Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Onlinebanking wird umgeleitet

Onlinebanking wird umgeleitet


Log-Analyse und Auswertung: Onlinebanking wird umgeleitet

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 09.06.2013, 16:29   #1
Grave1
 
Onlinebanking wird umgeleitet - Standard

Onlinebanking wird umgeleitet


Hi,

vor drei Wochen ist mir aufgefallen, dass mein Onlinebanking nicht mehr funktioniert. Die Internet Seite braucht sehr lange zum laden. Wenn sie einmal da ist, sieht sie genauso aus, wie die Originale.
Beim ersten mal ist mir das mit der langen Wartezeit nicht augefallen. Habe meine Benutzerkennung und Passwort eingegebn. Danach kam ein Hinweis in Richtung Wartungsarbeiten und man sollte einen Testzugang nutzen. Ungefähr Zeitgleich bekamm ich eine SMS mit einer TAN für eine Auslandsüberweisung über ca. 6.000€.
Habe dann sofort per Smartphone, Kennung und Passwort geändert und habe zur Sicherheit mein Online Banking sperren lassen.
Dann hab ich mir Malwarebytes Anti-Malware heruntergeladen. Beim Besuch meiner Online Banking Seite popt ein Fenster auf, dass der Zugang zu einer potentiel gefährlichen Webseite gestoppt wurde (Hänge ein Bild bei).

OTL.txt
Code:
ATTFilter
OTL logfile created on: 09.06.2013 13:27:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Grave\Desktop\Trojaner
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,07% Memory free
5,99 Gb Paging File | 4,95 Gb Available in Paging File | 82,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 157,58 Gb Total Space | 8,72 Gb Free Space | 5,53% Space Free | Partition Type: NTFS
Drive D: | 130,37 Gb Total Space | 21,20 Gb Free Space | 16,26% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 4,24 Gb Free Space | 42,37% Space Free | Partition Type: NTFS
 
Computer Name: GRAVE-PC | User Name: Grave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.09 13:02:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Grave\Desktop\Trojaner\OTL.exe
PRC - [2013.05.15 17:17:34 | 000,554,408 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.09.30 20:19:52 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.12 05:56:08 | 000,175,624 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
PRC - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2011.11.11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.04.13 15:02:34 | 001,808,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.18 13:09:22 | 000,330,696 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe
PRC - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe
PRC - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
PRC - [2010.01.22 13:30:46 | 000,098,304 | ---- | M] (3M Touch Systems, Inc.) -- C:\Programme\MicroTouch\MT 7\TwMonitor.exe
PRC - [2009.11.18 09:45:34 | 000,196,096 | ---- | M] (3M Touch Systems, Inc.) -- C:\Programme\MicroTouch\MT 7\TwService.exe
PRC - [2009.11.12 09:58:10 | 000,044,544 | ---- | M] (3M Touch Systems, Inc.) -- C:\Programme\MicroTouch\MT 7\TwRegSvc.exe
PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.03.16 19:59:22 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.03.16 19:59:20 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\stacsv.exe
PRC - [2009.03.16 19:59:18 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe
PRC - [2009.03.10 12:24:04 | 000,233,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2009.02.01 00:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2009.01.31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2008.11.24 13:56:46 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2007.05.31 16:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.12 05:56:18 | 000,095,240 | ---- | M] () -- C:\Programme\Nitro PDF\Professional 7\NPShellExtension.dll
MOD - [2011.11.11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011.11.11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011.11.11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011.11.11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011.11.11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.18 21:14:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 19:32:37 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.12 05:56:08 | 000,175,624 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Professional 7\NitroPDFDriverService2.exe -- (NitroDriverReadSpool2)
SRV - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011.09.22 20:24:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.07.21 19:55:39 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.18 13:09:22 | 000,330,696 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009.11.18 09:45:34 | 000,196,096 | ---- | M] (3M Touch Systems, Inc.) [Auto | Running] -- C:\PROGRAM FILES\MICROTOUCH\MT 7\TwService.exe -- (TwDrvService)
SRV - [2009.11.12 09:58:10 | 000,044,544 | ---- | M] (3M Touch Systems, Inc.) [Auto | Running] -- C:\PROGRAM FILES\MICROTOUCH\MT 7\TwRegSvc.exe -- (TwRegSvc)
SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.16 19:59:20 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\stacsv.exe -- (STacSV)
SRV - [2009.03.16 19:59:18 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe -- (AESTFilters)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013.05.28 21:31:03 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.09.28 21:52:10 | 000,064,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.01.18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011.03.18 14:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011.03.18 14:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.11 12:16:44 | 000,019,456 | ---- | M] (3M) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TwBus.sys -- (TwBus)
DRV - [2009.11.06 18:01:18 | 000,079,872 | ---- | M] (3M) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TwTouch.sys -- (TwTouch)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.10.29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009.03.25 01:25:24 | 000,197,680 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.03.16 19:59:22 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.03.09 01:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009.03.06 15:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {c72c2224-72e9-4bd9-b7e0-f5f0ae7258c6} - C:\Programme\MiniclipDE\prxtbMini.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 34 B0 B1 30 55 CE 01  [binary data]
IE - HKCU\..\URLSearchHook: {c72c2224-72e9-4bd9-b7e0-f5f0ae7258c6} - C:\Programme\MiniclipDE\prxtbMini.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10
FF - prefs.js..extensions.enabledAddons: %7Bb8cbd8e0-e642-11dd-ba2f-0800200c9a66%7D:2.1
FF - prefs.js..extensions.enabledAddons: bytubed%40cs213.cse.iitk.ac.in:1.1.1
FF - prefs.js..extensions.enabledAddons: %7B5C655500-E712-41e7-9349-CE462F844B19%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.28 21:32:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.18 21:14:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.28 19:04:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.28 21:32:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.18 21:14:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.28 19:04:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.07.17 20:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grave\AppData\Roaming\mozilla\Extensions
[2013.02.11 14:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grave\AppData\Roaming\mozilla\Firefox\Profiles\kio8ohcg.default\extensions
[2012.02.23 15:42:50 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\Grave\AppData\Roaming\mozilla\Firefox\Profiles\kio8ohcg.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66}
[2013.02.11 14:00:11 | 000,000,000 | ---D | M] (MiniclipDE Community Toolbar) -- C:\Users\Grave\AppData\Roaming\mozilla\Firefox\Profiles\kio8ohcg.default\extensions\{c72c2224-72e9-4bd9-b7e0-f5f0ae7258c6}
[2012.09.26 20:07:14 | 000,000,000 | ---D | M] (BYTubeD - Bulk YouTube video Downloader) -- C:\Users\Grave\AppData\Roaming\mozilla\Firefox\Profiles\kio8ohcg.default\extensions\bytubed@cs213.cse.iitk.ac.in
[2013.01.28 11:56:05 | 000,151,038 | ---- | M] () (No name found) -- C:\Users\Grave\AppData\Roaming\mozilla\firefox\profiles\kio8ohcg.default\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
[2012.12.16 12:51:45 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Grave\AppData\Roaming\mozilla\firefox\profiles\kio8ohcg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.05.18 21:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.05.18 21:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.05.18 21:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.05.18 21:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.05.18 21:14:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013.05.18 21:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.18 21:14:44 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Reallusion CT4Player for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npRLCT4Player.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\Grave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Grave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Lavasoft NewTab = C:\Users\Grave\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.8_0\
CHR - Extension: Ad-Aware Security Add-on = C:\Users\Grave\AppData\Local\Google\Chrome\User Data\Default\Extensions\phegaokedjdajgnfphbnpkcfdgjbidko\1.0.0.6_0\
CHR - Extension: Google Mail = C:\Users\Grave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MiniclipDE Toolbar) - {c72c2224-72e9-4bd9-b7e0-f5f0ae7258c6} - C:\Programme\MiniclipDE\prxtbMini.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MiniclipDE Toolbar) - {c72c2224-72e9-4bd9-b7e0-f5f0ae7258c6} - C:\Programme\MiniclipDE\prxtbMini.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MiniclipDE Toolbar) - {C72C2224-72E9-4BD9-B7E0-F5F0AE7258C6} - C:\Programme\MiniclipDE\prxtbMini.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Paceod] C:\Users\Grave\AppData\Roaming\Lonup\yhfyw.exe (Sysinternals - www.sysinternals.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\Grave\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BC89451-0F68-4406-89F1-52DF088939DB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E4E3BAD-8DCC-4E89-9C7A-378C3FBF112D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.07.21 19:33:59 | 000,000,000 | ---D | M] - C:\AutoCAD_Architecture_2011_German_Win_32bit -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{aa3d7a8e-da41-11e0-9f95-002219db5c6d}\Shell - "" = AutoRun
O33 - MountPoints2\{aa3d7a8e-da41-11e0-9f95-002219db5c6d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.09 13:02:28 | 000,000,000 | ---D | C] -- C:\Users\Grave\Desktop\Trojaner
[2013.05.28 21:39:44 | 000,000,000 | ---D | C] -- C:\Users\Grave\AppData\Roaming\Malwarebytes
[2013.05.28 21:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.28 21:39:32 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.28 21:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.28 21:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.28 21:39:22 | 000,000,000 | ---D | C] -- C:\Users\Grave\AppData\Local\Programs
[2013.05.28 21:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.05.28 21:37:06 | 000,000,000 | ---D | C] -- C:\Users\Grave\AppData\Roaming\LavasoftStatistics
[2013.05.28 21:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013.05.28 21:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013.05.28 21:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013.05.28 21:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.05.28 21:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013.05.28 21:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\adawaretb
[2013.05.28 21:32:21 | 000,000,000 | ---D | C] -- C:\Users\Grave\AppData\Local\adawarebp
[2013.05.28 21:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013.05.28 21:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013.05.28 21:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2013.05.28 21:31:04 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013.05.28 21:31:04 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.05.28 21:31:01 | 000,000,000 | ---D | C] -- C:\Users\Grave\AppData\Roaming\Ad-Aware Antivirus
[2013.05.28 19:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.05.18 21:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.11 19:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.11 00:59:01 | 000,022,016 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\borlndmm.dll
[2013.05.11 00:59:00 | 001,497,088 | ---- | C] (Borland Corporation) -- C:\Windows\System32\Cc3260mt.dll
[2013.05.11 00:59:00 | 001,326,080 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\Vcl60.bpl
[2013.05.11 00:59:00 | 000,685,056 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\Rtl60.bpl
[2013.05.11 00:59:00 | 000,000,000 | ---D | C] -- C:\WinPC-NC_Economy_Demo
[2013.05.10 23:52:58 | 000,000,000 | ---D | C] -- C:\Users\Grave\AppData\Roaming\Peryeg
[2013.05.10 23:52:58 | 000,000,000 | ---D | C] -- C:\Users\Grave\AppData\Roaming\Ovsiu
[2013.05.10 23:52:58 | 000,000,000 | ---D | C] -- C:\Users\Grave\AppData\Roaming\Lonup
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.09 13:32:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.09 13:24:57 | 000,000,000 | ---- | M] () -- C:\Users\Grave\defogger_reenable
[2013.06.09 12:56:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.09 12:47:32 | 000,002,064 | ---- | M] () -- C:\Users\Grave\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.06.09 12:47:32 | 000,001,993 | ---- | M] () -- C:\Users\Grave\Desktop\Avira DE-Cleaner.lnk
[2013.06.09 10:21:29 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 10:21:29 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 10:14:34 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.06.09 10:13:39 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.09 10:13:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.09 10:12:08 | 2411,872,256 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.28 21:39:33 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.28 21:31:03 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013.05.28 21:31:03 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.05.22 20:12:56 | 000,000,600 | ---- | M] () -- C:\Users\Grave\PUTTY.RND
[2013.05.16 18:20:29 | 000,417,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.16 08:24:47 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.16 08:24:47 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.16 08:24:47 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.16 08:24:47 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.09 13:24:57 | 000,000,000 | ---- | C] () -- C:\Users\Grave\defogger_reenable
[2013.06.09 12:47:32 | 000,002,064 | ---- | C] () -- C:\Users\Grave\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.06.09 12:47:32 | 000,001,993 | ---- | C] () -- C:\Users\Grave\Desktop\Avira DE-Cleaner.lnk
[2013.05.28 21:39:33 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.28 21:32:49 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.05.11 00:59:01 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2013.04.14 20:40:30 | 000,063,637 | ---- | C] () -- C:\Users\Grave\AppData\Local\recently-used.xbel
[2013.02.22 18:14:51 | 000,000,108 | ---- | C] () -- C:\Users\Grave\.iccbutton_history
[2012.06.21 21:54:53 | 000,003,584 | ---- | C] () -- C:\Users\Grave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.21 21:53:51 | 000,061,208 | ---- | C] () -- C:\Windows\System32\MPEG4E-uninstall.exe
[2012.04.08 13:59:15 | 000,000,710 | ---- | C] () -- C:\Users\Grave\AppData\Roaming\enigmarc.lua2
[2012.01.18 07:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.11.04 23:30:51 | 000,000,600 | ---- | C] () -- C:\Users\Grave\AppData\Roaming\winscp.rnd
[2011.11.04 23:30:14 | 000,000,600 | ---- | C] () -- C:\Users\Grave\PUTTY.RND
[2011.09.19 19:19:38 | 000,040,960 | ---- | C] () -- C:\ProgramData\UninstallFrilo.Exe
[2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.18 18:49:20 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2011.07.17 19:17:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.05.28 21:38:27 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Ad-Aware Antivirus
[2011.08.20 18:12:38 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Autodesk
[2012.02.23 23:26:00 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\CadSoft
[2012.06.14 20:30:15 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Canneverbe Limited
[2012.04.22 17:53:03 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Downloaded Installations
[2013.02.16 19:44:59 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Dropbox
[2011.11.22 20:07:35 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\DVDVideoSoft
[2011.11.22 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.29 19:57:57 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\EAC
[2012.09.29 21:39:43 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\FreeFLVConverter
[2012.09.30 20:23:06 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\frilo
[2012.12.30 12:34:37 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\JAM Software
[2012.03.04 19:40:59 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Leadertech
[2013.05.10 23:52:58 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Lonup
[2013.05.28 19:05:29 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Nitro PDF
[2013.05.10 23:52:58 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Ovsiu
[2012.02.22 16:35:43 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\PDF Writer
[2013.06.09 12:33:16 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Peryeg
[2011.09.18 16:04:32 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Playrix Entertainment
[2012.04.08 17:04:46 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\ProtectDISC
[2012.02.22 23:02:09 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Synthesia
[2013.02.07 11:42:44 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\TeamViewer
[2011.07.18 17:31:38 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Thunderbird
[2013.01.02 17:17:36 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\VDR Media Client
[2013.05.05 11:33:31 | 000,000,000 | ---D | M] -- C:\Users\Grave\AppData\Roaming\Verbindungsassistent
 
========== Purity Check ==========
 
 

< End of report >

Extras.txt
Zitat:
OTL Extras logfile created on: 09.06.2013 13:27:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Grave\Desktop\Trojaner
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,07% Memory free
5,99 Gb Paging File | 4,95 Gb Available in Paging File | 82,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 157,58 Gb Total Space | 8,72 Gb Free Space | 5,53% Space Free | Partition Type: NTFS
Drive D: | 130,37 Gb Total Space | 21,20 Gb Free Space | 16,26% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 4,24 Gb Free Space | 42,37% Space Free | Partition Type: NTFS

Computer Name: GRAVE-PC | User Name: Grave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02652793-A24F-476D-B7A3-48F98E3CAD6A}" = rport=138 | protocol=17 | dir=out | app=system |
"{0F9C25A2-05C6-489F-8747-C8BF512480C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{121920D0-9F60-4A25-8541-21C2E886722B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3CD03A83-5025-4B98-8C23-ABA0224F5770}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3EE58409-ED99-4039-BB49-868213D36D89}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{42459486-2C74-436E-936F-586B35294EC2}" = lport=445 | protocol=6 | dir=in | app=system |
"{65955F7E-6C44-4B8A-B6EE-BF8AEF620A5B}" = lport=139 | protocol=6 | dir=in | app=system |
"{75D7FF31-4D79-4122-8059-B70D99D672AB}" = lport=138 | protocol=17 | dir=in | app=system |
"{7AEA0742-E293-4D36-81D3-118C767BF926}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7CBEB33A-C2CF-41D4-99EF-9C91D6116C02}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8CCFB000-938D-4CF9-9101-CF8E10ECF86B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe |
"{9DA582B4-DB7C-4332-805C-76F3D6B5906E}" = lport=137 | protocol=17 | dir=in | app=system |
"{A635E838-D02B-4E16-A94A-1BC8CF622406}" = rport=139 | protocol=6 | dir=out | app=system |
"{BB5A9195-F570-488D-A94C-A8CDE5B8706A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2246BCA-ABFB-4EEF-9F02-39D291DD6D59}" = rport=445 | protocol=6 | dir=out | app=system |
"{F42BA01D-F73D-4493-A8E3-D746B4DFF334}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0657292D-77E2-430E-8AD2-6981B4AD18D1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{09736655-7C41-466B-87C5-BF9408F364BC}" = protocol=17 | dir=in | app=c:\users\grave\appdata\roaming\dropbox\bin\dropbox.exe |
"{0AF6057E-1CFD-4E6A-B181-DA517A93D7A1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0C6EC13A-CF3C-4BD7-9805-093D0F3EF6EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1DACA17B-3FC5-49C1-9D28-DB805919FDB9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{210307D5-119A-4BEB-82E5-3DD5BB7468FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3290DF78-088A-4DF0-A118-621EEAB77237}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{469FADC2-CC01-425C-A886-BB3F5307042E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4BF1A2B1-7D3E-48E4-BB4C-BB1FF2D07AEE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5D775B92-0210-4D3E-975F-BE192FBA0D2C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7687A571-118A-44D0-AFCB-6B62118E1DAE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8BACD856-1E44-4907-BBC3-BE23F9996287}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8DD3D369-E413-42FF-A754-8374F591FFEC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C63CCB60-2827-4A1D-94F0-3457EEA36764}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ED601952-C745-4FD0-A158-50F3EC2E9EA9}" = protocol=6 | dir=in | app=c:\users\grave\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{1D3C78A0-3C2A-4709-ACBF-57E2A2C53262}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{6DB981EC-EE0E-44A2-A33D-28EF6A99B362}C:\users\grave\desktop\jperf-2.0.0\bin\iperf.exe" = protocol=6 | dir=in | app=c:\users\grave\desktop\jperf-2.0.0\bin\iperf.exe |
"TCP Query User{98C2AE03-BDF3-4DAB-A97B-68F986F47D24}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{DBFD0150-FEF6-4D57-9965-DE0C4A5806E4}D:\winlirc-0.6.4\winlirc.exe" = protocol=6 | dir=in | app=d:\winlirc-0.6.4\winlirc.exe |
"UDP Query User{484C20C4-1778-49A1-B2E2-B54890FBDD58}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{82CAD3BF-1987-46C2-88F0-1A5540D101F0}C:\users\grave\desktop\jperf-2.0.0\bin\iperf.exe" = protocol=17 | dir=in | app=c:\users\grave\desktop\jperf-2.0.0\bin\iperf.exe |
"UDP Query User{B678CCC5-417C-4617-BE2A-807150D461B5}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{D2FC8355-1240-4430-B765-7A2A1B8BDCD6}D:\winlirc-0.6.4\winlirc.exe" = protocol=17 | dir=in | app=d:\winlirc-0.6.4\winlirc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D97815-0A14-4BB8-AF3D-3FAF4B8064BB}" = Diplomarbeit - Spannungen E-E
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2B7E7FBD-7E85-A386-AFB5-506DF0A1184B}" = VDR-Remote
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5783F2D7-9004-0407-0002-0060B0CE6BBA}" = AutoCAD Architecture 2011 - Deutsch
"{5783F2D7-9004-0407-1002-0060B0CE6BBA}" = AutoCAD Architecture 2011 Language Pack - Deutsch
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B7A87BB-BB10-4991-A89C-E38660A76B05}" = Frilo Installation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE61E024-462A-4E06-A886-660F09C12E28}" = Nitro Pro 7
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F075020E-43B2-4F2C-9723-C81CE162E7B6}" = Ad-Aware Antivirus
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FFB6614F-6E61-4831-BF71-51633A718B18}" = Nitro Reader 2
"7-Zip" = 7-Zip 9.20
"94a888f0cc14f46f31dbe64760d265e3" = Gardenscapes(TM)
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"ALDI Bestellsoftware" = ALDI Bestellsoftware 4.12.2
"AutoCAD Architecture 2011 - Deutsch" = AutoCAD Architecture 2011 - Deutsch
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"d72520cb767454006c3f77a01e6254fa" = MT 7.13 for Windows
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"EAGLE 6.1.0" = EAGLE 6.1.0
"Emergency 3 Demo" = Emergency 3 Demo 1.0
"Emil und Pauline Auf dem Land" = Emil und Pauline Auf dem Land (remove only)
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"FLAC" = FLAC 1.2.1b (remove only)
"FLV Player" = FLV Player 2.0 (build 25)
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"Free Video Converter" = Free Video Converter
"Free YouTube Download_is1" = Free YouTube Download version 3.0.17.1117
"Frilo" = Frilo
"GIMP-2_is1" = GIMP 2.8.2
"Google Chrome" = Google Chrome
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HaaliMkx" = Haali Media Splitter
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"MiniclipDE Toolbar" = MiniclipDE Toolbar
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPEG4E" = MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"OpenAL" = OpenAL
"PROHYBRIDR" = 2007 Microsoft Office system
"Submachine 2_is1" = Submachine 2
"Submachine 5_is1" = Submachine 5
"Synthesia" = Synthesia (remove only)
"TreeSize Free_is1" = TreeSize Free V2.7
"VDR-Remote.C62BE035A77B1829E7DE268E4769758C636745B1.1" = VDR-Remote
"Verbindungsassistent" = Verbindungsassistent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.2
"WinAce Archiver" = WinAce Archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CW-part" = CW-part
"Dropbox" = Dropbox
"Limbo" = LIMBO

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21.02.2013 10:18:38 | Computer Name = Grave-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.0.4794,
Zeitstempel: 0x511ed1c1 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.0.4794,
Zeitstempel: 0x511ed0fe Ausnahmecode: 0xc0000005 Fehleroffset: 0x00155858 ID des fehlerhaften
Prozesses: 0xc24 Startzeit der fehlerhaften Anwendung: 0x01ce103e2e4e3b26 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: 955546f2-7c31-11e2-9845-002219db5c6d

Error - 14.03.2013 15:44:31 | Computer Name = Grave-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.2.4814 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1194 Startzeit:
01ce20e792d85771 Endzeit: 32 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
911c2dc7-8cdf-11e2-84ce-002219db5c6d

Error - 10.04.2013 14:14:10 | Computer Name = Grave-PC | Source = Application Hang | ID = 1002
Description = Programm acad.exe, Version 24.1.49.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ba8 Startzeit:
01ce36167c1543e5 Endzeit: 78 Anwendungspfad: C:\Program Files\Autodesk\AutoCAD Architecture
2011\acad.exe Berichts-ID: 5e436077-a20a-11e2-8aaf-002219db5c6d

Error - 10.04.2013 14:15:39 | Computer Name = Grave-PC | Source = Application Hang | ID = 1002
Description = Programm acad.exe, Version 24.1.49.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1084 Startzeit:
01ce361737044cab Endzeit: 62 Anwendungspfad: C:\Program Files\Autodesk\AutoCAD Architecture
2011\acad.exe Berichts-ID: a42b09c3-a20a-11e2-8aaf-002219db5c6d

Error - 14.04.2013 04:07:03 | Computer Name = Grave-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gimp-2.8.exe, Version: 2.8.2.0, Zeitstempel:
0x50369de8 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00029a4a ID des fehlerhaften Prozesses:
0xce8 Startzeit der fehlerhaften Anwendung: 0x01ce38e4cf30e6f5 Pfad der fehlerhaften
Anwendung: C:\Program Files\GIMP 2\bin\gimp-2.8.exe Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 49cb6b69-a4da-11e2-a2c6-002219db5c6d

Error - 01.05.2013 12:49:44 | Computer Name = Grave-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 12.0.6668.5000,
Zeitstempel: 0x5083137f Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003224d ID des fehlerhaften
Prozesses: 0xc70 Startzeit der fehlerhaften Anwendung: 0x01ce468bd1c8c43b Pfad der
fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office12\WINWORD.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 1f8b5bb5-b27f-11e2-a1d3-002219db5c6d

Error - 05.05.2013 05:56:18 | Computer Name = Grave-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Verbindungsassistent.exe, Version:
1.0.0.1, Zeitstempel: 0x4ced219f Name des fehlerhaften Moduls: Verbindungsassistent.exe,
Version: 1.0.0.1, Zeitstempel: 0x4ced219f Ausnahmecode: 0xc00000fd Fehleroffset:
0x000b3007 ID des fehlerhaften Prozesses: 0x1788 Startzeit der fehlerhaften Anwendung:
0x01ce49768132951e Pfad der fehlerhaften Anwendung: C:\Program Files\Verbindungsassistent\Verbindungsassistent.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Verbindungsassistent\Verbindungsassistent.exe
Berichtskennung:
079ccaa0-b56a-11e2-a1ac-002219db5c6d

Error - 09.05.2013 15:17:44 | Computer Name = Grave-PC | Source = Application Hang | ID = 1002
Description = Programm WinSCP.exe, Version 4.1.8.415 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17bc Startzeit:
01ce4ce56bdd4d82 Endzeit: 31 Anwendungspfad: D:\Linvdr\WinSCP\WinSCP.exe Berichts-ID:
1dfe6251-b8dd-11e2-8acb-002219db5c6d

Error - 11.05.2013 02:22:30 | Computer Name = Grave-PC | Source = Application Hang | ID = 1002
Description = Programm SndVol.exe, Version 6.1.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: ca4 Startzeit: 01ce4e0fb4139529 Endzeit: 7 Anwendungspfad: C:\Windows\system32\SndVol.exe

Berichts-ID:
1f4fe8ac-ba03-11e2-a62b-002219db5c6d

Error - 11.05.2013 02:30:27 | Computer Name = Grave-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 20.0.1.4847 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10c0 Startzeit:
01ce4e10f2ee69ce Endzeit: 9 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
4244e99f-ba04-11e2-a62b-002219db5c6d

[ OSession Events ]
Error - 01.05.2013 12:49:41 | Computer Name = Grave-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 27.05.2013 15:48:05 | Computer Name = Grave-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 27.05.2013 17:06:04 | Computer Name = Grave-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 28.05.2013 13:01:11 | Computer Name = Grave-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 28.05.2013 13:01:11 | Computer Name = Grave-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 28.05.2013 16:35:55 | Computer Name = Grave-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 28.05.2013 16:35:55 | Computer Name = Grave-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 28.05.2013 16:38:56 | Computer Name = Grave-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 28.05.2013 16:38:56 | Computer Name = Grave-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error - 09.06.2013 04:13:18 | Computer Name = Grave-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 09.06.2013 04:13:18 | Computer Name = Grave-PC | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >


Melung von Malwarebytes

Code:
ATTFilter
2013/06/09 17:01:26 +0200	GRAVE-PC	Grave	IP-BLOCK	92.241.162.52 (Type: outgoing, Port: 49259, Process: firefox.exe)
2013/06/09 17:01:26 +0200	GRAVE-PC	Grave	IP-BLOCK	92.241.162.52 (Type: outgoing, Port: 49265, Process: firefox.exe)
2013/06/09 17:01:26 +0200	GRAVE-PC	Grave	IP-BLOCK	92.241.162.52 (Type: outgoing, Port: 49266, Process: firefox.exe)
2013/06/09 17:01:26 +0200	GRAVE-PC	Grave	IP-BLOCK	92.241.162.52 (Type: outgoing, Port: 49267, Process: firefox.exe)
Gmer.log ist zu gross, um sie zu posten. Deswegen hänge ich sie an.

Gruß Grave
Miniaturansicht angehängter Grafiken
Klicken Sie auf die Grafik für eine größere Ansicht Name: Malewarebytes.jpg Hits: 163 Größe: 22,0 KB ID: 56089  

 

Themen zu Onlinebanking wird umgeleitet
7-zip, ad-aware, antivirus, autorun, avira, bho, desktop, downloader, ebanking, entfernen, error, firefox, flash player, helper, home, internet, logfile, mozilla, mp3, newtab, ntdll.dll, object, plug-in, registry, rundll, scan, security, sketchup, smartphone, software, svchost.exe, windows, youtube downloader


« Virus Gen:Variant.Symmi21391 gefunden und mit F-Secure eliminert | Facebook-Trojaner?: "14-y.o. girl"-Video versucht zu öffnen »


Ähnliche Themen: Onlinebanking wird umgeleitet


  1. Google-Suche wird umgeleitet
    Log-Analyse und Auswertung - 11.08.2013 (15)
  2. Onlinebanking-Trojaner Zeus2 / ZBot obwohl KEIN Onlinebanking genutzt wird
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (4)
  3. Domain wird umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (9)
  4. Win 7, IE, Google Suche wird umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 06.04.2012 (19)
  5. Auch - Sparkasse Onlinebanking "warten sie bis ihrer Computer identifiziert wird
    Log-Analyse und Auswertung - 05.02.2012 (6)
  6. Meine Domain wird umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 17.10.2011 (1)
  7. Pishing - Bankseite wird umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 31.08.2011 (17)
  8. Datentransfer wird möglicherweise umgeleitet
    Log-Analyse und Auswertung - 05.06.2011 (16)
  9. google suche wird Umgeleitet
    Log-Analyse und Auswertung - 30.04.2011 (1)
  10. Google links werden umgeleitet; bei Login-Versuchen (email, onlinebanking...) stürtzt firefox ab
    Plagegeister aller Art und deren Bekämpfung - 19.07.2010 (37)
  11. google wird auf komische seiten umgeleitet
    Log-Analyse und Auswertung - 28.05.2010 (3)
  12. Youtube wird umgeleitet// Dropper/Qhost.DT
    Log-Analyse und Auswertung - 07.06.2009 (7)
  13. Googlesuche wird woanders umgeleitet
    Log-Analyse und Auswertung - 20.02.2009 (0)
  14. url wird umgeleitet
    Log-Analyse und Auswertung - 20.11.2008 (0)
  15. Google wird umgeleitet
    Log-Analyse und Auswertung - 03.03.2006 (4)
  16. Mein Firefox wird als umgeleitet
    Log-Analyse und Auswertung - 09.11.2005 (4)
  17. IE wird umgeleitet- ( about blank)
    Log-Analyse und Auswertung - 06.01.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Onlinebanking wird umgeleitet - Hi, vor drei Wochen ist mir aufgefallen, dass mein Onlinebanking nicht mehr funktioniert. Die Internet Seite braucht sehr lange zum laden. Wenn sie einmal da ist, sieht sie genauso aus, - Onlinebanking wird umgeleitet...
Archiv
Du betrachtest: Onlinebanking wird umgeleitet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131