Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker (https://www.trojaner-board.de/148344-nur-noch-verknuepfungen-usb-stick-trojaner-banker.html)

cosinus 21.01.2014 16:31
Rechner neu starten und wieder frisches Log mit FRST machen

cripo 21.01.2014 16:48

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by cripo (administrator) on CRIPO-PC on 21-01-2014 16:46:38
Running from C:\Users\cripo\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415752 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2093064 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4195848 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [ASRockXTU] - [x]
HKCU\...\Run: [zASRockInstantBoot] - [x]
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-03-10] ()
HKCU\...\Run: [Mozilla] - wscript.exe //B "C:\Users\cripo\AppData\Roaming\Mozilla.vbs"
MountPoints2: {0a815ac9-0e2d-11e1-b280-806e6f6e6963} - E:\SETUP.EXE

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD9148EB154EFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-12-08] ()

==================== Drivers (Whitelisted) ====================

R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-25] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2011-11-13] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2011-11-13] (FNet Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-21 15:52 - 2014-01-21 11:43 - 02077184 _____ (Farbar) C:\Users\cripo\Desktop\FRST64.exe
2014-01-21 14:58 - 2014-01-21 16:46 - 00010784 _____ C:\Users\cripo\Desktop\FRST.txt
2014-01-21 14:56 - 2014-01-21 14:56 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64(1).exe
2014-01-21 14:53 - 2014-01-21 14:53 - 00000891 _____ C:\Users\cripo\Desktop\JRT.txt
2014-01-21 14:49 - 2014-01-21 14:49 - 01037068 _____ (Thisisu) C:\Users\cripo\Desktop\JRT.exe
2014-01-21 14:49 - 2014-01-21 14:49 - 00000000 ____D C:\Windows\ERUNT
2014-01-21 14:48 - 2014-01-21 14:48 - 00001755 _____ C:\Users\cripo\Desktop\AdwCleaner[S0].txt
2014-01-21 14:38 - 2014-01-21 14:45 - 00000000 ____D C:\AdwCleaner
2014-01-21 14:37 - 2014-01-21 14:37 - 01236282 _____ C:\Users\cripo\Downloads\adwcleaner.exe
2014-01-21 13:54 - 2014-01-21 14:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-21 13:53 - 2014-01-21 14:08 - 00000000 ____D C:\Users\cripo\Desktop\mbar
2014-01-21 13:53 - 2014-01-21 13:53 - 12582688 _____ (Malwarebytes Corp.) C:\Users\cripo\Downloads\mbar-1.07.0.1008.exe
2014-01-21 13:03 - 2014-01-21 13:03 - 00476232 _____ C:\Windows\Minidump\012114-18891-01.dmp
2014-01-21 11:46 - 2014-01-21 11:46 - 00028610 _____ C:\Users\cripo\Downloads\Addition.txt
2014-01-21 11:45 - 2014-01-21 14:57 - 00024490 _____ C:\Users\cripo\Downloads\FRST.txt
2014-01-21 11:45 - 2014-01-21 11:45 - 00000000 ____D C:\FRST
2014-01-21 11:43 - 2014-01-21 11:43 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64.exe
2014-01-21 11:42 - 2014-01-21 11:42 - 00000472 _____ C:\Users\cripo\Downloads\defogger_disable.log
2014-01-21 11:42 - 2014-01-21 11:42 - 00000000 _____ C:\Users\cripo\defogger_reenable
2014-01-21 11:41 - 2014-01-21 11:42 - 00050477 _____ C:\Users\cripo\Downloads\Defogger.exe
2014-01-21 11:10 - 2014-01-21 13:54 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-21 11:10 - 2014-01-21 13:53 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-21 11:10 - 2014-01-21 11:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-20 19:19 - 2014-01-20 20:53 - 00019674 _____ C:\Users\cripo\Documents\Snow 1.wlmp
2014-01-20 16:57 - 2014-01-20 16:57 - 00002176 _____ C:\Users\cripo\Desktop\Wirtschaft PU.lnk
2014-01-19 19:37 - 2014-01-19 19:37 - 00001536 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-01-19 19:35 - 2014-01-19 19:36 - 34083424 _____ (DVDVideoSoft Ltd.                                          ) C:\Users\cripo\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-19 15:40 - 2014-01-19 15:44 - 00013401 _____ C:\Users\cripo\Desktop\Noten WEH1A.xlsx
2014-01-19 12:20 - 2014-01-19 12:20 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 12:20 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-19 12:20 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-19 12:20 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-19 12:20 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-16 17:49 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 17:49 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 17:49 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-07 10:31 - 2014-01-07 10:31 - 00001391 _____ C:\Users\cripo\Desktop\Sport PU.lnk
2014-01-05 12:17 - 2014-01-05 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-21 16:47 - 2013-03-10 17:39 - 00000000 ____D C:\Users\cripo\AppData\Local\PMB Files
2014-01-21 16:46 - 2014-01-21 14:58 - 00010784 _____ C:\Users\cripo\Desktop\FRST.txt
2014-01-21 16:46 - 2013-06-30 12:39 - 00000000 ____D C:\Users\cripo\AppData\Local\LogMeIn Hamachi
2014-01-21 16:44 - 2011-11-13 20:26 - 01053064 _____ C:\Windows\WindowsUpdate.log
2014-01-21 16:41 - 2011-11-13 21:18 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-21 16:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 16:41 - 2009-07-14 05:51 - 00043384 _____ C:\Windows\setupact.log
2014-01-21 16:31 - 2012-03-29 07:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 15:52 - 2011-11-13 20:31 - 00000000 ___RD C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-21 14:57 - 2014-01-21 11:45 - 00024490 _____ C:\Users\cripo\Downloads\FRST.txt
2014-01-21 14:56 - 2014-01-21 14:56 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64(1).exe
2014-01-21 14:54 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 14:54 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 14:53 - 2014-01-21 14:53 - 00000891 _____ C:\Users\cripo\Desktop\JRT.txt
2014-01-21 14:49 - 2014-01-21 14:49 - 01037068 _____ (Thisisu) C:\Users\cripo\Desktop\JRT.exe
2014-01-21 14:49 - 2014-01-21 14:49 - 00000000 ____D C:\Windows\ERUNT
2014-01-21 14:48 - 2014-01-21 14:48 - 00001755 _____ C:\Users\cripo\Desktop\AdwCleaner[S0].txt
2014-01-21 14:45 - 2014-01-21 14:38 - 00000000 ____D C:\AdwCleaner
2014-01-21 14:37 - 2014-01-21 14:37 - 01236282 _____ C:\Users\cripo\Downloads\adwcleaner.exe
2014-01-21 14:08 - 2014-01-21 13:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-21 14:08 - 2014-01-21 13:53 - 00000000 ____D C:\Users\cripo\Desktop\mbar
2014-01-21 13:54 - 2014-01-21 11:10 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-21 13:53 - 2014-01-21 13:53 - 12582688 _____ (Malwarebytes Corp.) C:\Users\cripo\Downloads\mbar-1.07.0.1008.exe
2014-01-21 13:53 - 2014-01-21 11:10 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-21 13:03 - 2014-01-21 13:03 - 00476232 _____ C:\Windows\Minidump\012114-18891-01.dmp
2014-01-21 13:03 - 2012-06-10 20:21 - 948444393 _____ C:\Windows\MEMORY.DMP
2014-01-21 13:03 - 2012-06-10 20:21 - 00000000 ____D C:\Windows\Minidump
2014-01-21 11:46 - 2014-01-21 11:46 - 00028610 _____ C:\Users\cripo\Downloads\Addition.txt
2014-01-21 11:45 - 2014-01-21 11:45 - 00000000 ____D C:\FRST
2014-01-21 11:43 - 2014-01-21 15:52 - 02077184 _____ (Farbar) C:\Users\cripo\Desktop\FRST64.exe
2014-01-21 11:43 - 2014-01-21 11:43 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64.exe
2014-01-21 11:42 - 2014-01-21 11:42 - 00000472 _____ C:\Users\cripo\Downloads\defogger_disable.log
2014-01-21 11:42 - 2014-01-21 11:42 - 00000000 _____ C:\Users\cripo\defogger_reenable
2014-01-21 11:42 - 2014-01-21 11:41 - 00050477 _____ C:\Users\cripo\Downloads\Defogger.exe
2014-01-21 11:42 - 2011-11-13 20:31 - 00000000 ____D C:\Users\cripo
2014-01-21 11:24 - 2011-04-12 08:55 - 00000000 ____D C:\Windows\CSC
2014-01-21 11:24 - 2010-11-21 04:47 - 00191394 _____ C:\Windows\PFRO.log
2014-01-21 11:10 - 2014-01-21 11:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 09:48 - 2011-04-12 08:43 - 00696832 _____ C:\Windows\system32\perfh007.dat
2014-01-21 09:48 - 2011-04-12 08:43 - 00148128 _____ C:\Windows\system32\perfc007.dat
2014-01-21 09:48 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 20:53 - 2014-01-20 19:19 - 00019674 _____ C:\Users\cripo\Documents\Snow 1.wlmp
2014-01-20 18:50 - 2012-10-09 17:32 - 00000000 ____D C:\Users\cripo\AppData\Local\Windows Live
2014-01-20 16:57 - 2014-01-20 16:57 - 00002176 _____ C:\Users\cripo\Desktop\Wirtschaft PU.lnk
2014-01-20 14:01 - 2011-11-15 18:24 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-20 12:49 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-19 19:37 - 2014-01-19 19:37 - 00001536 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-01-19 19:37 - 2013-03-13 18:42 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2014-01-19 19:37 - 2011-11-25 14:08 - 00000000 ____D C:\Users\cripo\AppData\Roaming\DVDVideoSoft
2014-01-19 19:36 - 2014-01-19 19:35 - 34083424 _____ (DVDVideoSoft Ltd.                                          ) C:\Users\cripo\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-19 15:44 - 2014-01-19 15:40 - 00013401 _____ C:\Users\cripo\Desktop\Noten WEH1A.xlsx
2014-01-19 12:20 - 2014-01-19 12:20 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 12:20 - 2013-10-17 15:24 - 00000000 ____D C:\ProgramData\Oracle
2014-01-19 12:20 - 2013-06-25 06:42 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-19 12:10 - 2009-07-14 05:45 - 00418800 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 21:09 - 2011-11-13 21:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 21:08 - 2013-08-14 20:45 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 21:06 - 2011-11-13 22:57 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-09 19:53 - 2012-11-07 16:54 - 00000000 ___RD C:\Users\cripo\Dropbox
2014-01-09 19:51 - 2012-11-07 16:50 - 00000000 ____D C:\Users\cripo\AppData\Roaming\Dropbox
2014-01-07 13:06 - 2012-11-07 16:51 - 00000000 ____D C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-07 10:31 - 2014-01-07 10:31 - 00001391 _____ C:\Users\cripo\Desktop\Sport PU.lnk
2014-01-07 09:50 - 2013-11-09 17:29 - 00000000 ____D C:\ProgramData\Skype
2014-01-07 09:50 - 2012-02-13 21:25 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-06 18:09 - 2012-07-25 13:26 - 00000000 ____D C:\Users\cripo\AppData\Local\2K Games
2014-01-06 13:04 - 2012-05-07 16:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-05 12:17 - 2014-01-05 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\cripo\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 21:01

==================== End Of Log ============================
--- --- ---

cosinus 21.01.2014 16:56
Zitat:
HKCU\...\Run: [Mozilla] - wscript.exe //B "C:\Users\cripo\AppData\Roaming\Mozilla.vbs"
Der EIntrag ist da immer noch! Hast du den Virenscanner vor dem Fix deaktiviert=

cripo 21.01.2014 17:07
Ja, da bin ich mir sicher. Ich habe das ganze nochmal durchgeführt. Das frische FRST Logfile:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by cripo (administrator) on CRIPO-PC on 21-01-2014 17:02:50
Running from C:\Users\cripo\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415752 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2093064 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4195848 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [ASRockXTU] - [x]
HKCU\...\Run: [zASRockInstantBoot] - [x]
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-03-10] ()
MountPoints2: {0a815ac9-0e2d-11e1-b280-806e6f6e6963} - E:\SETUP.EXE

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD9148EB154EFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-12-08] ()

==================== Drivers (Whitelisted) ====================

R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-25] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2011-11-13] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2011-11-13] (FNet Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-21 15:52 - 2014-01-21 11:43 - 02077184 _____ (Farbar) C:\Users\cripo\Desktop\FRST64.exe
2014-01-21 14:58 - 2014-01-21 17:02 - 00010484 _____ C:\Users\cripo\Desktop\FRST.txt
2014-01-21 14:56 - 2014-01-21 14:56 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64(1).exe
2014-01-21 14:53 - 2014-01-21 14:53 - 00000891 _____ C:\Users\cripo\Desktop\JRT.txt
2014-01-21 14:49 - 2014-01-21 14:49 - 01037068 _____ (Thisisu) C:\Users\cripo\Desktop\JRT.exe
2014-01-21 14:49 - 2014-01-21 14:49 - 00000000 ____D C:\Windows\ERUNT
2014-01-21 14:48 - 2014-01-21 14:48 - 00001755 _____ C:\Users\cripo\Desktop\AdwCleaner[S0].txt
2014-01-21 14:38 - 2014-01-21 14:45 - 00000000 ____D C:\AdwCleaner
2014-01-21 14:37 - 2014-01-21 14:37 - 01236282 _____ C:\Users\cripo\Downloads\adwcleaner.exe
2014-01-21 13:54 - 2014-01-21 14:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-21 13:53 - 2014-01-21 14:08 - 00000000 ____D C:\Users\cripo\Desktop\mbar
2014-01-21 13:53 - 2014-01-21 13:53 - 12582688 _____ (Malwarebytes Corp.) C:\Users\cripo\Downloads\mbar-1.07.0.1008.exe
2014-01-21 13:03 - 2014-01-21 13:03 - 00476232 _____ C:\Windows\Minidump\012114-18891-01.dmp
2014-01-21 11:46 - 2014-01-21 11:46 - 00028610 _____ C:\Users\cripo\Downloads\Addition.txt
2014-01-21 11:45 - 2014-01-21 14:57 - 00024490 _____ C:\Users\cripo\Downloads\FRST.txt
2014-01-21 11:45 - 2014-01-21 11:45 - 00000000 ____D C:\FRST
2014-01-21 11:43 - 2014-01-21 11:43 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64.exe
2014-01-21 11:42 - 2014-01-21 11:42 - 00000472 _____ C:\Users\cripo\Downloads\defogger_disable.log
2014-01-21 11:42 - 2014-01-21 11:42 - 00000000 _____ C:\Users\cripo\defogger_reenable
2014-01-21 11:41 - 2014-01-21 11:42 - 00050477 _____ C:\Users\cripo\Downloads\Defogger.exe
2014-01-21 11:10 - 2014-01-21 13:54 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-21 11:10 - 2014-01-21 13:53 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-21 11:10 - 2014-01-21 11:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-20 19:19 - 2014-01-20 20:53 - 00019674 _____ C:\Users\cripo\Documents\Snow 1.wlmp
2014-01-20 16:57 - 2014-01-20 16:57 - 00002176 _____ C:\Users\cripo\Desktop\Wirtschaft PU.lnk
2014-01-19 19:37 - 2014-01-19 19:37 - 00001536 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-01-19 19:35 - 2014-01-19 19:36 - 34083424 _____ (DVDVideoSoft Ltd.                                          ) C:\Users\cripo\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-19 15:40 - 2014-01-19 15:44 - 00013401 _____ C:\Users\cripo\Desktop\Noten WEH1A.xlsx
2014-01-19 12:20 - 2014-01-19 12:20 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 12:20 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-19 12:20 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-19 12:20 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-19 12:20 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-16 17:49 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 17:49 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 17:49 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-07 10:31 - 2014-01-07 10:31 - 00001391 _____ C:\Users\cripo\Desktop\Sport PU.lnk
2014-01-05 12:17 - 2014-01-05 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-21 17:03 - 2014-01-21 14:58 - 00010484 _____ C:\Users\cripo\Desktop\FRST.txt
2014-01-21 17:03 - 2013-03-10 17:39 - 00000000 ____D C:\Users\cripo\AppData\Local\PMB Files
2014-01-21 17:02 - 2013-06-30 12:39 - 00000000 ____D C:\Users\cripo\AppData\Local\LogMeIn Hamachi
2014-01-21 17:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 17:01 - 2011-11-13 21:18 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-21 17:01 - 2011-11-13 20:26 - 01053697 _____ C:\Windows\WindowsUpdate.log
2014-01-21 17:01 - 2009-07-14 05:51 - 00043440 _____ C:\Windows\setupact.log
2014-01-21 16:48 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 16:48 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 16:31 - 2012-03-29 07:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 15:52 - 2011-11-13 20:31 - 00000000 ___RD C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-21 14:57 - 2014-01-21 11:45 - 00024490 _____ C:\Users\cripo\Downloads\FRST.txt
2014-01-21 14:56 - 2014-01-21 14:56 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64(1).exe
2014-01-21 14:53 - 2014-01-21 14:53 - 00000891 _____ C:\Users\cripo\Desktop\JRT.txt
2014-01-21 14:49 - 2014-01-21 14:49 - 01037068 _____ (Thisisu) C:\Users\cripo\Desktop\JRT.exe
2014-01-21 14:49 - 2014-01-21 14:49 - 00000000 ____D C:\Windows\ERUNT
2014-01-21 14:48 - 2014-01-21 14:48 - 00001755 _____ C:\Users\cripo\Desktop\AdwCleaner[S0].txt
2014-01-21 14:45 - 2014-01-21 14:38 - 00000000 ____D C:\AdwCleaner
2014-01-21 14:37 - 2014-01-21 14:37 - 01236282 _____ C:\Users\cripo\Downloads\adwcleaner.exe
2014-01-21 14:08 - 2014-01-21 13:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-21 14:08 - 2014-01-21 13:53 - 00000000 ____D C:\Users\cripo\Desktop\mbar
2014-01-21 13:54 - 2014-01-21 11:10 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-21 13:53 - 2014-01-21 13:53 - 12582688 _____ (Malwarebytes Corp.) C:\Users\cripo\Downloads\mbar-1.07.0.1008.exe
2014-01-21 13:53 - 2014-01-21 11:10 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-21 13:03 - 2014-01-21 13:03 - 00476232 _____ C:\Windows\Minidump\012114-18891-01.dmp
2014-01-21 13:03 - 2012-06-10 20:21 - 948444393 _____ C:\Windows\MEMORY.DMP
2014-01-21 13:03 - 2012-06-10 20:21 - 00000000 ____D C:\Windows\Minidump
2014-01-21 11:46 - 2014-01-21 11:46 - 00028610 _____ C:\Users\cripo\Downloads\Addition.txt
2014-01-21 11:45 - 2014-01-21 11:45 - 00000000 ____D C:\FRST
2014-01-21 11:43 - 2014-01-21 15:52 - 02077184 _____ (Farbar) C:\Users\cripo\Desktop\FRST64.exe
2014-01-21 11:43 - 2014-01-21 11:43 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64.exe
2014-01-21 11:42 - 2014-01-21 11:42 - 00000472 _____ C:\Users\cripo\Downloads\defogger_disable.log
2014-01-21 11:42 - 2014-01-21 11:42 - 00000000 _____ C:\Users\cripo\defogger_reenable
2014-01-21 11:42 - 2014-01-21 11:41 - 00050477 _____ C:\Users\cripo\Downloads\Defogger.exe
2014-01-21 11:42 - 2011-11-13 20:31 - 00000000 ____D C:\Users\cripo
2014-01-21 11:24 - 2011-04-12 08:55 - 00000000 ____D C:\Windows\CSC
2014-01-21 11:24 - 2010-11-21 04:47 - 00191394 _____ C:\Windows\PFRO.log
2014-01-21 11:10 - 2014-01-21 11:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 09:48 - 2011-04-12 08:43 - 00696832 _____ C:\Windows\system32\perfh007.dat
2014-01-21 09:48 - 2011-04-12 08:43 - 00148128 _____ C:\Windows\system32\perfc007.dat
2014-01-21 09:48 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 20:53 - 2014-01-20 19:19 - 00019674 _____ C:\Users\cripo\Documents\Snow 1.wlmp
2014-01-20 18:50 - 2012-10-09 17:32 - 00000000 ____D C:\Users\cripo\AppData\Local\Windows Live
2014-01-20 16:57 - 2014-01-20 16:57 - 00002176 _____ C:\Users\cripo\Desktop\Wirtschaft PU.lnk
2014-01-20 14:01 - 2011-11-15 18:24 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-20 12:49 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-19 19:37 - 2014-01-19 19:37 - 00001536 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-01-19 19:37 - 2013-03-13 18:42 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2014-01-19 19:37 - 2011-11-25 14:08 - 00000000 ____D C:\Users\cripo\AppData\Roaming\DVDVideoSoft
2014-01-19 19:36 - 2014-01-19 19:35 - 34083424 _____ (DVDVideoSoft Ltd.                                          ) C:\Users\cripo\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-19 15:44 - 2014-01-19 15:40 - 00013401 _____ C:\Users\cripo\Desktop\Noten WEH1A.xlsx
2014-01-19 12:20 - 2014-01-19 12:20 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 12:20 - 2013-10-17 15:24 - 00000000 ____D C:\ProgramData\Oracle
2014-01-19 12:20 - 2013-06-25 06:42 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-19 12:10 - 2009-07-14 05:45 - 00418800 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 21:09 - 2011-11-13 21:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 21:08 - 2013-08-14 20:45 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 21:06 - 2011-11-13 22:57 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-09 19:53 - 2012-11-07 16:54 - 00000000 ___RD C:\Users\cripo\Dropbox
2014-01-09 19:51 - 2012-11-07 16:50 - 00000000 ____D C:\Users\cripo\AppData\Roaming\Dropbox
2014-01-07 13:06 - 2012-11-07 16:51 - 00000000 ____D C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-07 10:31 - 2014-01-07 10:31 - 00001391 _____ C:\Users\cripo\Desktop\Sport PU.lnk
2014-01-07 09:50 - 2013-11-09 17:29 - 00000000 ____D C:\ProgramData\Skype
2014-01-07 09:50 - 2012-02-13 21:25 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-06 18:09 - 2012-07-25 13:26 - 00000000 ____D C:\Users\cripo\AppData\Local\2K Games
2014-01-06 13:04 - 2012-05-07 16:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-05 12:17 - 2014-01-05 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\cripo\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 21:01

==================== End Of Log ============================
--- --- ---


Nun ist der Eintrag, den du meinst, nicht mehr dabei - wenn ich das richtig sehe.

cosinus 22.01.2014 11:34
Jup :daumenhoc

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


cripo 22.01.2014 13:04
Hi Cosinus!

Danke, dass du mich nicht vergessen hast. Ist ja schon eine hohe Umschlagshäufigkeit hier ;-)

Anbei der Report von Malwarebytes:

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.22.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
cripo :: CRIPO-PC [Administrator]

Schutz: Aktiviert

22.01.2014 12:35:52
mbam-log-2014-01-22 (12-35-52).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 234539
Laufzeit: 3 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCR\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\Users\cripo\AppData\Local\Temp\N5palsRU.exe.part (PUP.Optional.IBryte) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\cripo\AppData\Local\Temp\NyRniby1.exe.part (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\cripo\AppData\Local\Temp\okQLmLqz.exe.part (PUP.Optional.IBryte) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\cripo\AppData\Local\Temp\pWLSd37m.exe.part (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\cripo\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.2.4214.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\cripo\AppData\Local\Temp\is-7PLAN.tmp\sp-downloader.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\cripo\Downloads\DTLite4471-0333.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Ich muss mich nochmal bzgl des "ESET Online Scanner" vergewissern:
Ich kann/soll den infizierten Stick bzw. die höchstwahrscheinloch infizierte Platte an den Recher anschließen und dann den Scanner laufen lassen?

Danke nochmals für deine Hilfe!

Viele Grüße

Christian

cosinus 22.01.2014 14:06
Ja Stick anschließen und ESET scannen lassen

cripo 22.01.2014 22:17
Hey Cosinus.

Anbei das Logfile nach dem ESET Scan:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3ee3d9b42a5b2041abb46490173357b2
# engine=16757
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-22 08:50:38
# local_time=2014-01-22 09:50:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 19088 161095143 11832 0
# compatibility_mode=5893 16776574 100 94 16858916 142053688 0 0
# scanned=314531
# found=4
# cleaned=0
# scan_time=6576
sh=997A4BC2E0B59DBB5FF6BAFBE13AA1FA8086B20C ft=0 fh=0000000000000000 vn="VBS/Agent.NET worm" ac=I fn="C:\FRST\Quarantine\Mozilla.vbs"
sh=B4E32913FFF00CBC09334460ED44BD323D2A29B7 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\cripo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\24f08ccc-1f0ec882"
sh=E4387A2EC136BD6C165517A0A2433AB992503D9C ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\cripo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\24f08ccc-6e09618a-temp"
sh=CCEF7537A1D32F5F61E20EB0847D9F805EF6B615 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\cripo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\6b41dc5e-565c344e"

cosinus 22.01.2014 23:42
TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.





Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

cripo 23.01.2014 15:36
Hi Cosinus!

Ich denke ansonsten ist mein System i. O.. Es macht sich auf jeden Fall sonst nichts bemerkbar.

Wie verfahre ich denn am besten mit dem infizierten Stick und der evtl. infizierten Festplatte? Ich habe beides gestern nur für den Scan kurz angeschloßen und bisher nicht mehr geöffnet / angeschloßen.
Auf die Daten des Sticks kann ich verzichten (den würde ich formatieren).

Die 2 TB auf der Platte würden mir hingegen ziemlich wehtun.
Weisst du, was ich am besten mit der Platte machen kann?

Viele Grüße und nochmals danke für deine Hilfe!

Christian

cosinus 23.01.2014 17:14
Hast du die externen Datenträger nicht angeschlossen gehabt bei ESET Scan?

cripo 24.01.2014 16:51
Hallo Cosinus!

Doch hatte ich. Du meinst also, dass dort nichts drauf sein kann?
Ich bin da skeptisch. Habe den Stick am Laptop angeschlossen und da sind auch nur Verknüpfungen zu sehen. Irgendwas kann da also nicht stimmen - oder was meinst du dazu?

Viele Grüße

Christian

cosinus 25.01.2014 19:20
Das ist "nur" ne Auswirkung eines Schädlings. Der hat deine Dateien unsichtbar gemacht. Lass dir mal alle Dateien anzeigen => http://www.trojaner-board.de/59624-a...ar-machen.html

Danach alle Verknüpfungen auf dem Stick löschen und zB mit dem Attribute Changer - Download - Filepony bei allen Dateien die Attribute versteckt und system wegnehmen


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:00 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55