Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Bundeskriminalpolizei(Ukash)- und Sparkassen(TANs)-Trojaner/Virus

Bundeskriminalpolizei(Ukash)- und Sparkassen(TANs)-Trojaner/Virus


Log-Analyse und Auswertung: Bundeskriminalpolizei(Ukash)- und Sparkassen(TANs)-Trojaner/Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 11.08.2011, 20:59   #1
Chenoa
 
Bundeskriminalpolizei(Ukash)- und Sparkassen(TANs)-Trojaner/Virus - Standard

Bundeskriminalpolizei(Ukash)- und Sparkassen(TANs)-Trojaner/Virus


Hallo Experten!

Erst einmal vorneweg:
Meine Schwester und ich sind Laien (sie noch mehr als ich), ich habe versucht die Vorgehensliste genau abzuarbeiten, bin mir aber nicht sicher, ob ich alles richtig gemacht habe, daher entschuldigt eventuelle Fehler bitte.

Problem:
Das Samsung N140-Netbook (Win XP, 32-Bit) meiner Schwester wurde innerhalb von 24-48h von gleich 2 Schädlingen lahmgelegt.

Zuerst diese Bundeskriminalpolizeisache (jashla.exe?):
  • sie sagte, dass sie nach Abwesenheit an das laufende Netbook zurückkam, und die Aufforderung sah per UKash 100 Euro zu zahlen
  • nach "gewaltvollem" Neustart war Interaktion mit dem PC wieder möglich
  • daraufhin hat sie Tips zur Wiederherstellung des explorer.exe von einem Freund befolgt, ich weiß aber nicht welche (ich glaub den Eintrag in der Shell-Datei geändert?, sie weiß auch nicht mehr)
  • die Infektion muss sich schon länger auf dem Netbook befinden, vor ca. einem Monat hatte sie damit schon einmal Probleme

Kurze Zeit später der Sparkassen-Trojaner:
  • beim Besuch der Onlinebanking-Seite war sie a) automatisch in ihr Konto eingeloggt ohne vorher ihre Daten eingegeben zu haben und b) wurde sie aufgefordert 30 TAN-Nummern einzugeben

Wahrscheinlich unwichtig: Defogger wollte keinen Neustart (hab ich trotzdem), gab aber auch keine Fehlermeldung.

OTL-Log:
Code:
ATTFilter
OTL logfile created on: 11.08.2011 18:32:19 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Documents and Settings\Ad\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1014,29 Mb Total Physical Memory | 455,79 Mb Available Physical Memory | 44,94% Memory free
2,39 Gb Paging File | 1,89 Gb Available in Paging File | 79,03% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100,05 Gb Total Space | 65,07 Gb Free Space | 65,04% Space Free | Partition Type: NTFS
Drive D: | 42,00 Gb Total Space | 33,34 Gb Free Space | 79,38% Space Free | Partition Type: NTFS
 
Computer Name: PCALEX | User Name: Alexandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.11 18:01:45 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ad\My Documents\Downloads\OTL.exe
PRC - [2011.08.09 13:49:08 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011.08.09 13:49:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.09 07:13:42 | 000,397,992 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.05.15 15:01:47 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011.04.21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.04.21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.01.10 21:05:38 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010.06.26 11:37:16 | 001,214,520 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
PRC - [2010.06.26 11:37:16 | 000,775,224 | ---- | M] () -- C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
PRC - [2010.04.20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
PRC - [2010.04.04 09:52:20 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009.07.16 05:24:08 | 001,474,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.06.20 11:16:06 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.06.15 18:54:24 | 000,299,008 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe
PRC - [2009.06.12 17:37:38 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\MagicKBD.exe
PRC - [2009.06.02 03:23:42 | 003,153,408 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2009.05.19 19:39:46 | 000,066,792 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe
PRC - [2008.10.14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008.04.14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.03.21 13:19:40 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.11 18:01:45 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ad\My Documents\Downloads\OTL.exe
MOD - [2011.05.15 15:03:19 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2011.04.18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011.04.18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
MOD - [2010.08.23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009.06.20 11:14:54 | 000,094,273 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2005.12.19 19:16:10 | 000,135,168 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.08.09 13:49:08 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.08.09 13:49:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.10 21:05:38 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.04.04 09:52:20 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.05.19 19:39:46 | 000,066,792 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe -- (SRS_WOWXT_Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.09 13:49:09 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.08.09 13:49:09 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.01.10 20:52:06 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2010.06.17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010.06.04 20:29:04 | 001,606,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009.07.29 01:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.07.01 11:50:00 | 000,237,952 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMC33F.sys -- (VMC33F)
DRV - [2009.06.19 05:48:06 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009.05.23 08:37:50 | 005,082,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.05.18 19:27:10 | 000,233,512 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009.04.16 03:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009.02.07 03:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008.08.06 05:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.04.14 14:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2007.04.03 14:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007.04.03 14:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616obex.sys -- (s616obex)
DRV - [2007.04.03 14:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007.04.03 14:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007.04.03 14:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007.04.03 14:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007.04.03 14:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2006.01.05 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005.10.27 06:18:05 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.05.15 15:03:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.04 11:38:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.11 13:15:12 | 000,000,000 | ---D | M]
 
[2010.02.16 23:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alexandra\Application Data\Mozilla\Extensions
[2011.08.09 13:52:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alexandra\Application Data\Mozilla\Firefox\Profiles\jyasemyu.default\extensions
[2010.05.22 19:25:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alexandra\Application Data\Mozilla\Firefox\Profiles\jyasemyu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.02 11:17:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Alexandra\Application Data\Mozilla\Firefox\Profiles\jyasemyu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.18 21:01:58 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Alexandra\Application Data\Mozilla\Firefox\Profiles\jyasemyu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.22 20:36:47 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Documents and Settings\Alexandra\Application Data\Mozilla\Firefox\Profiles\jyasemyu.default\extensions\quickstores@quickstores.de
[2011.08.09 13:58:42 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus WebGuard) -- C:\Documents and Settings\Alexandra\Application Data\Mozilla\Firefox\Profiles\jyasemyu.default\extensions\toolbar@ask.com
[2011.05.01 18:20:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.08 16:45:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.22 09:59:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.11 18:08:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.03.19 23:06:56 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
File not found (No name found) -- 
[2010.02.14 12:15:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.07.04 11:38:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.08 14:38:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.08 14:38:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.08 14:38:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.08 14:38:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.08 14:38:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.08 14:38:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [Google Pinyin 2 Autoupdater] C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe (Google Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SUPBackground] C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BatteryLifeExtender] C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe (Samsung Electronics. Co. Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Alexandra\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.9
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~4\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Alexandra\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alexandra\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.06 06:26:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0e0c23ea-071a-11df-bdfb-0024540df54b}\Shell\AutoRun\command - "" = E:\DmailerSync_v9_0_15109.exe
O33 - MountPoints2\{9c514d78-79d8-11df-be4e-0024540df54b}\Shell - "" = AutoRun
O33 - MountPoints2\{9c514d78-79d8-11df-be4e-0024540df54b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9c514d78-79d8-11df-be4e-0024540df54b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autostart.exe
O33 - MountPoints2\{e3ee5c24-09f3-11df-bdfd-0024540df54b}\Shell\AutoRun\command - "" = E:\SETUP.EXE /AUTORUN
O33 - MountPoints2\{e3ee5c24-09f3-11df-bdfd-0024540df54b}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{e3ee5c24-09f3-11df-bdfd-0024540df54b}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C7EEB28E-9438-B357-5234-DD22B8CC3D27} - Outlook Express
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.11 17:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexandra\Application Data\Windows Search
[2011.08.09 13:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011.08.09 13:27:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexandra\Application Data\Malwarebytes
[2011.08.09 13:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.09 13:27:14 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.08.09 13:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.08.09 13:27:06 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.08.09 13:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.09 13:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexandra\Application Data\Avira
[2011.08.09 13:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011.08.09 13:04:40 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.08.09 13:04:38 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.08.09 13:04:38 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.08.09 13:04:38 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011.08.09 13:04:37 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011.08.09 13:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.08.09 13:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011.08.09 11:54:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alexandra\Application Data\MediaWmp
[2011.08.09 11:48:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[3 C:\Documents and Settings\Alexandra\My Documents\*.tmp files -> C:\Documents and Settings\Alexandra\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.11 18:27:33 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4105128742-667609817-3741737814-1005.job
[2011.08.11 18:27:30 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4105128742-667609817-3741737814-1005.job
[2011.08.11 18:27:29 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.11 18:23:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.08.11 18:23:05 | 1063,636,992 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.11 18:12:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.11 18:11:01 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.11 18:01:01 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.08.10 21:18:16 | 000,466,036 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.08.10 21:18:16 | 000,080,154 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.08.10 21:11:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.08.10 16:14:15 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011.08.09 20:20:56 | 000,001,520 | ---- | M] () -- C:\WINDOWS\System32\Ad_KBD.ini
[2011.08.09 13:49:09 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.08.09 13:49:09 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.08.09 13:36:15 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Alexandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011.08.09 13:27:16 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Alexandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011.08.09 13:27:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.09 13:04:58 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.07.25 13:48:22 | 001,028,061 | ---- | M] () -- C:\Documents and Settings\Alexandra\My Documents\käfer karteikarten.pdf
[2011.07.25 13:40:24 | 007,303,294 | ---- | M] () -- C:\Documents and Settings\Alexandra\My Documents\käfer.pdf
[2011.07.22 20:57:10 | 000,002,857 | ---- | M] () -- C:\Documents and Settings\Alexandra\.recently-used.xbel
[2011.07.15 12:26:57 | 000,337,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[3 C:\Documents and Settings\Alexandra\My Documents\*.tmp files -> C:\Documents and Settings\Alexandra\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.09 20:20:56 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Ad_KBD.ini
[2011.08.09 13:52:59 | 000,000,242 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.08.09 13:36:15 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Alexandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011.08.09 13:27:16 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Alexandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011.08.09 13:27:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.09 13:04:58 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.07.25 13:48:22 | 001,028,061 | ---- | C] () -- C:\Documents and Settings\Alexandra\My Documents\käfer karteikarten.pdf
[2011.07.25 13:40:21 | 007,303,294 | ---- | C] () -- C:\Documents and Settings\Alexandra\My Documents\käfer.pdf
[2011.07.22 20:57:10 | 000,002,857 | ---- | C] () -- C:\Documents and Settings\Alexandra\.recently-used.xbel
[2011.07.18 17:20:23 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4105128742-667609817-3741737814-1005.job
[2010.07.21 19:37:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.19 20:55:39 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010.04.04 11:12:58 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Alexandra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.04 10:16:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2010.04.04 10:15:51 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2010.04.04 10:11:40 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010.02.16 23:48:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.01.11 21:43:02 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Alexandra_KBD.ini
[2009.09.20 04:10:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.08.06 07:42:15 | 000,307,200 | ---- | C] () -- C:\WINDOWS\SetDisplayResolution.exe
[2009.08.06 06:40:02 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2009.08.06 06:40:02 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Owner_KBD.ini
[2009.08.06 06:39:59 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2009.08.06 06:39:59 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2009.08.06 06:39:59 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2009.08.06 06:39:59 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2009.08.06 06:39:59 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2009.08.06 06:39:59 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2009.08.06 06:39:59 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2009.08.06 06:39:59 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2009.08.06 06:39:59 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2009.08.06 06:39:59 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2009.08.06 06:39:59 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2009.08.06 06:39:59 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2009.08.06 06:39:59 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2009.08.06 06:39:59 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2009.08.06 06:39:59 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2009.08.06 06:39:59 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2009.08.06 06:39:59 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2009.08.06 06:34:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini
[2009.08.06 06:33:59 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.08.06 06:33:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.08.06 06:33:19 | 000,233,512 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009.08.06 06:30:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Marker.exe
[2009.08.06 06:30:45 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2009.08.06 06:29:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.08.06 06:24:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.08.06 05:59:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.08.06 05:58:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009.08.06 05:58:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009.08.06 05:58:46 | 000,466,036 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009.08.06 05:58:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009.08.06 05:58:46 | 000,080,154 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009.08.06 05:58:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009.08.06 05:58:46 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009.08.06 05:58:45 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009.08.06 05:58:45 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009.08.06 05:58:45 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009.08.06 05:58:40 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009.08.06 05:58:39 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009.08.05 23:19:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.08.05 23:18:25 | 000,337,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.06.20 11:15:04 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008.05.26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007.09.27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007.09.27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007.09.27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007.02.27 01:49:12 | 006,139,774 | ---- | C] () -- C:\WINDOWS\imagine digital freedom.dat
[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2010.04.17 09:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandra\Application Data\Canon
[2011.08.09 15:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandra\Application Data\Dropbox
[2011.04.18 21:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandra\Application Data\DVDVideoSoftIEHelpers
[2011.07.22 20:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandra\Application Data\gtk-2.0
[2011.08.09 11:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandra\Application Data\MediaWmp
[2010.03.19 23:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandra\Application Data\MyPhoneExplorer
[2010.04.17 10:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandra\Application Data\NewSoft
[2010.04.06 07:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandra\Application Data\QuickStoresToolbar
[2010.04.04 10:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandra\Application Data\ScanSoft
[2010.02.14 13:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandra\Application Data\Windows Desktop Search
[2011.08.11 17:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alexandra\Application Data\Windows Search
[2010.05.08 17:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2009.08.06 06:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SAMSUNG
[2010.04.04 10:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011.08.09 12:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2010.01.11 21:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010.01.12 07:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinClon
[2009.08.06 06:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
[2011.08.11 18:01:01 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.08.10 21:31:42 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.08.09 20:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2009.08.06 06:31:10 | 000,000,000 | ---D | M] -- C:\Intel
[2010.05.08 17:06:03 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.08.09 13:52:51 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.08.11 17:47:12 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010.01.11 21:41:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.08.10 21:35:34 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.04.14 14:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\I386\REGEDIT.EXE
[2008.04.14 14:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe
[2008.04.14 14:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\system32\dllcache\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-10 19:18:38
 
<           >

< End of report >

Extras.txt und Gmer.txt befinden sich im Anhang unter Logfiles.zip.

Ich habe keine Ahnung, ob das überhaupt sinnvoll ist, aber ich habe noch alle Avira Logdateien und Malwarebytes Logs angehängt (bis vorgestern lief aber nur Sophos auf dem Netbook).

Danke euch ,
Stephanie

Alt 12.08.2011, 12:27   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundeskriminalpolizei(Ukash)- und Sparkassen(TANs)-Trojaner/Virus - Standard

Bundeskriminalpolizei(Ukash)- und Sparkassen(TANs)-Trojaner/Virus


Zitat:
beim Besuch der Onlinebanking-Seite war sie a) automatisch in ihr Konto eingeloggt ohne vorher ihre Daten eingegeben zu haben und b) wurde sie aufgefordert 30 TAN-Nummern einzugeben
Bei Onlinebanking solltest du generell sehr vorsichtig sein und überlegen ob du den Kompromiss einer Bereinigung wirklich eingehen willst.
Normalerweise empfiehlt man bei sowas eine Neuinstallation von Windows.
__________________

__________________
Antwort

Themen zu Bundeskriminalpolizei(Ukash)- und Sparkassen(TANs)-Trojaner/Virus
100 euro, 32-bit, adobe, antivir, avira, avira searchfree toolbar, bho, bundeskriminalpolizei, c:\windows\system32\rundll32.exe, converter, crypto, desktop, error, euro, fehler, firefox, format, google, home, hook, intranet, logfile, mp3, neustart, nicht sicher, plug-in, realtek, registry, rundll, scan, security, security update, shell32.dll, software, sparkasse, start menu, tan-nummer, trojaner, ukash, version=1.0, virus, winlogon.exe, yahoo


« BKA-Virus-Befall: OTL.log | Bundespolizei-Trojaner nach Systemwiederherstellung »


Ähnliche Themen: Bundeskriminalpolizei(Ukash)- und Sparkassen(TANs)-Trojaner/Virus


  1. Windows 8: FedPol BundesKriminalPolizei Virus auf meinem PC
    Log-Analyse und Auswertung - 29.10.2013 (3)
  2. Trojaner Bundeskriminalpolizei (Schweizer Version) auf Win 7 Pro
    Log-Analyse und Auswertung - 05.07.2013 (11)
  3. Habe ein Virus von der Bundeskriminalpolizei, es wird von mir verlang, das ich tausende von Euros bezahlen soll.
    Log-Analyse und Auswertung - 20.10.2012 (2)
  4. Trojaner Bundeskriminalpolizei
    Log-Analyse und Auswertung - 27.09.2012 (6)
  5. Sparkassen Trojaner 50 Tans
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (1)
  6. Bundeskriminalpolizei Virus
    Plagegeister aller Art und deren Bekämpfung - 21.05.2012 (1)
  7. PC startet nicht mehr nach Löschen von .exe Datei wegen des Bundeskriminalpolizei-Virus
    Log-Analyse und Auswertung - 16.12.2011 (3)
  8. Sparkassen-Trojaner ? Aufforderung zur Eingabe 100 TANs
    Plagegeister aller Art und deren Bekämpfung - 27.11.2011 (11)
  9. Bundeskriminalpolizei 100 Euro Trojaner
    Log-Analyse und Auswertung - 01.11.2011 (1)
  10. Bundeskriminalpolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.08.2011 (1)
  11. Wieder Sparkassen Trojaner 20 Tans
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (4)
  12. Bundeskriminalpolizei 100 Euro Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (7)
  13. Sparkassen Trojaner (50 tans) in Email
    Plagegeister aller Art und deren Bekämpfung - 25.08.2010 (11)
  14. Sparkassen Trojaner löschen - 50 tans
    Plagegeister aller Art und deren Bekämpfung - 24.08.2010 (7)
  15. Sparkassen Trojaner. Eingabe von 40 TANs nötig
    Plagegeister aller Art und deren Bekämpfung - 09.08.2010 (6)
  16. Sparkassen-Trojaner (40 TANs) von externer Festplatte entfernen
    Plagegeister aller Art und deren Bekämpfung - 06.08.2010 (16)
  17. Trojaner möchte 40 Tans zum Sparkassen Online Banking
    Plagegeister aller Art und deren Bekämpfung - 03.08.2010 (16)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundeskriminalpolizei(Ukash)- und Sparkassen(TANs)-Trojaner/Virus - Hallo Experten! Erst einmal vorneweg: Meine Schwester und ich sind Laien (sie noch mehr als ich), ich habe versucht die Vorgehensliste genau abzuarbeiten, bin mir aber nicht sicher, ob ich - Bundeskriminalpolizei(Ukash)- und Sparkassen(TANs)-Trojaner/Virus...
Archiv
Du betrachtest: Bundeskriminalpolizei(Ukash)- und Sparkassen(TANs)-Trojaner/Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131