Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Online Banking vermutlich Phishing vor Login

Online Banking vermutlich Phishing vor Login


Plagegeister aller Art und deren Bekämpfung: Online Banking vermutlich Phishing vor Login

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.05.2015, 11:15   #1
Dr. Chili
 
Online Banking vermutlich Phishing vor Login - Standard

Online Banking vermutlich Phishing vor Login


...und hier noch der neuerliche Log vom FRST Scan.

Kontrolle auf OB Homepage: Meldung kommt nach wie vor.
Riecht für mich stark nach neu Aufsetzen...


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2015 02
Ran by nina (administrator) on ACERNOTEBOOK on 17-05-2015 12:08:34
Running from C:\Users\nina\Downloads
Loaded Profiles: nina (Available profiles: nina & Gast)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GregHSRW.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files\FireFox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [484920 2009-07-20] (Conexant Systems, Inc.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [703008 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [825864 2009-09-24] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093232 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668720 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [2729800 2011-01-25] (O&O Software GmbH)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [A1Diagnose] => C:\Program Files\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe [31581288 2014-05-19] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe [128760 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0AMQA4AD (the data entry has 226 more characters).
HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3389578649-474333246-578579119-1006\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [307568 2009-07-10] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\avgrsstx.dll => C:\Windows\System32\avgrsstx.dll File Not Found

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3389578649-474333246-578579119-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3389578649-474333246-578579119-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> DefaultScope {B6449CE3-FAFF-4CF0-A17D-74885FB179FE} URL = https://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deAT360
SearchScopes: HKU\S-1-5-21-3389578649-474333246-578579119-1006 -> {B6449CE3-FAFF-4CF0-A17D-74885FB179FE} URL = https://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04] (Skype Technologies S.A.)
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
BHO: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\system32\cgmopenbho.dll [2005-06-09] (CGM Open Consortium, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-09] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://www.google.at/
FF Keyword.URL: https://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF NetworkProxy: "autoconfig_url", "https://guardvpn.net/facebook.js"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3389578649-474333246-578579119-1006: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\nina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-26] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\searchplugins\yahoo_ff.xml [2015-04-07]
FF Extension: GreenWebPlayer - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\greenwebplayer@greentube.com [2014-02-02]
FF Extension: BitComet Video Downloader - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2013-11-21]
FF Extension: Lightbeam - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-02-21]
FF Extension: Video DownloadHelper - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Adblock Plus - C:\Users\nina\AppData\Roaming\Mozilla\Firefox\Profiles\tcn0t8c3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-27]

Chrome: 
=======
CHR HKU\S-1-5-21-3389578649-474333246-578579119-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [827640 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1185584 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [206584 2015-05-07] (Avira Operations GmbH & Co. KG)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [727584 2009-09-30] (Acer Incorporated)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed]
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 Greg_Service; C:\Program Files\Acer\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2009-06-18] (NewTech Infosystems, Inc.)
R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2336072 2011-01-25] (O&O Software GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107400 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed]
S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [69632 2003-10-01] () [File not signed]
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20176 2004-05-19] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-04-16] (Avira GmbH)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [91016 2014-05-19] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [20616 2014-05-19] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [540040 2014-05-19] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\Users\nina\AppData\Local\Temp\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 11:53 - 2015-05-17 11:53 - 00000000 ____D () C:\Users\nina\Downloads\FRST-OlderVersion
2015-05-17 10:10 - 2015-05-17 10:10 - 00000000 ____D () C:\Users\nina\AppData\Roaming\Avira
2015-05-17 10:06 - 2015-04-16 15:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-17 10:06 - 2015-04-16 15:23 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-17 10:06 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-05-17 10:06 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-05-17 10:06 - 2015-04-16 15:23 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-05-17 09:57 - 2015-05-17 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-17 09:57 - 2015-05-17 10:06 - 00000000 ____D () C:\ProgramData\Avira
2015-05-17 09:57 - 2015-05-17 10:06 - 00000000 ____D () C:\Program Files\Avira
2015-05-17 09:57 - 2015-05-17 09:57 - 00001169 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-05-16 23:15 - 2015-05-16 23:15 - 00016193 _____ () C:\ComboFix.txt
2015-05-16 22:46 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-16 22:46 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-16 22:46 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-16 22:46 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-16 22:46 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-16 22:46 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-16 22:46 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-16 22:46 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-16 22:36 - 2015-05-16 23:15 - 00000000 ____D () C:\Qoobox
2015-05-16 22:36 - 2015-05-16 23:13 - 00000000 ____D () C:\Windows\erdnt
2015-05-16 21:56 - 2015-05-16 21:56 - 05623645 ____R (Swearware) C:\Users\nina\Desktop\ComboFix.exe
2015-05-16 21:40 - 2015-05-16 21:40 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\nina\Desktop\tdsskiller.exe
2015-05-16 14:09 - 2015-05-16 14:09 - 00002142 _____ () C:\Users\nina\Desktop\eset.txt
2015-05-16 12:01 - 2015-05-16 12:01 - 00000000 ____D () C:\Program Files\ESET
2015-05-16 10:35 - 2015-05-16 10:36 - 00000000 ____D () C:\Program Files\FireFox
2015-05-15 15:49 - 2015-05-15 15:50 - 00044597 _____ () C:\Users\nina\Downloads\Addition.txt
2015-05-15 15:48 - 2015-05-17 12:08 - 00020240 _____ () C:\Users\nina\Downloads\FRST.txt
2015-05-15 15:47 - 2015-05-17 12:08 - 00000000 ____D () C:\FRST
2015-05-15 15:46 - 2015-05-17 11:53 - 01146368 _____ (Farbar) C:\Users\nina\Downloads\FRST.exe
2015-05-15 15:42 - 2015-05-15 15:42 - 00000470 _____ () C:\Users\nina\Downloads\defogger_disable.log
2015-05-15 15:42 - 2015-05-15 15:42 - 00000000 _____ () C:\Users\nina\defogger_reenable
2015-05-15 15:41 - 2015-05-15 15:41 - 00050477 _____ () C:\Users\nina\Downloads\Defogger.exe
2015-05-15 15:31 - 2015-05-15 15:31 - 04737144 _____ (Avira Operations GmbH & Co. KG) C:\Users\nina\Downloads\avira_de_av_5555f4ed49790__ws.exe
2015-05-14 11:02 - 2015-05-14 11:02 - 00001027 _____ () C:\Users\Public\Desktop\HappyFoto-Designer.lnk
2015-05-14 11:01 - 2015-05-14 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HappyFoto-Designer
2015-05-14 11:00 - 2015-05-14 11:00 - 00000121 _____ () C:\Windows\DirectX.log
2015-05-14 11:00 - 2015-05-14 11:00 - 00000000 ____D () C:\ProgramData\HappyFoto-Designer
2015-05-14 10:54 - 2015-05-14 10:59 - 316562064 _____ ( ) C:\Users\nina\Downloads\HappyFoto-Designer.exe
2015-05-03 11:27 - 2015-05-03 11:27 - 06484352 _____ (Piriform Ltd) C:\Users\nina\Downloads\ccsetup505.exe
2015-04-19 21:51 - 2015-04-19 21:51 - 00002761 _____ () C:\Users\nina\AppData\Local\recently-used.xbel
2015-04-19 19:03 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-19 19:03 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-19 19:03 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-19 19:03 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-19 19:03 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-19 19:03 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-19 19:03 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-19 19:03 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-19 19:03 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-19 19:03 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-19 19:03 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-19 19:03 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-19 19:03 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-19 19:03 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-19 19:03 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-19 19:03 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-19 19:03 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-19 19:03 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-19 19:03 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-19 19:03 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-19 19:03 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-19 19:03 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 14373376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 02864640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 01763328 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-19 19:03 - 2015-03-10 05:49 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-19 19:03 - 2015-03-10 05:49 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 13767680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-19 19:03 - 2015-03-10 05:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-19 19:03 - 2015-03-10 05:48 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-19 19:03 - 2015-03-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-19 19:03 - 2015-03-10 04:39 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-19 19:03 - 2015-03-10 04:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-04-19 19:03 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-19 19:03 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-19 19:03 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-19 19:03 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-19 19:01 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-19 19:01 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 12:07 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-17 12:07 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-17 12:03 - 2013-11-21 12:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-17 12:03 - 2009-07-07 02:17 - 01523751 _____ () C:\Windows\WindowsUpdate.log
2015-05-17 11:59 - 2015-03-30 09:26 - 00007427 _____ () C:\Windows\setupact.log
2015-05-17 11:59 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-17 11:58 - 2015-04-03 10:21 - 00169732 _____ () C:\Windows\PFRO.log
2015-05-17 11:56 - 2013-12-13 10:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-17 09:57 - 2013-07-28 12:40 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-17 09:15 - 2009-10-17 10:14 - 01644410 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-17 09:06 - 2011-09-18 19:02 - 00000000 ____D () C:\Users\Gast
2015-05-16 23:15 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-05-16 23:15 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2015-05-16 23:11 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2015-05-16 20:45 - 2013-10-16 15:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-16 10:07 - 2013-11-21 12:23 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-15 15:42 - 2009-12-30 13:04 - 00000000 ____D () C:\Users\nina
2015-05-14 22:48 - 2012-01-31 22:22 - 01186304 ___SH () C:\Users\nina\Desktop\Thumbs.db
2015-05-14 12:11 - 2014-12-11 00:13 - 00000000 ____D () C:\Users\nina\AppData\Local\HappyFoto-Designer
2015-05-14 11:01 - 2014-12-11 00:09 - 00000000 ____D () C:\Program Files\HappyFoto-Designer
2015-05-13 14:47 - 2014-10-12 09:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-03 11:29 - 2013-10-17 15:08 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-03 11:29 - 2013-10-17 15:08 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-02 09:18 - 2014-10-12 18:38 - 00000906 _____ () C:\Windows\Tasks\Paragon Archive name arc_121014163721442.job
2015-04-30 21:15 - 2015-03-29 11:52 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-30 21:15 - 2014-10-13 19:54 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-30 21:15 - 2013-11-06 22:36 - 00000000 ____D () C:\Users\nina\AppData\Roaming\vlc
2015-04-30 21:15 - 2013-11-06 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-04-30 21:15 - 2013-10-21 09:33 - 00000000 ____D () C:\Users\nina\AppData\Roaming\Thunderbird
2015-04-30 21:15 - 2010-01-06 19:36 - 00000000 ____D () C:\Users\nina\AppData\Roaming\Skype
2015-04-30 21:15 - 2010-01-06 19:34 - 00000000 ___RD () C:\Program Files\Skype
2015-04-30 21:15 - 2009-07-14 09:49 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-30 21:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-04-30 21:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2015-04-30 21:14 - 2010-01-06 19:34 - 00000000 ____D () C:\ProgramData\Skype
2015-04-26 20:59 - 2013-10-25 11:52 - 00000000 ____D () C:\Users\nina\Desktop\Johanna
2015-04-22 19:58 - 2013-11-23 09:54 - 00000000 ____D () C:\Users\nina\Desktop\Fahrpläne
2015-04-19 21:51 - 2013-12-17 22:44 - 00000000 ____D () C:\Users\nina\AppData\Local\gtk-2.0
2015-04-19 21:51 - 2013-11-23 12:22 - 00000000 ____D () C:\Users\nina\.gimp-2.8
2015-04-19 20:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-04-19 20:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-19 19:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-19 19:31 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2015-04-19 19:29 - 2014-12-13 14:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-19 19:29 - 2014-04-26 13:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-19 19:29 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-04-19 19:23 - 2013-08-24 14:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-19 19:09 - 2010-01-02 12:37 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-19 19:09 - 2009-10-17 10:39 - 00000000 ____D () C:\ProgramData\Microsoft Help

==================== Files in the root of some directories =======

2010-12-11 11:02 - 2010-12-12 20:24 - 0018763 _____ () C:\Users\nina\AppData\Roaming\mdbu.bin
2014-03-07 19:46 - 2014-03-07 19:46 - 0004096 ____H () C:\Users\nina\AppData\Local\keyfile3.drm
2015-04-19 21:51 - 2015-04-19 21:51 - 0002761 _____ () C:\Users\nina\AppData\Local\recently-used.xbel
2014-01-06 15:52 - 2014-11-06 07:59 - 0007667 _____ () C:\Users\nina\AppData\Local\Resmon.ResmonCfg
2009-10-17 10:31 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
2010-01-01 22:05 - 2013-10-17 14:29 - 0007511 _____ () C:\ProgramData\hpzinstall.log
2014-12-28 19:34 - 2014-12-28 19:34 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Some content of TEMP:
====================
C:\Users\nina\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 00:23

==================== End Of Log ============================
--- --- ---
Alt 17.05.2015, 11:21   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Online Banking vermutlich Phishing vor Login - Standard

Online Banking vermutlich Phishing vor Login


Warum hast Du ohne Anweisung Avira installiert? Das steht doch in meinem ersten Posting, dass keine Veränderungen vorgenommen werden sollen!

Hat Avira Dateien gelöscht?
__________________

__________________
Alt 17.05.2015, 11:26   #3
Dr. Chili
 
Online Banking vermutlich Phishing vor Login - Standard

Online Banking vermutlich Phishing vor Login


Zitat:
Zitat von deeprybka Beitrag anzeigen

Hat Avira Dateien gelöscht?
Nein, zumindest wurde mir nichts dergleichen gemeldet.

edit: Bei der Bank ist das Problem offenbar seit 01/2014 bekannt. Es gibt aber noch keine Lösungsansätze:
hxxp://www.bankaustria.at/sicherheit/sicherheitshinweis.jsp
__________________
Antwort

Themen zu Online Banking vermutlich Phishing vor Login
anhang, aufforderung, banking, eingabe, erscheint, formation, funktioniert, gestern, handy, handynummer, information, installation, login, online, online banking, phishing, phone, scan, seite, seltsame, software, tans, troja, vermutlich, vorerst


« Plötzlich Ordner auf dem Rechner | Bildschirm flimmert in verschiedenen Farben! »


Ähnliche Themen: Online Banking vermutlich Phishing vor Login


  1. Secure Banking - Online Banking auf der sicheren Seite!
    Archiv - 29.08.2016 (471)
  2. Windows 8.1: Online-Banking-Trojaner (BAWAG) entfernt, noch immer falsche Login-Seite
    Plagegeister aller Art und deren Bekämpfung - 15.11.2015 (24)
  3. Online Banking gesperrt wg. Phishing
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (9)
  4. Merkwürdige TAN-Abfrage nach Login bei Online-Banking
    Plagegeister aller Art und deren Bekämpfung - 19.05.2013 (27)
  5. Müll aus Secure Banking - Online Banking auf der sicheren Seite!
    Mülltonne - 04.10.2012 (0)
  6. Kreditkartenabfrage nach Online-Banking-Login - Trojan.BTSoft.Gen ?
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (3)
  7. Phishing-Attacke, Bereinigung vor Online-Banking-Entsperrung nötig
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (8)
  8. PIN angeblich falsch mit TAN bestätigen - Login online Banking comdirect
    Log-Analyse und Auswertung - 28.04.2012 (15)
  9. Commerzbank Online-Banking Phishing???
    Plagegeister aller Art und deren Bekämpfung - 24.11.2011 (6)
  10. Online Banking - TAN Abfrage beim Banking - Trojaner?
    Log-Analyse und Auswertung - 12.08.2011 (3)
  11. Phishing Trojaner Sparkasse Online Banking
    Plagegeister aller Art und deren Bekämpfung - 30.12.2010 (57)
  12. Online-Banking (Sparkasse) verlangt nach Login Eingabe von mehreren TAN
    Plagegeister aller Art und deren Bekämpfung - 22.10.2010 (1)
  13. Phishing Online Banking Sparkasse
    Plagegeister aller Art und deren Bekämpfung - 24.03.2010 (1)
  14. firefox schließt bei onlinebanking, t-online login....
    Plagegeister aller Art und deren Bekämpfung - 02.02.2010 (22)
  15. Bin vermutlich in eine Phishing Falle geraten
    Log-Analyse und Auswertung - 09.12.2009 (3)
  16. Verdacht auf Viren (Phishing / Online-Banking)
    Log-Analyse und Auswertung - 12.11.2009 (53)
  17. Online Banking gesperrt wegen Phishing und Trojanern
    Log-Analyse und Auswertung - 15.06.2009 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Online Banking vermutlich Phishing vor Login - ...und hier noch der neuerliche Log vom FRST Scan. Kontrolle auf OB Homepage: Meldung kommt nach wie vor. Riecht für mich stark nach neu Aufsetzen... FRST Logfile: Code: Alles auswählen - Online Banking vermutlich Phishing vor Login...
Archiv
Du betrachtest: Online Banking vermutlich Phishing vor Login auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131