Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker

Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker


Log-Analyse und Auswertung: Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 21.01.2014, 12:30   #1
cripo
 
Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker - Standard

Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker


Hallo liebes Trojaner-Board-Team!

Nachdem ich gestern aus dem Winterurlaub zurück bin, erwartete mich eine böse Überraschung. Ich habe meinen USB Stick angeschlossen, der auf einmal nur Verknüpfungen angezeigt hat.

Nachdem ich mich ein bisschen informiert habe (grötenteils auf eurem Board), habe ich Malbarebytes Anti Rootkit heruntergeladen und damit einmal scannen lassen. Hierauf wurde der "Trojaner.Banker" auch gefunden, den ich dann 'eliminiert' habe. Nach einem Neustart wird mir nach nochmaligen Scannen mit Malbar nichts mehr angezeigt. Trotzdem bin ich skeptisch.

Hinzu kommt, dass ich gestern meine externe Festplatte (die nutze ich nur zur Datensicherung) angeschlossen habe, als ich noch nichts von dem Problem wusste (meine Freundin hat in meiner Abwesenheit vor einer Woche ihren Stick mit meinem Rechner benutzt, worauf das Problem mit den Verknüpfungen schon auftrag, wie sich im Nachhinein herausstellte). Sprich: Ich habe Angst, dass meine ganze Datensicherung hin ist. Ebenso habe ich gestern mit dem infizierten Stick auf meinem Laptop gearbeitet.

Ihr merkt also schon... Jackpot.

Ich habe mir einige Anleitungen und die Regeln in eurem Forum durchgelesen, die ich nun befolgen möchte:

Schritt 1:
Defogger habe ich durchlaufen lassen: keine Fehlermeldung, kein Log.

Schritt 2:
FRST Scan FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by cripo (administrator) on CRIPO-PC on 21-01-2014 11:45:31
Running from C:\Users\cripo\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\cripo\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415752 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2093064 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4195848 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [ASRockXTU] - [x]
HKCU\...\Run: [zASRockInstantBoot] - [x]
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-03-10] ()
HKCU\...\Run: [Mozilla] - C:\Users\cripo\AppData\Roaming\Mozilla.vbs [9694 2013-10-06] ()
MountPoints2: {0a815ac9-0e2d-11e1-b280-806e6f6e6963} - E:\SETUP.EXE
Startup: C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla.vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD9148EB154EFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319402&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP84A12542-9F59-4511-8713-D77557C36016&q={searchTerms}&SSPV=
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\cripo\AppData\Roaming\5051
FF Extension: Java String Helper - C:\Users\cripo\AppData\Roaming\5051 [2011-11-28]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-12-08] ()

==================== Drivers (Whitelisted) ====================

R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-25] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2011-11-13] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2011-11-13] (FNet Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-21 11:45 - 2014-01-21 11:45 - 00011712 _____ C:\Users\cripo\Downloads\FRST.txt
2014-01-21 11:45 - 2014-01-21 11:45 - 00000000 ____D C:\FRST
2014-01-21 11:43 - 2014-01-21 11:43 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64.exe
2014-01-21 11:42 - 2014-01-21 11:42 - 00000472 _____ C:\Users\cripo\Downloads\defogger_disable.log
2014-01-21 11:42 - 2014-01-21 11:42 - 00000000 _____ C:\Users\cripo\defogger_reenable
2014-01-21 11:41 - 2014-01-21 11:42 - 00050477 _____ C:\Users\cripo\Downloads\Defogger.exe
2014-01-21 11:10 - 2014-01-21 11:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-21 11:10 - 2014-01-21 11:27 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-21 11:10 - 2014-01-21 11:26 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-21 11:10 - 2014-01-21 11:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 11:09 - 2014-01-21 11:40 - 00000000 ____D C:\Users\cripo\Desktop\mbar
2014-01-21 11:09 - 2014-01-21 11:09 - 12582688 _____ (Malwarebytes Corp.) C:\Users\cripo\Desktop\mbar-1.07.0.1008.exe
2014-01-20 20:39 - 2014-01-20 20:50 - 338849929 _____ C:\Users\cripo\Desktop\Snow 1.mp4
2014-01-20 19:19 - 2014-01-20 20:53 - 00019674 _____ C:\Users\cripo\Documents\Snow 1.wlmp
2014-01-20 16:57 - 2014-01-20 16:57 - 00002176 _____ C:\Users\cripo\Desktop\Wirtschaft PU.lnk
2014-01-19 19:37 - 2014-01-19 19:37 - 00001536 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-01-19 19:35 - 2014-01-19 19:36 - 34083424 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\cripo\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-19 15:40 - 2014-01-19 15:44 - 00013401 _____ C:\Users\cripo\Desktop\Noten WEH1A.xlsx
2014-01-19 12:20 - 2014-01-19 12:20 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 12:20 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-19 12:20 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-19 12:20 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-19 12:20 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-16 17:50 - 2013-10-06 19:07 - 00009694 ___SH C:\Users\cripo\AppData\Roaming\Mozilla.vbs
2014-01-16 17:49 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 17:49 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 17:49 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-07 10:31 - 2014-01-07 10:31 - 00001391 _____ C:\Users\cripo\Desktop\Sport PU.lnk
2014-01-05 12:17 - 2014-01-05 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-21 11:45 - 2014-01-21 11:45 - 00011712 _____ C:\Users\cripo\Downloads\FRST.txt
2014-01-21 11:45 - 2014-01-21 11:45 - 00000000 ____D C:\FRST
2014-01-21 11:45 - 2013-03-10 17:39 - 00000000 ____D C:\Users\cripo\AppData\Local\PMB Files
2014-01-21 11:43 - 2014-01-21 11:43 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64.exe
2014-01-21 11:42 - 2014-01-21 11:42 - 00000472 _____ C:\Users\cripo\Downloads\defogger_disable.log
2014-01-21 11:42 - 2014-01-21 11:42 - 00000000 _____ C:\Users\cripo\defogger_reenable
2014-01-21 11:42 - 2014-01-21 11:41 - 00050477 _____ C:\Users\cripo\Downloads\Defogger.exe
2014-01-21 11:42 - 2011-11-13 20:31 - 00000000 ____D C:\Users\cripo
2014-01-21 11:40 - 2014-01-21 11:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-21 11:40 - 2014-01-21 11:09 - 00000000 ____D C:\Users\cripo\Desktop\mbar
2014-01-21 11:32 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 11:32 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 11:31 - 2012-03-29 07:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 11:29 - 2011-11-13 20:26 - 02079511 _____ C:\Windows\WindowsUpdate.log
2014-01-21 11:27 - 2014-01-21 11:10 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-21 11:26 - 2014-01-21 11:10 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-21 11:26 - 2013-06-30 12:39 - 00000000 ____D C:\Users\cripo\AppData\Local\LogMeIn Hamachi
2014-01-21 11:24 - 2011-11-13 21:18 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-21 11:24 - 2011-04-12 08:55 - 00000000 ____D C:\Windows\CSC
2014-01-21 11:24 - 2010-11-21 04:47 - 00191394 _____ C:\Windows\PFRO.log
2014-01-21 11:24 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 11:24 - 2009-07-14 05:51 - 00043216 _____ C:\Windows\setupact.log
2014-01-21 11:10 - 2014-01-21 11:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 11:09 - 2014-01-21 11:09 - 12582688 _____ (Malwarebytes Corp.) C:\Users\cripo\Desktop\mbar-1.07.0.1008.exe
2014-01-21 09:48 - 2011-04-12 08:43 - 00696832 _____ C:\Windows\system32\perfh007.dat
2014-01-21 09:48 - 2011-04-12 08:43 - 00148128 _____ C:\Windows\system32\perfc007.dat
2014-01-21 09:48 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 20:53 - 2014-01-20 19:19 - 00019674 _____ C:\Users\cripo\Documents\Snow 1.wlmp
2014-01-20 20:50 - 2014-01-20 20:39 - 338849929 _____ C:\Users\cripo\Desktop\Snow 1.mp4
2014-01-20 18:50 - 2012-10-09 17:32 - 00000000 ____D C:\Users\cripo\AppData\Local\Windows Live
2014-01-20 16:57 - 2014-01-20 16:57 - 00002176 _____ C:\Users\cripo\Desktop\Wirtschaft PU.lnk
2014-01-20 14:01 - 2011-11-15 18:24 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-20 12:49 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-19 19:37 - 2014-01-19 19:37 - 00001536 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-01-19 19:37 - 2013-03-13 18:42 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2014-01-19 19:37 - 2011-11-25 14:08 - 00000000 ____D C:\Users\cripo\AppData\Roaming\DVDVideoSoft
2014-01-19 19:36 - 2014-01-19 19:35 - 34083424 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\cripo\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-19 15:44 - 2014-01-19 15:40 - 00013401 _____ C:\Users\cripo\Desktop\Noten WEH1A.xlsx
2014-01-19 12:20 - 2014-01-19 12:20 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 12:20 - 2013-10-17 15:24 - 00000000 ____D C:\ProgramData\Oracle
2014-01-19 12:20 - 2013-06-25 06:42 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-19 12:10 - 2009-07-14 05:45 - 00418800 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 21:09 - 2011-11-13 21:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 21:08 - 2013-08-14 20:45 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 21:06 - 2011-11-13 22:57 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 17:50 - 2011-11-13 20:31 - 00000000 ___RD C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-09 19:53 - 2012-11-07 16:54 - 00000000 ___RD C:\Users\cripo\Dropbox
2014-01-09 19:51 - 2012-11-07 16:50 - 00000000 ____D C:\Users\cripo\AppData\Roaming\Dropbox
2014-01-07 13:06 - 2012-11-07 16:51 - 00000000 ____D C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-07 10:31 - 2014-01-07 10:31 - 00001391 _____ C:\Users\cripo\Desktop\Sport PU.lnk
2014-01-07 09:50 - 2013-11-09 17:29 - 00000000 ____D C:\ProgramData\Skype
2014-01-07 09:50 - 2012-02-13 21:25 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-06 18:09 - 2012-07-25 13:26 - 00000000 ____D C:\Users\cripo\AppData\Local\2K Games
2014-01-06 13:04 - 2012-05-07 16:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-05 12:17 - 2014-01-05 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\cripo\AppData\Local\Temp\AskSLib.dll
C:\Users\cripo\AppData\Local\Temp\AudibleDM_iTunesSetup.exe
C:\Users\cripo\AppData\Local\Temp\avgnt.exe
C:\Users\cripo\AppData\Local\Temp\icqsetup.exe
C:\Users\cripo\AppData\Local\Temp\installerdll2257194.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2268769.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2471648.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2472319.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2476890.dll
C:\Users\cripo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\cripo\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\cripo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\cripo\AppData\Local\Temp\LMkRstPt.exe
C:\Users\cripo\AppData\Local\Temp\nsa6C76.exe
C:\Users\cripo\AppData\Local\Temp\nsl5897.exe
C:\Users\cripo\AppData\Local\Temp\nsq5A3D.exe
C:\Users\cripo\AppData\Local\Temp\nsu6766.exe
C:\Users\cripo\AppData\Local\Temp\nsv6E2C.exe
C:\Users\cripo\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\cripo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\cripo\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\cripo\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\cripo\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\cripo\AppData\Local\Temp\nvStInst.exe
C:\Users\cripo\AppData\Local\Temp\OriginLauncher2471648.exe
C:\Users\cripo\AppData\Local\Temp\rootsupd.exe
C:\Users\cripo\AppData\Local\Temp\setpointdeu.exe
C:\Users\cripo\AppData\Local\Temp\Setup.exe
C:\Users\cripo\AppData\Local\Temp\sonarinst.exe
C:\Users\cripo\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\cripo\AppData\Local\Temp\vcredist_x64.exe
C:\Users\cripo\AppData\Local\Temp\vcredist_x86.exe
C:\Users\cripo\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\cripo\AppData\Local\Temp\_is1A82.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 21:01

==================== End Of Log ============================
--- --- ---


FRST Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-01-2014
Ran by cripo at 2014-01-21 11:46:04
Running from C:\Users\cripo\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-PDF Split & Merge Version 2.0.4 (Build 112) (x32 Version: 7-PDF Split & Merge - Version 2.0.4 (Build 112) - 7-PDF, Germany - Thorsten Hodes)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (x32 Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (x32 Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (x32 Version:  - )
AFPL Ghostscript Fonts (x32 Version:  - )
Apple Application Support (x32 Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ASRock 3TB+ Unlocker v1.0 (Version:  - ASRock Inc.)
ASRock App Charger v1.0.4 (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.78 (x32 Version:  - )
ASRock InstantBoot v1.26 (x32 Version:  - )
ASUS E-Green Uninstall (x32 Version:  - )
Atom Zombie Smasher  (x32 Version:  - Blendo Games)
Audiograbber 1.83 SE  (x32 Version: 1.83 SE - Audiograbber Deutschland)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Bastion (x32 Version:  - Supergiant Games)
Battlelog Web Plugins (x32 Version: 2.1.2 - EA Digital Illusions CE AB)
BioShock (x32 Version:  - 2K Boston)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (x32 Version:  - Gearbox Software)
Brothers - A Tale of Two Sons (x32 Version:  - Starbreeze Studios AB)
Call of Duty(R) 2 (x32 Version: 1.2 - Activision)
Call of Duty(R) 2 (x32 Version: 1.2 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Call of Duty: Black Ops II - Multiplayer (x32 Version:  - )
Call of Duty: Black Ops II - Zombies (x32 Version:  - )
Call of Duty: Black Ops II (x32 Version:  - )
CDBurnerXP (x32 Version: 4.4.1.3184 - CDBurnerXP)
CIB pdf brewer (Version: 2.6.0049 - CIB software GmbH)
Counter-Strike (x32 Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (x32 Version: 4.47.1.0333 - Disc Soft Ltd)
Deponia (x32 Version:  - Daedalic Entertainment)
Deus Ex: Human Revolution (x32 Version:  - Eidos Montreal)
Diablo III (x32 Version: 1.0.3.10485 - Blizzard Entertainment)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology) Hidden
Far Cry 3 Version 1.01 (x32 Version: 1.01 - ZKY)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.17.1125 (x32 Version: 3.2.17.1125 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (x32 Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
IBM SPSS Statistics 20 (Version: 20.0.0.0 - IBM Corp)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
iTunes (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (x32 Version: 1.3 - Riot Games)
Left 4 Dead 2 (x32 Version:  - Valve)
Lexmark Universal v2 Deinstallationsprogamm (Version:  - Lexmark International, Inc.)
LIMBO (x32 Version:  - Playdead)
Logitech GamePanel Software 3.03.133 (Version: 3.03.133 - Logitech Inc.)
Logitech SetPoint 6.32 (Version: 6.32.20 - Logitech)
LogMeIn Hamachi (x32 Version: 2.2.0.58 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.58 - LogMeIn, Inc.) Hidden
Mass Effect 2 (x32 Version:  - BioWare)
Max Payne 3 (x32 Version:  - Rockstar)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0 - Microsoft Corporation)
Monaco (x32 Version:  - Pocketwatch Games)
MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSI Afterburner 2.1.0 (x32 Version: 2.1.0 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero BurnRights 10 (x32 Version: 4.0.11300.14.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.0.12900.2.6 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.16800.7.15 - Nero AG) Hidden
Nero CoverDesigner 10 (x32 Version: 5.0.11200.16.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero DiscSpeed 10 (x32 Version: 6.0.11400.18.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Express 10 (x32 Version: 10.0.12300.23.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero InfoTool 10 (x32 Version: 7.0.11400.15.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero MediaHub 10 (x32 Version: 1.0.14800.28.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (x32 Version: 10.0.10300 - Nero AG)
Nero StartSmart 10 (x32 Version: 10.0.12600.30.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10900 - Nero AG) Hidden
Nero Update (x32 Version: 1.0.0018 - Nero AG)
NVIDIA 3D Vision Controller-Treiber 314.07 (Version: 314.07 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 314.07 (Version: 314.07 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.07 (Version: 314.07 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1407 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 314.07 (Version: 314.07 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
OpenAL (x32 Version:  - )
Origin (x32 Version: 9.1.3.2637 - Electronic Arts, Inc.)
Pando Media Booster (x32 Version: 2.6.0.8 - Pando Networks Inc.)
PDF Blender (x32 Version:  - )
PDFCreator (x32 Version: 1.4.2 - Frank Heindörfer, Philip Chinery)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Portal 2 (x32 Version:  - Valve)
PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (x32 Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
RIFT (HKCU Version:  - Trion Worlds, Inc.)
Rockstar Games Social Club (x32 Version: 1.1.0.1 - Rockstar Games)
Secure Download Manager (x32 Version: 3.1.0 - Kivuto Solutions Inc.)
SPEED-LINK DUAL SHOCK ADAPTER (x32 Version: 1.00.0000 - GASIA)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Super Meat Boy (x32 Version:  - Team Meat)
TeamSpeak 3 Client (Version: 3.0.10.1 - TeamSpeak Systems GmbH)
Terraria (x32 Version:  - )
The Binding of Isaac (x32 Version:  - )
The Elder Scrolls V: Skyrim (x32 Version:  - Bethesda Game Studios)
Torchlight II (x32 Version:  - Runic Games)
TP-LINK TL-WN821N_WN822N Treiber (x32 Version: 1.2.1 - TP-LINK)
TP-LINK-Konfigurationstool (x32 Version: 1.2.1 - TP-LINK)
Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)
Uninstall 1.0.0.1 (x32 Version:  - )
Unreal Tournament 2003 (x32 Version:  - )
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32 Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
VLC media player 1.1.11 (x32 Version: 1.1.11 - VideoLAN)
Winamp (x32 Version: 5.622  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.01 (64-Bit) (Version: 4.01.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2013 (x32 Version: 20.00.8137 - Buhl Data Service GmbH)
XFastUsb (x32 Version:  - )

==================== Restore Points  =========================

16-01-2014 19:42:19 Geplanter Prüfpunkt
16-01-2014 20:06:48 Windows Update
19-01-2014 11:19:38 Installed Java 7 Update 51

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {760C929A-BEE5-4F31-AD68-4C5D55A91C78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {DC8D26A1-57B6-498F-908D-8B9813D6B94A} - System32\Tasks\{EF9F7D2C-E1DE-4194-9708-190286C496C9} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-02-20] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-05-24 19:08 - 2012-05-15 11:48 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2011-10-07 10:39 - 2011-10-07 10:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-03-19 21:09 - 2012-03-19 21:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-03-25 13:00 - 2013-03-25 12:53 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-24 19:08 - 2012-05-15 11:48 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-05 12:17 - 2014-01-05 12:17 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2014 11:26:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2014 09:46:06 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2014 01:19:51 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (01/20/2014 00:50:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2014 09:23:24 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (01/19/2014 09:02:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (01/19/2014 00:11:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2014 08:36:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (01/16/2014 05:46:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2014 04:10:56 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (01/21/2014 11:27:19 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (01/21/2014 11:27:19 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/21/2014 11:27:15 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (01/21/2014 11:21:11 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (01/21/2014 09:47:15 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (01/21/2014 09:47:15 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/21/2014 09:44:23 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (01/20/2014 00:51:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (01/20/2014 00:51:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/20/2014 00:48:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126


Microsoft Office Sessions:
=========================
Error: (04/04/2013 03:00:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 180 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (04/04/2013 02:56:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1336 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (01/09/2013 09:46:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 14 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/03/2012 06:34:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 23%
Total physical RAM: 8104.67 MB
Available physical RAM: 6168.84 MB
Total Pagefile: 16207.52 MB
Available Pagefile: 13978.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:348.47 GB) (Free:92.02 GB) NTFS
Drive d: () (Fixed) (Total:117.19 GB) (Free:21.34 GB) NTFS
Drive e: (SKYRIM_DE) (CDROM) (Total:4.91 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: D94EC641)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=348 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=117 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Schritt 3: GMER

Code:
ATTFilter
GMER 2.1.19324 - hxxp://www.gmer.net
Rootkit scan 2014-01-21 12:23:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD502HJ rev.1AJ10001 465,76GB
Running: gmer.exe; Driver: C:\Users\cripo\AppData\Local\Temp\ugloqpoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                         fffff800035be000 40 bytes [89, AB, 40, 47, 00, 00, FB, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 569                                                                         fffff800035be029 24 bytes {MOV ECX, ESI; MOV [RSI+0x166], BL; CALL 0x759e7}

---- User code sections - GMER 2.1 ----

.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                      000000007708efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                    00000000770b99b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                    00000000770c94d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                    00000000770c9640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\kernel32.dll!RegSetValueExA                             00000000770ea500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                              000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                         000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                           000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                       000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                        000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                      000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ole32.dll!CoCreateInstance                              000007fefd9c7490 11 bytes JMP 000007fffd3d0228
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1392] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                             000007fefd9dbf00 7 bytes JMP 000007fffd3d0260
.text     C:\Windows\system32\Dwm.exe[1808] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                           000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text     C:\Windows\system32\Dwm.exe[1808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                      000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text     C:\Windows\system32\Dwm.exe[1808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                        000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text     C:\Windows\system32\Dwm.exe[1808] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                    000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text     C:\Windows\system32\Dwm.exe[1808] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                     000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text     C:\Windows\system32\Dwm.exe[1808] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                   000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text     C:\Windows\system32\Dwm.exe[1808] C:\Windows\system32\dxgi.dll!CreateDXGIFactory                                                           000007fef883dc88 5 bytes JMP 000007fff86300d8
.text     C:\Windows\system32\Dwm.exe[1808] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1                                                          000007fef883de10 5 bytes JMP 000007fff8630110
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                    0000000072011a22 2 bytes [01, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                    0000000072011ad0 2 bytes [01, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                    0000000072011b08 2 bytes [01, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                    0000000072011bba 2 bytes [01, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                    0000000072011bda 2 bytes [01, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                             00000000763f1465 2 bytes [3F, 76]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            00000000763f14bb 2 bytes [3F, 76]
.text     ...                                                                                                                                        * 2
.text     C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                   000000007708efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                 00000000770c94d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                 00000000770c9640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\kernel32.dll!RegSetValueExA                          00000000770ea500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                           000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text     C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                      000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text     C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                        000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text     C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                    000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text     C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                     000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text     C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                   000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text     C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\ole32.dll!CoCreateInstance                           000007fefd9c7490 11 bytes JMP 000007fffd3d0228
.text     C:\Program Files\Windows Media Player\WMPSideShowGadget.exe[2396] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                          000007fefd9dbf00 7 bytes JMP 000007fffd3d0260
.text     C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                             00000000768013e1 7 bytes JMP 00000001718812ad
.text     C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                    000000007681b1d3 5 bytes JMP 00000001718815be
.text     C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                    00000000768988b4 7 bytes JMP 0000000171881357
.text     C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                    0000000076898939 5 bytes JMP 00000001718816e0
.text     C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                      0000000076898c8f 5 bytes JMP 0000000171881028
.text     C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                         0000000075061d1b 5 bytes JMP 00000001718811ef
.text     C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                       0000000075061dc9 5 bytes JMP 0000000171881023
.text     C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                           0000000075062aa4 5 bytes JMP 000000017188156e
.text     C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                              0000000075062d0a 5 bytes JMP 0000000171881294
.text     C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\USER32.dll!CreateWindowExW                              0000000076f68a29 5 bytes JMP 0000000171881050
.text     C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                          0000000076f74572 5 bytes JMP 00000001718810d2
.text     C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                      0000000075fae96b 5 bytes JMP 00000001718815d7
.text     C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                        0000000075faeba5 5 bytes JMP 00000001718811b8
.text     C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                             0000000076515ea5 5 bytes JMP 0000000171881609
.text     C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\ole32.dll!CoCreateInstance                              0000000076549d0b 5 bytes JMP 0000000171881249
.text     C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     00000000763f1465 2 bytes [3F, 76]
.text     C:\Program Files (x86)\Windows Media Player\wmplayer.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000763f14bb 2 bytes [3F, 76]
.text     ...                                                                                                                                        * 2
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                        000000007708efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                      00000000770b99b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                      00000000770c94d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                      00000000770c9640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\kernel32.dll!RegSetValueExA                               00000000770ea500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                           000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                             000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                         000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                          000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3792] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                        000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                               000000007708efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                             00000000770b99b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                             00000000770c94d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                             00000000770c9640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\kernel32.dll!RegSetValueExA                                      00000000770ea500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                       000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                  000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                    000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                 000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                               000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\ole32.dll!CoCreateInstance                                       000007fefd9c7490 11 bytes JMP 000007fffd3d0228
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3804] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                      000007fefd9dbf00 7 bytes JMP 000007fffd3d0260
.text     C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe[3812] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                             000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text     C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe[3812] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                        000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text     C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe[3812] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                          000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text     C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe[3812] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                      000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text     C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe[3812] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                       000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text     C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe[3812] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                     000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text     C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe[3812] C:\Windows\system32\ole32.dll!CoCreateInstance                             000007fefd9c7490 11 bytes JMP 000007fffd3d0228
.text     C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe[3812] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                            000007fefd9dbf00 7 bytes JMP 000007fffd3d0260
.text     C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW           000000007708efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx         00000000770b99b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\kernel32.dll!K32GetModuleInformation         00000000770c94d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW         00000000770c9640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\kernel32.dll!RegSetValueExA                  00000000770ea500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                   000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text     C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW              000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text     C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text     C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW            000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text     C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo             000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text     C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[3820] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList           000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text     C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW    000000007708efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx  00000000770b99b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\kernel32.dll!K32GetModuleInformation  00000000770c94d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW  00000000770c9640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\kernel32.dll!RegSetValueExA           00000000770ea500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\KERNELBASE.dll!FreeLibrary            000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text     C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW       000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text     C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW         000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text     C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW     000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text     C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo      000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text     C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList    000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text     C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\ole32.dll!CoCreateInstance            000007fefd9c7490 11 bytes JMP 000007fffd3d0228
.text     C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[3852] C:\Windows\system32\ole32.dll!CoSetProxyBlanket           000007fefd9dbf00 7 bytes JMP 000007fffd3d0260
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                              000000007708efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                            00000000770b99b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                            00000000770c94d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                            00000000770c9640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\kernel32.dll!RegSetValueExA                                     00000000770ea500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                      000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                   000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                               000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                              000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\ole32.dll!CoCreateInstance                                      000007fefd9c7490 11 bytes JMP 000007fffd3d0228
.text     C:\Program Files\Logitech\SetPointP\SetPoint.exe[3868] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                     000007fefd9dbf00 7 bytes JMP 000007fffd3d0260
.text     C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                              000000007708efe0 5 bytes JMP 000000016fff0148
.text     C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                            00000000770b99b0 7 bytes JMP 000000016fff00d8
.text     C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                            00000000770c94d0 5 bytes JMP 000000016fff0180
.text     C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                            00000000770c9640 5 bytes JMP 000000016fff0110
.text     C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                     00000000770ea500 7 bytes JMP 000000016fff01b8
.text     C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                      000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text     C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                 000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text     C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                   000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text     C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                               000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text     C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text     C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                              000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text     C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\ole32.dll!CoCreateInstance                                                      000007fefd9c7490 11 bytes JMP 000007fffd3d0228
.text     C:\Windows\System32\igfxpers.exe[3892] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                     000007fefd9dbf00 7 bytes JMP 000007fffd3d0260
.text     C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                               000000007708efe0 5 bytes JMP 000000016fff0148
.text     C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                             00000000770b99b0 7 bytes JMP 000000016fff00d8
.text     C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                             00000000770c94d0 5 bytes JMP 000000016fff0180
.text     C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                             00000000770c9640 5 bytes JMP 000000016fff0110
.text     C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                      00000000770ea500 7 bytes JMP 000000016fff01b8
.text     C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                       000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text     C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                  000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text     C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                    000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text     C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text     C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                 000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text     C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                               000007fefedfbe40 8 bytes JMP 000007fffd3d01b8
.text     C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\ole32.dll!CoCreateInstance                                                       000007fefd9c7490 11 bytes JMP 000007fffd3d0228
.text     C:\Windows\System32\wscript.exe[4012] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                      000007fefd9dbf00 7 bytes JMP 000007fffd3d0260
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                     00000000768013e1 7 bytes JMP 00000001718812ad
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW            000000007681b1d3 5 bytes JMP 00000001718815be
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx            00000000768988b4 7 bytes JMP 0000000171881357
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation            0000000076898939 5 bytes JMP 00000001718816e0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW              0000000076898c8f 5 bytes JMP 0000000171881028
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                 0000000075061d1b 5 bytes JMP 00000001718811ef
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW               0000000075061dc9 5 bytes JMP 0000000171881023
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                   0000000075062aa4 5 bytes JMP 000000017188156e
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                      0000000075062d0a 5 bytes JMP 0000000171881294
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList              0000000075fae96b 5 bytes JMP 00000001718815d7
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                0000000075faeba5 5 bytes JMP 00000001718811b8
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\USER32.dll!CreateWindowExW                      0000000076f68a29 5 bytes JMP 0000000171881050
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                  0000000076f74572 5 bytes JMP 00000001718810d2
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                     0000000076515ea5 5 bytes JMP 0000000171881609
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3508] C:\Windows\syswow64\ole32.dll!CoCreateInstance                      0000000076549d0b 5 bytes JMP 0000000171881249
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                     000000007708efe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                   00000000770b99b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                   00000000770c94d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                   00000000770c9640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\kernel32.dll!RegSetValueExA                            00000000770ea500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                             000007fefd3e2db0 5 bytes JMP 000007fffd3d0180
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                        000007fefd3e37d0 7 bytes JMP 000007fffd3d00d8
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                          000007fefd3e8ef0 6 bytes JMP 000007fffd3d0148
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                      000007fefd3faf60 5 bytes JMP 000007fffd3d0110
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                       000007fefedf89e0 8 bytes JMP 000007fffd3d01f0
.text     C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3876] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                     000007fefedfbe40 8 bytes JMP 000007fffd3d01b8

---- EOF - GMER 2.1 ----
Für Hilfe wäre ich euch sehr dankbar!

Noch zur Info:
Sonst treten keine sichtbaren Probleme an meinem Rechner auf.
Ich nutze Win 7 Professional und Avira AntiVir.

Gestern habe ich natürlich (wenn es schon dicke kommt...) einige Überweiseung via Online-Banking getätigt. Das Konto habe ich vorsichtshalber telefonisch sperren lassen.

Ich habe sehr viele wichtige Daten (v. a. Word-Dokument) (da ich auch beruflich viel an dem Rechner arbeite) auf dem Rechner. Muss ich davon ausgehen, dass diese unbrauchbar sind?
Falls möglich würde ich gerne das Formatieren der Platte umgehen.

Viele Grüße

Christian
Geändert von cripo (21.01.2014 um 12:36 Uhr)

Alt 21.01.2014, 12:41   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker - Standard

Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker


Hallo und


Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!


Und bitte die automatische Wiedergabe deaktivieren, um das Problem mit befallenen Wechseldatenträgern einzudämmen.


Automatische Wiedergabe (Autorun) deaktivieren

Lesestoff:
Aufgabe von Autorun

Die Hauptaufgabe von Autorun besteht darin, auf Hardwareaktionen, die auf einem Computer gestartet werden, softwareseitig zu reagieren. Autorun bietet die folgenden Funktionen:
  • Doppelklicken
  • Kontextmenü
  • Automatische Wiedergabe

Diese Funktionen werden typischerweise von Wechselmedien oder Netzwerkfreigaben aufgerufen. Während der automatischen Wiedergabe wird die Datei "Autorun.inf" auf dem Medium analysiert. Diese Datei legt fest, welche Befehle vom System ausgeführt werden. Viele Firmen nutzen diese Funktionalität zum Starten von Installationsprogrammen.

Das Problem bzw. das Sicherheitsrisiko besteht darin, dass die Autorun-Funktion missbraucht werden kann, um automatisch zB auf infizierten USB-Sticks eine Schädlingsdatei (die in der autorun.inf definiert ist) auszuführen. Ich empfehle dir daher dringend, Autorun komplett zu deaktivieren.


Windows XP: Zur Vereinfachung hab ich die Datei noautorun.reg hochgeladen. Lade sie bitte auf den Desktop herunter, führ die Datei per Doppelklick aus und bestätige mit ja. Nach einem Neustart des Rechners ist die automatische Wiedergabe (von Datenträgern) auf allen Laufwerken deaktiviert, d.h. keine CD, kein Stick oder sonstwas startet nach dem Einstecken mehr automatisch.


Falls die o.g. Datei noautorun.reg nicht herunterladbar sein sollte, hier der Inhalt der noautorun.reg; einfach in eine Textdatei kopieren und diese als noautorun.reg Datei abspeichern und per Doppelklick ausführen um es in die Registry zu schreiben:
Code:
ATTFilter
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff

Windows Vista/7: In der Systemsteuerung unter automatische Wiedergabe von CDs und anderen Medien alles deaktivieren. => siehe auch Einstellungen für automatische Wiedergabe ändern
__________________

__________________
Alt 21.01.2014, 13:09   #3
cripo
 
Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker - Standard

Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker


Hallo Cosinus und danke für deine schnelle Antwort!

Ich habe nochmal in mein AntiVir geschaut und dort sind in der letzten Woche keine Funde verzeichnet. Somit habe ich leider keine weiteren Logs. Meine Freundin hatte den Rechner scheinbar nur einmal an und hat den Rechner dann durch ihren USB Stick "infiziert".

Danke für den Tipp bzgl. der automatische Wiedergabe. Diese habe ich deaktiviert.

Wie kann ich nun am besten weiter verfahren?

Viele Grüße

Christian
__________________
Geändert von cripo (21.01.2014 um 13:20 Uhr)

Alt 21.01.2014, 13:28   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker - Standard

Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker


Zitat:
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Enterprise Office und Professional Windows?
Ist das ein gewerblich genutzter Rechner, aus welcher Quelle stammt MS-Office? Enterprise-Editionen sind nur über teure Volumenlizenzen verfügbar!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.01.2014, 13:40   #5
cripo
 
Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker - Standard

Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker


Hallo Cosinus!

Nochmals 'Dankeschön' für deine schnelle Antwort!
Betriebssystem und MS Office kommen von meinem Arbeitgeber. Ich bin im Schuldienst und da verfügen die Schulträger über besagte Lizenzen.
Office und Win 7 nutze ich aber schon länger - ich denke nicht, dass das Einfluss auf mein Problem hat - oder irre ich mich?

Viele Grüße

Christian


Alt 21.01.2014, 13:42   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker - Standard

Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker


Es geht aber um die Frage der Legalität und auch ob der Rechner gewerblich genutzt wird, deswegen muss ich danach fragen, nicht ob das der Problemverursacher ist


Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker

Alt 21.01.2014, 14:10   #7
cripo
 
Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker - Standard

Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker


Hallo Cosinus!

Nicht das du mich missverstehst. Deine Nachfrage zeugt ja davon, dass du dir die Logfiles mit Verstand durchliest und hinterfragst.

Ich habe Malwarebytes Anti-Rootkit durchlaufen lassen und ein Cleanup war nicht erfolderlich. Anbei das Logfile:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.21.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
cripo :: CRIPO-PC [administrator]

21.01.2014 13:54:51
mbar-log-2014-01-21 (13-54-51).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 257631
Time elapsed: 10 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Viele Grüße

Christian
Geändert von cripo (21.01.2014 um 14:22 Uhr)

Alt 21.01.2014, 14:32   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker - Standard

Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker


Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.01.2014, 15:01   #9
cripo
 
Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker - Standard

Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker


Hallo Cosinus!

Anbei die Logfiles:

ADW
Code:
ATTFilter
# AdwCleaner v3.017 - Bericht erstellt am 21/01/2014 um 14:45:29
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : cripo - CRIPO-PC
# Gestartet von : C:\Users\cripo\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\cripo\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\cripo\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\cripo\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default\searchplugins\conduit-search.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1856 octets] - [21/01/2014 14:38:28]
AdwCleaner[S0].txt - [1615 octets] - [21/01/2014 14:45:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1675 octets] ##########
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by cripo on 21.01.2014 at 14:49:50,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{184aa5e6-741d-464a-820e-94b3abc2f3b4}
Emptied folder: C:\Users\cripo\AppData\Roaming\mozilla\firefox\profiles\5yu6hj16.default\minidumps [99 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.01.2014 at 14:53:35,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by cripo (administrator) on CRIPO-PC on 21-01-2014 14:57:06
Running from C:\Users\cripo\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\cripo\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415752 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2093064 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4195848 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [ASRockXTU] - [x]
HKCU\...\Run: [zASRockInstantBoot] - [x]
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-03-10] ()
HKCU\...\Run: [Mozilla] - C:\Users\cripo\AppData\Roaming\Mozilla.vbs [9694 2013-10-06] ()
MountPoints2: {0a815ac9-0e2d-11e1-b280-806e6f6e6963} - E:\SETUP.EXE
Startup: C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla.vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD9148EB154EFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-12-08] ()

==================== Drivers (Whitelisted) ====================

R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-25] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2011-11-13] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2011-11-13] (FNet Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-21 14:56 - 2014-01-21 14:56 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64(1).exe
2014-01-21 14:53 - 2014-01-21 14:53 - 00000891 _____ C:\Users\cripo\Desktop\JRT.txt
2014-01-21 14:49 - 2014-01-21 14:49 - 01037068 _____ (Thisisu) C:\Users\cripo\Desktop\JRT.exe
2014-01-21 14:49 - 2014-01-21 14:49 - 00000000 ____D C:\Windows\ERUNT
2014-01-21 14:48 - 2014-01-21 14:48 - 00001755 _____ C:\Users\cripo\Desktop\AdwCleaner[S0].txt
2014-01-21 14:38 - 2014-01-21 14:45 - 00000000 ____D C:\AdwCleaner
2014-01-21 14:37 - 2014-01-21 14:37 - 01236282 _____ C:\Users\cripo\Downloads\adwcleaner.exe
2014-01-21 13:54 - 2014-01-21 14:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-21 13:53 - 2014-01-21 14:08 - 00000000 ____D C:\Users\cripo\Desktop\mbar
2014-01-21 13:53 - 2014-01-21 13:53 - 12582688 _____ (Malwarebytes Corp.) C:\Users\cripo\Downloads\mbar-1.07.0.1008.exe
2014-01-21 13:03 - 2014-01-21 13:03 - 00476232 _____ C:\Windows\Minidump\012114-18891-01.dmp
2014-01-21 11:46 - 2014-01-21 11:46 - 00028610 _____ C:\Users\cripo\Downloads\Addition.txt
2014-01-21 11:45 - 2014-01-21 14:57 - 00011071 _____ C:\Users\cripo\Downloads\FRST.txt
2014-01-21 11:45 - 2014-01-21 11:45 - 00000000 ____D C:\FRST
2014-01-21 11:43 - 2014-01-21 11:43 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64.exe
2014-01-21 11:42 - 2014-01-21 11:42 - 00000472 _____ C:\Users\cripo\Downloads\defogger_disable.log
2014-01-21 11:42 - 2014-01-21 11:42 - 00000000 _____ C:\Users\cripo\defogger_reenable
2014-01-21 11:41 - 2014-01-21 11:42 - 00050477 _____ C:\Users\cripo\Downloads\Defogger.exe
2014-01-21 11:10 - 2014-01-21 13:54 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-21 11:10 - 2014-01-21 13:53 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-21 11:10 - 2014-01-21 11:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-20 19:19 - 2014-01-20 20:53 - 00019674 _____ C:\Users\cripo\Documents\Snow 1.wlmp
2014-01-20 16:57 - 2014-01-20 16:57 - 00002176 _____ C:\Users\cripo\Desktop\Wirtschaft PU.lnk
2014-01-19 19:37 - 2014-01-19 19:37 - 00001536 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-01-19 19:35 - 2014-01-19 19:36 - 34083424 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\cripo\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-19 15:40 - 2014-01-19 15:44 - 00013401 _____ C:\Users\cripo\Desktop\Noten WEH1A.xlsx
2014-01-19 12:20 - 2014-01-19 12:20 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 12:20 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-19 12:20 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-19 12:20 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-19 12:20 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-16 17:50 - 2013-10-06 19:07 - 00009694 ___SH C:\Users\cripo\AppData\Roaming\Mozilla.vbs
2014-01-16 17:49 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 17:49 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 17:49 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-07 10:31 - 2014-01-07 10:31 - 00001391 _____ C:\Users\cripo\Desktop\Sport PU.lnk
2014-01-05 12:17 - 2014-01-05 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-21 14:57 - 2014-01-21 11:45 - 00011071 _____ C:\Users\cripo\Downloads\FRST.txt
2014-01-21 14:56 - 2014-01-21 14:56 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64(1).exe
2014-01-21 14:56 - 2013-03-10 17:39 - 00000000 ____D C:\Users\cripo\AppData\Local\PMB Files
2014-01-21 14:54 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 14:54 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 14:53 - 2014-01-21 14:53 - 00000891 _____ C:\Users\cripo\Desktop\JRT.txt
2014-01-21 14:49 - 2014-01-21 14:49 - 01037068 _____ (Thisisu) C:\Users\cripo\Desktop\JRT.exe
2014-01-21 14:49 - 2014-01-21 14:49 - 00000000 ____D C:\Windows\ERUNT
2014-01-21 14:48 - 2014-01-21 14:48 - 00001755 _____ C:\Users\cripo\Desktop\AdwCleaner[S0].txt
2014-01-21 14:47 - 2013-06-30 12:39 - 00000000 ____D C:\Users\cripo\AppData\Local\LogMeIn Hamachi
2014-01-21 14:46 - 2011-11-13 21:18 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-21 14:46 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 14:46 - 2009-07-14 05:51 - 00043328 _____ C:\Windows\setupact.log
2014-01-21 14:45 - 2014-01-21 14:38 - 00000000 ____D C:\AdwCleaner
2014-01-21 14:45 - 2011-11-13 20:26 - 02095067 _____ C:\Windows\WindowsUpdate.log
2014-01-21 14:37 - 2014-01-21 14:37 - 01236282 _____ C:\Users\cripo\Downloads\adwcleaner.exe
2014-01-21 14:31 - 2012-03-29 07:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 14:08 - 2014-01-21 13:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-21 14:08 - 2014-01-21 13:53 - 00000000 ____D C:\Users\cripo\Desktop\mbar
2014-01-21 13:54 - 2014-01-21 11:10 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-21 13:53 - 2014-01-21 13:53 - 12582688 _____ (Malwarebytes Corp.) C:\Users\cripo\Downloads\mbar-1.07.0.1008.exe
2014-01-21 13:53 - 2014-01-21 11:10 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-21 13:03 - 2014-01-21 13:03 - 00476232 _____ C:\Windows\Minidump\012114-18891-01.dmp
2014-01-21 13:03 - 2012-06-10 20:21 - 948444393 _____ C:\Windows\MEMORY.DMP
2014-01-21 13:03 - 2012-06-10 20:21 - 00000000 ____D C:\Windows\Minidump
2014-01-21 11:46 - 2014-01-21 11:46 - 00028610 _____ C:\Users\cripo\Downloads\Addition.txt
2014-01-21 11:45 - 2014-01-21 11:45 - 00000000 ____D C:\FRST
2014-01-21 11:43 - 2014-01-21 11:43 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64.exe
2014-01-21 11:42 - 2014-01-21 11:42 - 00000472 _____ C:\Users\cripo\Downloads\defogger_disable.log
2014-01-21 11:42 - 2014-01-21 11:42 - 00000000 _____ C:\Users\cripo\defogger_reenable
2014-01-21 11:42 - 2014-01-21 11:41 - 00050477 _____ C:\Users\cripo\Downloads\Defogger.exe
2014-01-21 11:42 - 2011-11-13 20:31 - 00000000 ____D C:\Users\cripo
2014-01-21 11:24 - 2011-04-12 08:55 - 00000000 ____D C:\Windows\CSC
2014-01-21 11:24 - 2010-11-21 04:47 - 00191394 _____ C:\Windows\PFRO.log
2014-01-21 11:10 - 2014-01-21 11:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 09:48 - 2011-04-12 08:43 - 00696832 _____ C:\Windows\system32\perfh007.dat
2014-01-21 09:48 - 2011-04-12 08:43 - 00148128 _____ C:\Windows\system32\perfc007.dat
2014-01-21 09:48 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 20:53 - 2014-01-20 19:19 - 00019674 _____ C:\Users\cripo\Documents\Snow 1.wlmp
2014-01-20 18:50 - 2012-10-09 17:32 - 00000000 ____D C:\Users\cripo\AppData\Local\Windows Live
2014-01-20 16:57 - 2014-01-20 16:57 - 00002176 _____ C:\Users\cripo\Desktop\Wirtschaft PU.lnk
2014-01-20 14:01 - 2011-11-15 18:24 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-20 12:49 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-19 19:37 - 2014-01-19 19:37 - 00001536 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-01-19 19:37 - 2013-03-13 18:42 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2014-01-19 19:37 - 2011-11-25 14:08 - 00000000 ____D C:\Users\cripo\AppData\Roaming\DVDVideoSoft
2014-01-19 19:36 - 2014-01-19 19:35 - 34083424 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\cripo\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-19 15:44 - 2014-01-19 15:40 - 00013401 _____ C:\Users\cripo\Desktop\Noten WEH1A.xlsx
2014-01-19 12:20 - 2014-01-19 12:20 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 12:20 - 2013-10-17 15:24 - 00000000 ____D C:\ProgramData\Oracle
2014-01-19 12:20 - 2013-06-25 06:42 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-19 12:10 - 2009-07-14 05:45 - 00418800 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 21:09 - 2011-11-13 21:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 21:08 - 2013-08-14 20:45 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 21:06 - 2011-11-13 22:57 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 17:50 - 2011-11-13 20:31 - 00000000 ___RD C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-09 19:53 - 2012-11-07 16:54 - 00000000 ___RD C:\Users\cripo\Dropbox
2014-01-09 19:51 - 2012-11-07 16:50 - 00000000 ____D C:\Users\cripo\AppData\Roaming\Dropbox
2014-01-07 13:06 - 2012-11-07 16:51 - 00000000 ____D C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-07 10:31 - 2014-01-07 10:31 - 00001391 _____ C:\Users\cripo\Desktop\Sport PU.lnk
2014-01-07 09:50 - 2013-11-09 17:29 - 00000000 ____D C:\ProgramData\Skype
2014-01-07 09:50 - 2012-02-13 21:25 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-06 18:09 - 2012-07-25 13:26 - 00000000 ____D C:\Users\cripo\AppData\Local\2K Games
2014-01-06 13:04 - 2012-05-07 16:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-05 12:17 - 2014-01-05 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\cripo\AppData\Local\Temp\AskSLib.dll
C:\Users\cripo\AppData\Local\Temp\AudibleDM_iTunesSetup.exe
C:\Users\cripo\AppData\Local\Temp\avgnt.exe
C:\Users\cripo\AppData\Local\Temp\icqsetup.exe
C:\Users\cripo\AppData\Local\Temp\installerdll2257194.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2268769.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2471648.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2472319.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2476890.dll
C:\Users\cripo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\cripo\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\cripo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\cripo\AppData\Local\Temp\LMkRstPt.exe
C:\Users\cripo\AppData\Local\Temp\nsa6C76.exe
C:\Users\cripo\AppData\Local\Temp\nsl5897.exe
C:\Users\cripo\AppData\Local\Temp\nsq5A3D.exe
C:\Users\cripo\AppData\Local\Temp\nsu6766.exe
C:\Users\cripo\AppData\Local\Temp\nsv6E2C.exe
C:\Users\cripo\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\cripo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\cripo\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\cripo\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\cripo\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\cripo\AppData\Local\Temp\nvStInst.exe
C:\Users\cripo\AppData\Local\Temp\OriginLauncher2471648.exe
C:\Users\cripo\AppData\Local\Temp\Quarantine.exe
C:\Users\cripo\AppData\Local\Temp\rootsupd.exe
C:\Users\cripo\AppData\Local\Temp\setpointdeu.exe
C:\Users\cripo\AppData\Local\Temp\Setup.exe
C:\Users\cripo\AppData\Local\Temp\sonarinst.exe
C:\Users\cripo\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\cripo\AppData\Local\Temp\vcredist_x64.exe
C:\Users\cripo\AppData\Local\Temp\vcredist_x86.exe
C:\Users\cripo\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\cripo\AppData\Local\Temp\_is1A82.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 21:01

==================== End Of Log ============================
--- --- ---
Alt 21.01.2014, 15:35   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker - Standard

Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKCU\...\Run: [Mozilla] - C:\Users\cripo\AppData\Roaming\Mozilla.vbs [9694 2013-10-06] ()
Startup: C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla.vbs ()
C:\Users\cripo\AppData\Roaming\Mozilla.vbs
C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla.vbs
C:\Users\cripo\AppData\Local\Temp\AskSLib.dll
C:\Users\cripo\AppData\Local\Temp\AudibleDM_iTunesSetup.exe
C:\Users\cripo\AppData\Local\Temp\avgnt.exe
C:\Users\cripo\AppData\Local\Temp\icqsetup.exe
C:\Users\cripo\AppData\Local\Temp\installerdll2257194.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2268769.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2471648.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2472319.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2476890.dll
C:\Users\cripo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\cripo\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\cripo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\cripo\AppData\Local\Temp\LMkRstPt.exe
C:\Users\cripo\AppData\Local\Temp\nsa6C76.exe
C:\Users\cripo\AppData\Local\Temp\nsl5897.exe
C:\Users\cripo\AppData\Local\Temp\nsq5A3D.exe
C:\Users\cripo\AppData\Local\Temp\nsu6766.exe
C:\Users\cripo\AppData\Local\Temp\nsv6E2C.exe
C:\Users\cripo\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\cripo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\cripo\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\cripo\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\cripo\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\cripo\AppData\Local\Temp\nvStInst.exe
C:\Users\cripo\AppData\Local\Temp\OriginLauncher2471648.exe
C:\Users\cripo\AppData\Local\Temp\Quarantine.exe
C:\Users\cripo\AppData\Local\Temp\rootsupd.exe
C:\Users\cripo\AppData\Local\Temp\setpointdeu.exe
C:\Users\cripo\AppData\Local\Temp\Setup.exe
C:\Users\cripo\AppData\Local\Temp\sonarinst.exe
C:\Users\cripo\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\cripo\AppData\Local\Temp\vcredist_x64.exe
C:\Users\cripo\AppData\Local\Temp\vcredist_x86.exe
C:\Users\cripo\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\cripo\AppData\Local\Temp\_is1A82.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.01.2014, 15:53   #11
cripo
 
Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker - Standard

Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker


Hallo Cosinus!

Ich habe deine Anweisungen ausgeführt. Anbei der Inhalt der Logdatei:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-01-2014
Ran by cripo at 2014-01-21 15:52:23 Run:1
Running from C:\Users\cripo\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Mozilla] - C:\Users\cripo\AppData\Roaming\Mozilla.vbs [9694 2013-10-06] ()
Startup: C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla.vbs ()
C:\Users\cripo\AppData\Roaming\Mozilla.vbs
C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla.vbs
C:\Users\cripo\AppData\Local\Temp\AskSLib.dll
C:\Users\cripo\AppData\Local\Temp\AudibleDM_iTunesSetup.exe
C:\Users\cripo\AppData\Local\Temp\avgnt.exe
C:\Users\cripo\AppData\Local\Temp\icqsetup.exe
C:\Users\cripo\AppData\Local\Temp\installerdll2257194.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2268769.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2471648.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2472319.dll
C:\Users\cripo\AppData\Local\Temp\installerdll2476890.dll
C:\Users\cripo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\cripo\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\cripo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\cripo\AppData\Local\Temp\LMkRstPt.exe
C:\Users\cripo\AppData\Local\Temp\nsa6C76.exe
C:\Users\cripo\AppData\Local\Temp\nsl5897.exe
C:\Users\cripo\AppData\Local\Temp\nsq5A3D.exe
C:\Users\cripo\AppData\Local\Temp\nsu6766.exe
C:\Users\cripo\AppData\Local\Temp\nsv6E2C.exe
C:\Users\cripo\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\cripo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\cripo\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\cripo\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\cripo\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\cripo\AppData\Local\Temp\nvStInst.exe
C:\Users\cripo\AppData\Local\Temp\OriginLauncher2471648.exe
C:\Users\cripo\AppData\Local\Temp\Quarantine.exe
C:\Users\cripo\AppData\Local\Temp\rootsupd.exe
C:\Users\cripo\AppData\Local\Temp\setpointdeu.exe
C:\Users\cripo\AppData\Local\Temp\Setup.exe
C:\Users\cripo\AppData\Local\Temp\sonarinst.exe
C:\Users\cripo\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\cripo\AppData\Local\Temp\vcredist_x64.exe
C:\Users\cripo\AppData\Local\Temp\vcredist_x86.exe
C:\Users\cripo\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\cripo\AppData\Local\Temp\_is1A82.exe
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Mozilla => Value deleted successfully.
C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla.vbs => Moved successfully.
C:\Users\cripo\AppData\Roaming\Mozilla.vbs => Moved successfully.
"C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla.vbs" => File/Directory not found.
C:\Users\cripo\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\AudibleDM_iTunesSetup.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\icqsetup.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\installerdll2257194.dll => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\installerdll2268769.dll => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\installerdll2471648.dll => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\installerdll2472319.dll => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\installerdll2476890.dll => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\LMkRstPt.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\nsa6C76.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\nsl5897.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\nsq5A3D.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\nsu6766.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\nsv6E2C.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\nv3DVStreaming.dll => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\nvSCPAPI64.dll => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\nvStereoApiI.dll => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\nvStereoApiI64.dll => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\OriginLauncher2471648.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\rootsupd.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\setpointdeu.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\Setup.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\sonarinst.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\swt-win32-3740.dll => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\vcredist_x86.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe => Moved successfully.
C:\Users\cripo\AppData\Local\Temp\_is1A82.exe => Moved successfully.

==== End of Fixlog ====
Viele Grüße

Christian

Alt 21.01.2014, 15:55   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker - Standard

Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker


Frisches FRST Log bitte
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.01.2014, 16:09   #13
cripo
 
Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker - Standard

Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by cripo (administrator) on CRIPO-PC on 21-01-2014 16:08:07
Running from C:\Users\cripo\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415752 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2093064 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4195848 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [ASRockXTU] - [x]
HKCU\...\Run: [zASRockInstantBoot] - [x]
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-03-10] ()
HKCU\...\Run: [Mozilla] - wscript.exe //B "C:\Users\cripo\AppData\Roaming\Mozilla.vbs"
MountPoints2: {0a815ac9-0e2d-11e1-b280-806e6f6e6963} - E:\SETUP.EXE

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD9148EB154EFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\cripo\AppData\Roaming\Mozilla\Firefox\Profiles\5yu6hj16.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-12-08] ()

==================== Drivers (Whitelisted) ====================

R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-25] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2011-11-13] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2011-11-13] (FNet Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-21 15:52 - 2014-01-21 11:43 - 02077184 _____ (Farbar) C:\Users\cripo\Desktop\FRST64.exe
2014-01-21 14:58 - 2014-01-21 16:08 - 00011120 _____ C:\Users\cripo\Desktop\FRST.txt
2014-01-21 14:56 - 2014-01-21 14:56 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64(1).exe
2014-01-21 14:53 - 2014-01-21 14:53 - 00000891 _____ C:\Users\cripo\Desktop\JRT.txt
2014-01-21 14:49 - 2014-01-21 14:49 - 01037068 _____ (Thisisu) C:\Users\cripo\Desktop\JRT.exe
2014-01-21 14:49 - 2014-01-21 14:49 - 00000000 ____D C:\Windows\ERUNT
2014-01-21 14:48 - 2014-01-21 14:48 - 00001755 _____ C:\Users\cripo\Desktop\AdwCleaner[S0].txt
2014-01-21 14:38 - 2014-01-21 14:45 - 00000000 ____D C:\AdwCleaner
2014-01-21 14:37 - 2014-01-21 14:37 - 01236282 _____ C:\Users\cripo\Downloads\adwcleaner.exe
2014-01-21 13:54 - 2014-01-21 14:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-21 13:53 - 2014-01-21 14:08 - 00000000 ____D C:\Users\cripo\Desktop\mbar
2014-01-21 13:53 - 2014-01-21 13:53 - 12582688 _____ (Malwarebytes Corp.) C:\Users\cripo\Downloads\mbar-1.07.0.1008.exe
2014-01-21 13:03 - 2014-01-21 13:03 - 00476232 _____ C:\Windows\Minidump\012114-18891-01.dmp
2014-01-21 11:46 - 2014-01-21 11:46 - 00028610 _____ C:\Users\cripo\Downloads\Addition.txt
2014-01-21 11:45 - 2014-01-21 14:57 - 00024490 _____ C:\Users\cripo\Downloads\FRST.txt
2014-01-21 11:45 - 2014-01-21 11:45 - 00000000 ____D C:\FRST
2014-01-21 11:43 - 2014-01-21 11:43 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64.exe
2014-01-21 11:42 - 2014-01-21 11:42 - 00000472 _____ C:\Users\cripo\Downloads\defogger_disable.log
2014-01-21 11:42 - 2014-01-21 11:42 - 00000000 _____ C:\Users\cripo\defogger_reenable
2014-01-21 11:41 - 2014-01-21 11:42 - 00050477 _____ C:\Users\cripo\Downloads\Defogger.exe
2014-01-21 11:10 - 2014-01-21 13:54 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-21 11:10 - 2014-01-21 13:53 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-21 11:10 - 2014-01-21 11:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-20 19:19 - 2014-01-20 20:53 - 00019674 _____ C:\Users\cripo\Documents\Snow 1.wlmp
2014-01-20 16:57 - 2014-01-20 16:57 - 00002176 _____ C:\Users\cripo\Desktop\Wirtschaft PU.lnk
2014-01-19 19:37 - 2014-01-19 19:37 - 00001536 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-01-19 19:35 - 2014-01-19 19:36 - 34083424 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\cripo\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-19 15:40 - 2014-01-19 15:44 - 00013401 _____ C:\Users\cripo\Desktop\Noten WEH1A.xlsx
2014-01-19 12:20 - 2014-01-19 12:20 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 12:20 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-19 12:20 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-19 12:20 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-19 12:20 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-16 17:49 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 17:49 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 17:49 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 17:49 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-07 10:31 - 2014-01-07 10:31 - 00001391 _____ C:\Users\cripo\Desktop\Sport PU.lnk
2014-01-05 12:17 - 2014-01-05 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-21 16:08 - 2014-01-21 14:58 - 00011120 _____ C:\Users\cripo\Desktop\FRST.txt
2014-01-21 15:52 - 2011-11-13 20:31 - 00000000 ___RD C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-21 15:31 - 2012-03-29 07:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 15:17 - 2013-03-10 17:39 - 00000000 ____D C:\Users\cripo\AppData\Local\PMB Files
2014-01-21 14:57 - 2014-01-21 11:45 - 00024490 _____ C:\Users\cripo\Downloads\FRST.txt
2014-01-21 14:56 - 2014-01-21 14:56 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64(1).exe
2014-01-21 14:54 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 14:54 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 14:53 - 2014-01-21 14:53 - 00000891 _____ C:\Users\cripo\Desktop\JRT.txt
2014-01-21 14:50 - 2011-11-13 20:26 - 02095067 _____ C:\Windows\WindowsUpdate.log
2014-01-21 14:49 - 2014-01-21 14:49 - 01037068 _____ (Thisisu) C:\Users\cripo\Desktop\JRT.exe
2014-01-21 14:49 - 2014-01-21 14:49 - 00000000 ____D C:\Windows\ERUNT
2014-01-21 14:48 - 2014-01-21 14:48 - 00001755 _____ C:\Users\cripo\Desktop\AdwCleaner[S0].txt
2014-01-21 14:47 - 2013-06-30 12:39 - 00000000 ____D C:\Users\cripo\AppData\Local\LogMeIn Hamachi
2014-01-21 14:46 - 2011-11-13 21:18 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-21 14:46 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 14:46 - 2009-07-14 05:51 - 00043328 _____ C:\Windows\setupact.log
2014-01-21 14:45 - 2014-01-21 14:38 - 00000000 ____D C:\AdwCleaner
2014-01-21 14:37 - 2014-01-21 14:37 - 01236282 _____ C:\Users\cripo\Downloads\adwcleaner.exe
2014-01-21 14:08 - 2014-01-21 13:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-21 14:08 - 2014-01-21 13:53 - 00000000 ____D C:\Users\cripo\Desktop\mbar
2014-01-21 13:54 - 2014-01-21 11:10 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-21 13:53 - 2014-01-21 13:53 - 12582688 _____ (Malwarebytes Corp.) C:\Users\cripo\Downloads\mbar-1.07.0.1008.exe
2014-01-21 13:53 - 2014-01-21 11:10 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-21 13:03 - 2014-01-21 13:03 - 00476232 _____ C:\Windows\Minidump\012114-18891-01.dmp
2014-01-21 13:03 - 2012-06-10 20:21 - 948444393 _____ C:\Windows\MEMORY.DMP
2014-01-21 13:03 - 2012-06-10 20:21 - 00000000 ____D C:\Windows\Minidump
2014-01-21 11:46 - 2014-01-21 11:46 - 00028610 _____ C:\Users\cripo\Downloads\Addition.txt
2014-01-21 11:45 - 2014-01-21 11:45 - 00000000 ____D C:\FRST
2014-01-21 11:43 - 2014-01-21 15:52 - 02077184 _____ (Farbar) C:\Users\cripo\Desktop\FRST64.exe
2014-01-21 11:43 - 2014-01-21 11:43 - 02077184 _____ (Farbar) C:\Users\cripo\Downloads\FRST64.exe
2014-01-21 11:42 - 2014-01-21 11:42 - 00000472 _____ C:\Users\cripo\Downloads\defogger_disable.log
2014-01-21 11:42 - 2014-01-21 11:42 - 00000000 _____ C:\Users\cripo\defogger_reenable
2014-01-21 11:42 - 2014-01-21 11:41 - 00050477 _____ C:\Users\cripo\Downloads\Defogger.exe
2014-01-21 11:42 - 2011-11-13 20:31 - 00000000 ____D C:\Users\cripo
2014-01-21 11:24 - 2011-04-12 08:55 - 00000000 ____D C:\Windows\CSC
2014-01-21 11:24 - 2010-11-21 04:47 - 00191394 _____ C:\Windows\PFRO.log
2014-01-21 11:10 - 2014-01-21 11:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 09:48 - 2011-04-12 08:43 - 00696832 _____ C:\Windows\system32\perfh007.dat
2014-01-21 09:48 - 2011-04-12 08:43 - 00148128 _____ C:\Windows\system32\perfc007.dat
2014-01-21 09:48 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 20:53 - 2014-01-20 19:19 - 00019674 _____ C:\Users\cripo\Documents\Snow 1.wlmp
2014-01-20 18:50 - 2012-10-09 17:32 - 00000000 ____D C:\Users\cripo\AppData\Local\Windows Live
2014-01-20 16:57 - 2014-01-20 16:57 - 00002176 _____ C:\Users\cripo\Desktop\Wirtschaft PU.lnk
2014-01-20 14:01 - 2011-11-15 18:24 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-20 12:49 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-19 19:37 - 2014-01-19 19:37 - 00001536 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-01-19 19:37 - 2013-03-13 18:42 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2014-01-19 19:37 - 2011-11-25 14:08 - 00000000 ____D C:\Users\cripo\AppData\Roaming\DVDVideoSoft
2014-01-19 19:36 - 2014-01-19 19:35 - 34083424 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\cripo\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-19 15:44 - 2014-01-19 15:40 - 00013401 _____ C:\Users\cripo\Desktop\Noten WEH1A.xlsx
2014-01-19 12:20 - 2014-01-19 12:20 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 12:20 - 2013-10-17 15:24 - 00000000 ____D C:\ProgramData\Oracle
2014-01-19 12:20 - 2013-06-25 06:42 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-19 12:10 - 2009-07-14 05:45 - 00418800 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 21:09 - 2011-11-13 21:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 21:08 - 2013-08-14 20:45 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 21:06 - 2011-11-13 22:57 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-09 19:53 - 2012-11-07 16:54 - 00000000 ___RD C:\Users\cripo\Dropbox
2014-01-09 19:51 - 2012-11-07 16:50 - 00000000 ____D C:\Users\cripo\AppData\Roaming\Dropbox
2014-01-07 13:06 - 2012-11-07 16:51 - 00000000 ____D C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-07 10:31 - 2014-01-07 10:31 - 00001391 _____ C:\Users\cripo\Desktop\Sport PU.lnk
2014-01-07 09:50 - 2013-11-09 17:29 - 00000000 ____D C:\ProgramData\Skype
2014-01-07 09:50 - 2012-02-13 21:25 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-06 18:09 - 2012-07-25 13:26 - 00000000 ____D C:\Users\cripo\AppData\Local\2K Games
2014-01-06 13:04 - 2012-05-07 16:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-05 12:17 - 2014-01-05 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\cripo\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 21:01

==================== End Of Log ============================
--- --- ---
Alt 21.01.2014, 16:25   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker - Standard

Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker


Virenscanner vor dem Fix deaktivieren!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKCU\...\Run: [Mozilla] - wscript.exe //B "C:\Users\cripo\AppData\Roaming\Mozilla.vbs"
C:\Users\cripo\AppData\Roaming\Mozilla.vbs
C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla.vbs

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.01.2014, 16:29   #15
cripo
 
Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker - Standard

Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker


Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-01-2014
Ran by cripo at 2014-01-21 16:29:00 Run:2
Running from C:\Users\cripo\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Mozilla] - wscript.exe //B "C:\Users\cripo\AppData\Roaming\Mozilla.vbs"
C:\Users\cripo\AppData\Roaming\Mozilla.vbs
C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla.vbs
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Mozilla => Value deleted successfully.
"C:\Users\cripo\AppData\Roaming\Mozilla.vbs" => File/Directory not found.
"C:\Users\cripo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla.vbs" => File/Directory not found.

==== End of Fixlog ====

Antwort
Seite 1 von 2 1 2

Themen zu Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker
antivir, antivirus, auftrag, avira, bonjour, browser, desktop, dvdvideosoft ltd., e-banking, email, error, excel, festplatte, firefox, flash player, helper, homepage, launch, mp3, problem, realtek, registry, richtlinie, rootkit, scan, security, server, software, svchost.exe, system, vcredist, verknüpfungen auf dem usb-stick


« "Browse to save" Virus | Windows XP mit vielen Vieren befallen »


Ähnliche Themen: Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker


  1. USB-Stick zeigt nur noch Verknüpfungen an
    Plagegeister aller Art und deren Bekämpfung - 01.09.2015 (64)
  2. USB-Stick Dateien sind nur noch Verknüpfungen
    Log-Analyse und Auswertung - 17.08.2015 (44)
  3. USB-Stick nur noch mit Verknüpfungen
    Log-Analyse und Auswertung - 01.05.2015 (13)
  4. Usb Stick zeigt nur noch Ordner in Verknüpfungen an #2
    Plagegeister aller Art und deren Bekämpfung - 08.02.2015 (33)
  5. USB-Stick zeigt nur noch Verknüpfungen an
    Plagegeister aller Art und deren Bekämpfung - 04.02.2015 (17)
  6. Windows 7: USB-Stick zeigt nur noch Verknüpfungen an
    Plagegeister aller Art und deren Bekämpfung - 27.08.2014 (3)
  7. Windows 7: USB Stick zeigt nur noch Verknüpfungen an
    Log-Analyse und Auswertung - 28.05.2014 (20)
  8. Win 7: USB-Stick erstellt nur noch Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 23.05.2014 (13)
  9. USB-Stick zeigt nur noch Verknüpfungen an-->Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 19.05.2014 (27)
  10. Windows 7 - Nur noch Verknüpfungen auf USB-Stick
    Log-Analyse und Auswertung - 16.02.2014 (8)
  11. Ordner auf USB-Stick nur noch als Verknüpfungen sichtbar
    Log-Analyse und Auswertung - 29.01.2014 (11)
  12. Nur noch Verknüpfungen auf USB-STick
    Plagegeister aller Art und deren Bekämpfung - 14.11.2013 (33)
  13. USB-Stick zeigt nur noch Verknüpfungen an
    Log-Analyse und Auswertung - 10.10.2013 (1)
  14. MP3 Player und USB Stick zeigen nur noch Verknüpfungen
    Log-Analyse und Auswertung - 27.04.2013 (19)
  15. Ordner auf USB-Stick nur noch Verknüpfungen!
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (11)
  16. Nur noch Verknüpfungen auf USB-Stick/CF-Karten
    Log-Analyse und Auswertung - 23.11.2011 (2)
  17. USB Stick zeigt nur noch Verknüpfungen an
    Log-Analyse und Auswertung - 08.11.2011 (31)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker - Hallo liebes Trojaner-Board-Team! Nachdem ich gestern aus dem Winterurlaub zurück bin, erwartete mich eine böse Überraschung. Ich habe meinen USB Stick angeschlossen, der auf einmal nur Verknüpfungen angezeigt hat. Nachdem - Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker...
Archiv
Du betrachtest: Nur noch Verknüpfungen auf dem USB-Stick -> Trojaner.Banker auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55