|
Plagegeister aller Art und deren Bekämpfung: Online Banking vermutlich Phishing vor LoginWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.05.2015, 08:30 | #31 |
/// TB-Ausbilder /// Anleitungs-Guru | Online Banking vermutlich Phishing vor LoginDann wähle entfernen. Wir machen noch eine Kontrolle: Avira Echtzeitscanner deaktivieren. Schritt 1
Schritt 2 Bitte starte FRST erneut, und drücke auf Scan. Bitte poste mir den Inhalt des Logs.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
18.05.2015, 08:54 | #32 |
| Online Banking vermutlich Phishing vor Login OK, wird am abend erledigt. Bin tagsüber im Büro...
__________________ |
18.05.2015, 08:55 | #33 |
/// TB-Ausbilder /// Anleitungs-Guru | Online Banking vermutlich Phishing vor Login Alles klar.
__________________
__________________ |
18.05.2015, 18:37 | #34 |
| Online Banking vermutlich Phishing vor Login Beim Panda cloud cleaner auch "clean", oder nicht? Code:
ATTFilter Unknown. FILE: C:\PROGRAMDATA\MCQCMODIFIER-5C47-A7B0\MCQCMODIFIER-5C47-A7B0.CMD to be deleted. Unknown. TASK: Task\[McQcModifier-5c47-a7b0]. Task to be deleted. Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0 Malware. REGKEY: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted. |
18.05.2015, 18:39 | #35 |
/// TB-Ausbilder /// Anleitungs-Guru | Online Banking vermutlich Phishing vor Login Steht was in der Anweisung von "clean drücken"?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
18.05.2015, 18:49 | #36 |
| Online Banking vermutlich Phishing vor Login Nein, deswegen Frag ich ja. Seit meiner Eigeninitiative beim Avira trau ich mich nix mehr selbst entscheiden, sonst gibt Also bitte: Wie soll ich den Panda abschliessen? Er ist noch offen... |
18.05.2015, 18:52 | #37 |
/// TB-Ausbilder /// Anleitungs-Guru | Online Banking vermutlich Phishing vor Login Nein nichts löschen lassen. Anwendung einfach schließen.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
18.05.2015, 19:08 | #38 |
| Online Banking vermutlich Phishing vor LoginFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2015 02 Ran by nina (administrator) on ACERNOTEBOOK on 18-05-2015 20:06:10 Running from C:\FRST Loaded Profiles: nina & (Available profiles: nina & Gast) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (Acer Incorporated) C:\Program Files\Acer\Registration\GregHSRW.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe (O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe (SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Windows\vVX3000.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe () C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe (Samsung) C:\Program Files\Samsung\Kies\Kies.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe (Mozilla Corporation) C:\Program Files\FireFox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [484920 2009-07-20] (Conexant Systems, Inc.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [703008 2009-09-30] (Acer Incorporated) HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [825864 2009-09-24] (Dritek System Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated) HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation) HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation) HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093232 2012-11-02] (Microsoft Corporation) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668720 2012-11-02] (Microsoft Corporation) HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [2729800 2011-01-25] (O&O Software GmbH) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] () HKLM\...\Run: [A1Diagnose] => C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe [31581288 2014-05-19] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe [128760 2015-05-07] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0AMQA4AD (the data entry has 226 more characters). HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung) HKU\S-1-5-21-3389578649-474333246-578579119-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [307568 2009-07-10] (Microsoft Corporation) HKU\S-1-5-21-3389578649-474333246-578579119-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" AppInit_DLLs: C:\Windows\System32\avgrsstx.dll => C:\Windows\System32\avgrsstx.dll File Not Found ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3389578649-474333246-578579119-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3389578649-474333246-578579119-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=extensa_5635&r=27051209c116l0393z255i4835u294 HKU\S-1-5-21-3389578649-474333246-578579119-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=extensa_5635&r=27051209c116l0393z255i4835u294 SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> DefaultScope {B6449CE3-FAFF-4CF0-A17D-74885FB179FE} URL = SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT360 SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> {B6449CE3-FAFF-4CF0-A17D-74885FB179FE} URL = SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT360 SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT360 SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={F459AFF5-2372-4646-935D-27D90A43FF3D}&mid=b073fc6a008dbc214ad5f6b3999bc201-0ecc4ffe39f4fc484d2e94da312329d18dff5357&lang=de&ds=AVG&pr=fr&d=2011-12-02 12:31:05&v=9.0.0.18&sap=dsp&q={searchTerms} BHO: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04] (Skype Technologies S.A.) BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet) BHO: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\system32\cgmopenbho.dll [2005-06-09] (CGM Open Consortium, Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-09] (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation) Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default FF DefaultSearchEngine: Google FF SelectedSearchEngine: Yahoo! FF Homepage: hxxp://www.google.at/ FF Keyword.URL: https://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( ) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3389578649-474333246-578579119-1006: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\nina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-26] (Unity Technologies ApS) FF Extension: GreenWebPlayer - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\greenwebplayer@greentube.com [2014-02-02] FF Extension: BitComet Video Downloader - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2013-11-21] FF Extension: Lightbeam - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-02-21] FF Extension: Video DownloadHelper - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14] FF Extension: Adblock Plus - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-27] Chrome: ======= CHR HKU\S-1-5-21-3389578649-474333246-578579119-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [827640 2015-04-16] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1185584 2015-04-16] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [206584 2015-05-07] (Avira Operations GmbH & Co. KG) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [727584 2009-09-30] (Acer Incorporated) R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed] S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries) R2 Greg_Service; C:\Program Files\Acer\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated) R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [4059712 2015-05-17] (SurfRight B.V.) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed] R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2009-06-18] (NewTech Infosystems, Inc.) R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.) R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2336072 2011-01-25] (O&O Software GmbH) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed] R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed] R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-04] (Acer) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107400 2015-04-16] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-04-16] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed] R3 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [149832 2015-05-17] (SurfRight B.V.) R3 hmpnet; C:\Windows\system32\drivers\hmpnet.sys [63856 2015-05-17] (SurfRight B.V.) S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [69632 2003-10-01] () [File not signed] R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.) R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.) R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20176 2004-05-19] (Sonic Solutions) [File not signed] R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-04-16] (Avira GmbH) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [91016 2014-05-19] () R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2014-05-19] () R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [540040 2014-05-19] () S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed] S3 catchme; \??\C:\Users\nina\AppData\Local\Temp\catchme.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-18 18:59 - 2015-05-18 18:59 - 00001244 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk 2015-05-18 18:59 - 2015-05-18 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security 2015-05-18 18:59 - 2015-05-18 18:59 - 00000000 ____D () C:\Program Files\Panda Security 2015-05-18 18:58 - 2015-05-18 18:58 - 31646088 _____ (Panda Security ) C:\Users\nina\Downloads\PandaCloudCleaner.exe 2015-05-17 20:44 - 2015-05-17 20:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-17 20:44 - 2015-05-17 20:44 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-05-17 20:44 - 2015-05-17 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-17 20:44 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-05-17 20:44 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-05-17 20:44 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-05-17 20:43 - 2015-05-17 20:44 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-05-17 20:43 - 2015-05-17 20:43 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-05-17 20:42 - 2015-05-17 20:42 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\nina\Downloads\mbam-setup-2.1.6.1022.exe 2015-05-17 14:12 - 2015-05-18 09:30 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert 2015-05-17 14:10 - 2015-05-17 14:10 - 00760144 _____ (SurfRight B.V.) C:\Windows\system32\hmpalert.dll 2015-05-17 14:10 - 2015-05-17 14:10 - 00149832 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpalert.sys 2015-05-17 14:10 - 2015-05-17 14:10 - 00063856 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpnet.sys 2015-05-17 14:10 - 2015-05-17 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2015-05-17 14:10 - 2015-05-17 14:10 - 00000000 ____D () C:\Program Files\HitmanPro.Alert 2015-05-17 12:19 - 2015-05-17 12:19 - 00004603 _____ () C:\Users\nina\AppData\Local\recently-used.xbel 2015-05-17 10:10 - 2015-05-17 10:10 - 00000000 ____D () C:\Users\nina\AppData\Roaming\Avira 2015-05-17 10:06 - 2015-04-16 15:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-05-17 10:06 - 2015-04-16 15:23 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-05-17 10:06 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-05-17 10:06 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-05-17 10:06 - 2015-04-16 15:23 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2015-05-17 09:57 - 2015-05-17 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-05-17 09:57 - 2015-05-17 10:06 - 00000000 ____D () C:\ProgramData\Avira 2015-05-17 09:57 - 2015-05-17 10:06 - 00000000 ____D () C:\Program Files\Avira 2015-05-17 09:57 - 2015-05-17 09:57 - 00001169 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-05-16 23:15 - 2015-05-16 23:15 - 00016193 _____ () C:\ComboFix.txt 2015-05-16 22:46 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-05-16 22:46 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-05-16 22:46 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-05-16 22:46 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-05-16 22:46 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-05-16 22:46 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-05-16 22:46 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-05-16 22:46 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-05-16 22:36 - 2015-05-16 23:15 - 00000000 ____D () C:\Qoobox 2015-05-16 22:36 - 2015-05-16 23:13 - 00000000 ____D () C:\Windows\erdnt 2015-05-16 21:56 - 2015-05-16 21:56 - 05623645 ____R (Swearware) C:\Users\nina\Desktop\ComboFix.exe 2015-05-16 21:40 - 2015-05-16 21:40 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\nina\Desktop\tdsskiller.exe 2015-05-16 14:09 - 2015-05-16 14:09 - 00002142 _____ () C:\Users\nina\Desktop\eset.txt 2015-05-16 12:01 - 2015-05-16 12:01 - 00000000 ____D () C:\Program Files\ESET 2015-05-16 10:35 - 2015-05-16 10:36 - 00000000 ____D () C:\Program Files\FireFox 2015-05-15 15:47 - 2015-05-18 20:06 - 00000000 ____D () C:\FRST 2015-05-15 15:42 - 2015-05-15 15:42 - 00000470 _____ () C:\Users\nina\Downloads\defogger_disable.log 2015-05-15 15:42 - 2015-05-15 15:42 - 00000000 _____ () C:\Users\nina\defogger_reenable 2015-05-15 15:41 - 2015-05-15 15:41 - 00050477 _____ () C:\Users\nina\Downloads\Defogger.exe 2015-05-15 15:31 - 2015-05-15 15:31 - 04737144 _____ (Avira Operations GmbH & Co. KG) C:\Users\nina\Downloads\avira_de_av_5555f4ed49790__ws.exe 2015-05-14 11:02 - 2015-05-14 11:02 - 00001027 _____ () C:\Users\Public\Desktop\HappyFoto-Designer.lnk 2015-05-14 11:01 - 2015-05-14 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HappyFoto-Designer 2015-05-14 11:00 - 2015-05-14 11:00 - 00000121 _____ () C:\Windows\DirectX.log 2015-05-14 11:00 - 2015-05-14 11:00 - 00000000 ____D () C:\ProgramData\HappyFoto-Designer 2015-05-14 10:54 - 2015-05-14 10:59 - 316562064 _____ ( ) C:\Users\nina\Downloads\HappyFoto-Designer.exe 2015-05-03 11:27 - 2015-05-03 11:27 - 06484352 _____ (Piriform Ltd) C:\Users\nina\Downloads\ccsetup505.exe 2015-04-19 19:03 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-19 19:03 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-19 19:03 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-19 19:03 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-04-19 19:03 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-19 19:03 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-19 19:03 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-04-19 19:03 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-19 19:03 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-04-19 19:03 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-04-19 19:03 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-04-19 19:03 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-04-19 19:03 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-04-19 19:03 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-04-19 19:03 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-04-19 19:03 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-04-19 19:03 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-04-19 19:03 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-04-19 19:03 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-04-19 19:03 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-04-19 19:03 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-04-19 19:03 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 14373376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 02864640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 01763328 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-19 19:03 - 2015-03-10 05:49 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-19 19:03 - 2015-03-10 05:49 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 13767680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-19 19:03 - 2015-03-10 05:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-04-19 19:03 - 2015-03-10 05:48 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-04-19 19:03 - 2015-03-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-04-19 19:03 - 2015-03-10 04:39 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-04-19 19:03 - 2015-03-10 04:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-04-19 19:03 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-04-19 19:03 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-04-19 19:03 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-19 19:03 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2015-04-19 19:01 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-19 19:01 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-18 19:56 - 2013-12-13 10:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-18 14:07 - 2009-07-07 02:17 - 01571163 _____ () C:\Windows\WindowsUpdate.log 2015-05-18 14:06 - 2013-11-21 12:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-18 09:39 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-18 09:39 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-18 09:30 - 2015-04-03 10:21 - 00171372 _____ () C:\Windows\PFRO.log 2015-05-18 09:30 - 2015-03-30 09:26 - 00007595 _____ () C:\Windows\setupact.log 2015-05-18 09:30 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-18 09:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Speech 2015-05-17 21:56 - 2011-09-18 19:02 - 00000000 ____D () C:\Users\Gast 2015-05-17 14:27 - 2009-10-17 10:14 - 01644410 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-17 12:19 - 2013-12-17 22:44 - 00000000 ____D () C:\Users\nina\AppData\Local\gtk-2.0 2015-05-17 12:19 - 2013-11-23 12:22 - 00000000 ____D () C:\Users\nina\.gimp-2.8 2015-05-17 09:57 - 2013-07-28 12:40 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-16 23:15 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default 2015-05-16 23:15 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2015-05-16 23:11 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini 2015-05-16 20:45 - 2013-10-16 15:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-05-16 10:07 - 2013-11-21 12:23 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-15 15:42 - 2009-12-30 13:04 - 00000000 ____D () C:\Users\nina 2015-05-14 22:48 - 2012-01-31 22:22 - 01186304 ___SH () C:\Users\nina\Desktop\Thumbs.db 2015-05-14 12:11 - 2014-12-11 00:13 - 00000000 ____D () C:\Users\nina\AppData\Local\HappyFoto-Designer 2015-05-14 11:01 - 2014-12-11 00:09 - 00000000 ____D () C:\Program Files\HappyFoto-Designer 2015-05-13 14:47 - 2014-10-12 09:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-03 11:29 - 2013-10-17 15:08 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-05-03 11:29 - 2013-10-17 15:08 - 00000000 ____D () C:\Program Files\CCleaner 2015-05-02 09:18 - 2014-10-12 18:38 - 00000906 _____ () C:\Windows\Tasks\Paragon Archive name arc_121014163721442.job 2015-04-30 21:15 - 2015-03-29 11:52 - 00000000 ___SD () C:\Windows\system32\GWX 2015-04-30 21:15 - 2014-10-13 19:54 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-04-30 21:15 - 2013-11-06 22:36 - 00000000 ____D () C:\Users\nina\AppData\Roaming\vlc 2015-04-30 21:15 - 2013-11-06 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-04-30 21:15 - 2013-10-21 09:33 - 00000000 ____D () C:\Users\nina\AppData\Roaming\Thunderbird 2015-04-30 21:15 - 2010-01-06 19:36 - 00000000 ____D () C:\Users\nina\AppData\Roaming\Skype 2015-04-30 21:15 - 2010-01-06 19:34 - 00000000 ___RD () C:\Program Files\Skype 2015-04-30 21:15 - 2009-07-14 09:49 - 00000000 ___RD () C:\Users\Public\Recorded TV 2015-04-30 21:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2015-04-30 21:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2015-04-30 21:14 - 2010-01-06 19:34 - 00000000 ____D () C:\ProgramData\Skype 2015-04-26 20:59 - 2013-10-25 11:52 - 00000000 ____D () C:\Users\nina\Desktop\Johanna 2015-04-22 19:58 - 2013-11-23 09:54 - 00000000 ____D () C:\Users\nina\Desktop\Fahrpläne 2015-04-19 20:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2015-04-19 20:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat 2015-04-19 19:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-04-19 19:31 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther 2015-04-19 19:29 - 2014-12-13 14:19 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-19 19:29 - 2014-04-26 13:20 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-19 19:29 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2015-04-19 19:23 - 2013-08-24 14:00 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-19 19:09 - 2010-01-02 12:37 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-04-19 19:09 - 2009-10-17 10:39 - 00000000 ____D () C:\ProgramData\Microsoft Help ==================== Files in the root of some directories ======= 2010-12-11 11:02 - 2010-12-12 20:24 - 0018763 _____ () C:\Users\nina\AppData\Roaming\mdbu.bin 2014-03-07 19:46 - 2014-03-07 19:46 - 0004096 ____H () C:\Users\nina\AppData\Local\keyfile3.drm 2015-05-17 12:19 - 2015-05-17 12:19 - 0004603 _____ () C:\Users\nina\AppData\Local\recently-used.xbel 2014-01-06 15:52 - 2014-11-06 07:59 - 0007667 _____ () C:\Users\nina\AppData\Local\Resmon.ResmonCfg 2009-10-17 10:31 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe 2010-01-01 22:05 - 2013-10-17 14:29 - 0007511 _____ () C:\ProgramData\hpzinstall.log 2014-12-28 19:34 - 2014-12-28 19:34 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys Some content of TEMP: ==================== C:\Users\nina\AppData\Local\temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-14 00:23 ==================== End Of Log ============================ |
18.05.2015, 19:58 | #39 |
/// TB-Ausbilder /// Anleitungs-Guru | Online Banking vermutlich Phishing vor Login OK Nina. Wir sind soweit fertig. Es scheint so, als ob keine weitere, aktive Malware vorhanden ist. Ich kenne Deinen Kontostand nicht (bei meinem würden die Angreifer vermutlich aus Mitleid sogar was überweisen. ). Gehe davon aus, dass Deine Zugangsdaten bekannt sind. Diese solltest Du auf jeden Fall ändern lassen. Ansonsten das Handy schön sauber halten. HitmanProAlert würde ich bis zum Ende der Testphase installiert lassen. Dann bitte noch den Internetexplorer, Firefox updaten, sowie Java deinstallieren und bei Bedarf mit der aktuellen Version ersetzen. Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter CloseProcesses: HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0AMQA4AD (the data entry has 226 more characters). AppInit_DLLs: C:\Windows\System32\avgrsstx.dll => C:\Windows\System32\avgrsstx.dll File Not Found HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction HKU\S-1-5-21-3389578649-474333246-578579119-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> DefaultScope {B6449CE3-FAFF-4CF0-A17D-74885FB179FE} URL = SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> {B6449CE3-FAFF-4CF0-A17D-74885FB179FE} URL = Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-3389578649-474333246-578579119-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
>>clean<< Wir haben es geschafft! Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Kauf-Empfehlung: ESET Smart Security Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
Themen zu Online Banking vermutlich Phishing vor Login |
anhang, aufforderung, banking, eingabe, erscheint, formation, funktioniert, gestern, handy, handynummer, information, installation, login, online, online banking, phishing, phone, scan, seite, seltsame, software, tans, troja, vermutlich, vorerst |