49 - 2014-01-21 14:49 - 00000000 ____D C:\Windows\ERUNT
2014-01-21 14:48 - 2014-01-21 14:48 - 00001755 _____ C:\Users\cripo\Desktop\AdwCleaner[S0].txt
2014-01-21 14:38 - 2014-01-21 14:45 - 00000000 ____D C:\AdwCleaner
2014-01-21 14:37 - 2014-01-21 14:37 - 01236282 _____ C:\Users\cripo\Downloads\adwcleaner.exe
2014-01-21 13:54 - 2014-01-21 14:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-21 13:53 - 2014-01-21 14:08 - 00000000 ____D C:\Users\cripo\Desktop\mbar
2014-01-21 13:53 - 2014-01-21 13:53 - 12582688 _____ (Malwarebytes Corp.) C:\Users\cripo\Downloads\mbar-1.07.0.1008.exe
2014-01-21 13:03 - 2014-01-21 13:03 - 00476232 _____ C:\Windows\Minidump\012114-18891-01.dmp
2014-01-21 11:46 - 2014-01-21 11:46 - 00028610 _____ C:\Users\cripo\Downloads\Addition.txt
2014-01-21 11:45 - 2014-01-21 14:57 - 00024490 _____ C:\Users\cripo\Downloads\FRST.txt
2014-01-21 11:45 - 2014-01-21 11:45 - 00000000 ____D C:\FRST
2014-01-21 11:43 - 2014-01-21 11:43 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64.exe
2014-01-21 11:42 - 2014-01-21 11:42 - 00000472 _____ C:\Users\cripo\Downloads\defogger_disable.log
2014-01-21 11:42 - 2014-01-21 11:42 - 00000000 _____ C:\Users\cripo\defogger_reenable
2014-01-21 11:41 - 2014-01-21 11:42 - 00050477 _____ C:\Users\cripo\Downloads\Defogger.exe
2014-01-21 11:10 - 2014-01-21 13:54 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-21 11:10 - 2014-01-21 13:53 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-21 11:10 - 2014-01-21 11:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-20 19:19 - 2014-01-20 20:53 - 00019674 _____ C:\Users\cripo\Documents\Snow 1.wlmp
2014-01-20 16:57 - 2014-01-20 16:57 - 00002176 _____ C:\Users\cripo\Desktop\Wirtschaft PU.lnk
2014-01-19 19:37 - 2014-01-19 19:37 - 00001536 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-01-19 19:35 - 2014-01-19 19:36 - 34083424 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\cripo\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-19 15:40 - 2014-01-19 15:44 - 00013401 _____ C:\Users\cripo\Desktop\Noten WEH1A.xlsx
2014-01-19 12:20 - 2014-01-19 12:20 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 12:20 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-19 12:20 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-19 12:20 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-19 12:20 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-16 17:49 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 17:49 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 17:49 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-07 10:31 - 2014-01-07 10:31 - 00001391 _____ C:\Users\cripo\Desktop\Sport PU.lnk
2014-01-05 12:17 - 2014-01-05 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-21 16:47 - 2013-03-10 17:39 - 00000000 ____D C:\Users\cripo\AppData\Local\PMB Files
2014-01-21 16:46 - 2014-01-21 14:58 - 00010784 _____ C:\Users\cripo\Desktop\FRST.txt
2014-01-21 16:46 - 2013-06-30 12:39 - 00000000 ____D C:\Users\cripo\AppData\Local\LogMeIn Hamachi
2014-01-21 16:44 - 2011-11-13 20:26 - 01053064 _____ C:\Windows\WindowsUpdate.log
2014-01-21 16:41 - 2011-11-13 21:18 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-21 16:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 16:41 - 2009-07-14 05:51 - 00043384 _____ C:\Windows\setupact.log
2014-01-21 16:31 - 2012-03-29 07:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 15:52 - 2011-11-13 20:31 - 00000000 ___RD C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-21 14:57 - 2014-01-21 11:45 - 00024490 _____ C:\Users\cripo\Downloads\FRST.txt
2014-01-21 14:56 - 2014-01-21 14:56 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64(1).exe
2014-01-21 14:54 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 14:54 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 14:53 - 2014-01-21 14:53 - 00000891 _____ C:\Users\cripo\Desktop\JRT.txt
2014-01-21 14:49 - 2014-01-21 14:49 - 01037068 _____ (Thisisu) C:\Users\cripo\Desktop\JRT.exe
2014-01-21 14:49 - 2014-01-21 14:49 - 00000000 ____D C:\Windows\ERUNT
2014-01-21 14:48 - 2014-01-21 14:48 - 00001755 _____ C:\Users\cripo\Desktop\AdwCleaner[S0].txt
2014-01-21 14:45 - 2014-01-21 14:38 - 00000000 ____D C:\AdwCleaner
2014-01-21 14:37 - 2014-01-21 14:37 - 01236282 _____ C:\Users\cripo\Downloads\adwcleaner.exe
2014-01-21 14:08 - 2014-01-21 13:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-21 14:08 - 2014-01-21 13:53 - 00000000 ____D C:\Users\cripo\Desktop\mbar
2014-01-21 13:54 - 2014-01-21 11:10 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-21 13:53 - 2014-01-21 13:53 - 12582688 _____ (Malwarebytes Corp.) C:\Users\cripo\Downloads\mbar-1.07.0.1008.exe
2014-01-21 13:53 - 2014-01-21 11:10 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-21 13:03 - 2014-01-21 13:03 - 00476232 _____ C:\Windows\Minidump\012114-18891-01.dmp
2014-01-21 13:03 - 2012-06-10 20:21 - 948444393 _____ C:\Windows\MEMORY.DMP
2014-01-21 13:03 - 2012-06-10 20:21 - 00000000 ____D C:\Windows\Minidump
2014-01-21 11:46 - 2014-01-21 11:46 - 00028610 _____ C:\Users\cripo\Downloads\Addition.txt
2014-01-21 11:45 - 2014-01-21 11:45 - 00000000 ____D C:\FRST
2014-01-21 11:43 - 2014-01-21 15:52 - 02077184 _____ (Farbar) C:\Users\cripo\Desktop\FRST64.exe
2014-01-21 11:43 - 2014-01-21 11:43 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64.exe
2014-01-21 11:42 - 2014-01-21 11:42 - 00000472 _____ C:\Users\cripo\Downloads\defogger_disable.log
2014-01-21 11:42 - 2014-01-21 11:42 - 00000000 _____ C:\Users\cripo\defogger_reenable
2014-01-21 11:42 - 2014-01-21 11:41 - 00050477 _____ C:\Users\cripo\Downloads\Defogger.exe
2014-01-21 11:42 - 2011-11-13 20:31 - 00000000 ____D C:\Users\cripo
2014-01-21 11:24 - 2011-04-12 08:55 - 00000000 ____D C:\Windows\CSC
2014-01-21 11:24 - 2010-11-21 04:47 - 00191394 _____ C:\Windows\PFRO.log
2014-01-21 11:10 - 2014-01-21 11:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 09:48 - 2011-04-12 08:43 - 00696832 _____ C:\Windows\system32\perfh007.dat
2014-01-21 09:48 - 2011-04-12 08:43 - 00148128 _____ C:\Windows\system32\perfc007.dat
2014-01-21 09:48 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 20:53 - 2014-01-20 19:19 - 00019674 _____ C:\Users\cripo\Documents\Snow 1.wlmp
2014-01-20 18:50 - 2012-10-09 17:32 - 00000000 ____D C:\Users\cripo\AppData\Local\Windows Live
2014-01-20 16:57 - 2014-01-20 16:57 - 00002176 _____ C:\Users\cripo\Desktop\Wirtschaft PU.lnk
2014-01-20 14:01 - 2011-11-15 18:24 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-20 12:49 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-19 19:37 - 2014-01-19 19:37 - 00001536 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-01-19 19:37 - 2013-03-13 18:42 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2014-01-19 19:37 - 2011-11-25 14:08 - 00000000 ____D C:\Users\cripo\AppData\Roaming\DVDVideoSoft
2014-01-19 19:36 - 2014-01-19 19:35 - 34083424 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\cripo\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-19 15:44 - 2014-01-19 15:40 - 00013401 _____ C:\Users\cripo\Desktop\Noten WEH1A.xlsx
2014-01-19 12:20 - 2014-01-19 12:20 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 12:20 - 2013-10-17 15:24 - 00000000 ____D C:\ProgramData\Oracle
2014-01-19 12:20 - 2013-06-25 06:42 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-19 12:10 - 2009-07-14 05:45 - 00418800 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 21:09 - 2011-11-13 21:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 21:08 - 2013-08-14 20:45 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 21:06 - 2011-11-13 22:57 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-09 19:53 - 2012-11-07 16:54 - 00000000 ___RD C:\Users\cripo\Dropbox
2014-01-09 19:51 - 2012-11-07 16:50 - 00000000 ____D C:\Users\cripo\AppData\Roaming\Dropbox
2014-01-07 13:06 - 2012-11-07 16:51 - 00000000 ____D C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-07 10:31 - 2014-01-07 10:31 - 00001391 _____ C:\Users\cripo\Desktop\Sport PU.lnk
2014-01-07 09:50 - 2013-11-09 17:29 - 00000000 ____D C:\ProgramData\Skype
2014-01-07 09:50 - 2012-02-13 21:25 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-06 18:09 - 2012-07-25 13:26 - 00000000 ____D C:\Users\cripo\AppData\Local\2K Games
2014-01-06 13:04 - 2012-05-07 16:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-05 12:17 - 2014-01-05 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\cripo\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 21:01

==================== End Of Log ============================

--- --- ---

21.01.2014, 16:31	#1
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker Rechner neu starten und wieder frisches Log mit FRST machen __________________ Logfiles bitte immer in CODE-Tags posten

Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker

Log-Analyse und Auswertung: Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker

Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker

Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker

Ähnliche Themen: Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker