| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TAN-Abfrage CommerzbankWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.05.2013, 22:46
| #1 |
 |  TAN-Abfrage Commerzbank Hallo alle zusammen... ich bin wohl nicht die erste, die ein Problem mit einem Trojaner hat, der eine Seite beim Onlinebanking (Commerzbank) aufpoppen lässt und gerne meine Tans möchte... Malwarebytes lässt sich nicht updaten, auf die INternetseiten von Microsoft und einigen anderen (vor allem Virenscannern) habe ich keinen Zugriff mehr. Ich habe einen OTL Scan durchgeführt, nachdem ich den defogger durchgeführt habe... OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.05.2013 23:22:14 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8080.16413) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,82% Memory free 6,24 Gb Paging File | 4,92 Gb Available in Paging File | 78,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298,09 Gb Total Space | 51,32 Gb Free Space | 17,22% Space Free | Partition Type: NTFS Drive H: | 232,88 Gb Total Space | 156,64 Gb Free Space | 67,26% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\PureSync\PureSyncTray.exe (Jumping Bytes) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Programme\ATI Technologies\HydraVision\HydraDM.exe (AMD) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\ProgramData\DatacardService\DCService.exe () PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ba39e27ea796912fce296963622dfbae\WindowsFormsIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Windows\System32\atitmpxx.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () ========== Services (SafeList) ========== SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (PMBDeviceInfoProvider) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe () SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (ewdmaudn) -- C:\Users\User\AppData\Local\Temp\ewdmaudn.sys File not found DRV - (catchme) -- C:\Users\User\AppData\Local\Temp\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdLH3.sys (Advanced Micro Devices) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola) DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices) DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (AppleHFS) -- C:\Windows\System32\drivers\AppleHFS.sys (Apple Inc.) DRV - (AppleMNT) -- C:\Windows\System32\drivers\AppleMNT.sys (Apple Inc.) DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (hxctlflt) -- C:\Windows\System32\drivers\hxctlflt.sys (Guillemot Corporation) DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola) DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc) DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola) DRV - (s217unic) -- C:\Windows\System32\drivers\s217unic.sys (MCCI) DRV - (s217mgmt) -- C:\Windows\System32\drivers\s217mgmt.sys (MCCI Corporation) DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation) DRV - (s217nd5) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation) DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation) DRV - (s217bus) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation) DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation) DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation) DRV - (s125bus) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4F11ACBB-393F-4c86-A214-FF3D0D155CC3}: "URL" = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\User\AppData\Roaming\Flatcast\NpFv522.dll (1 mal 1 Software GmbH) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.07.31 21:30:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.01.23 20:23:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.28 10:10:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.28 10:10:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.02 20:46:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.02 20:46:35 | 000,000,000 | ---D | M] [2010.12.05 18:57:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2010.12.05 18:57:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{a79fe89b-6662-4ff4-8e88-09950ad4dfde} [2013.04.02 19:54:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\qtnzqs1n.default\extensions [2009.10.26 19:21:17 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\qtnzqs1n.default\extensions\moveplayer@movenetworks.com [2013.04.02 19:54:57 | 000,392,806 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2012.07.23 21:32:42 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012.12.11 13:25:11 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.05.11 07:50:20 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-1.xml [2011.03.02 22:28:28 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-10.xml [2011.03.23 17:35:00 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-11.xml [2011.04.30 00:36:33 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-12.xml [2011.06.22 23:00:50 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-13.xml [2011.08.29 20:55:24 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-14.xml [2011.09.01 17:38:35 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-15.xml [2011.09.11 15:15:47 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-16.xml [2011.09.28 21:37:50 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-17.xml [2011.11.23 10:37:11 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-18.xml [2012.01.10 12:03:24 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-19.xml [2010.01.03 14:57:45 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-2.xml [2010.01.09 13:13:07 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-3.xml [2010.02.23 23:23:46 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-4.xml [2010.04.03 08:47:51 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-5.xml [2010.06.24 21:54:48 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-6.xml [2010.07.14 11:05:15 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-7.xml [2010.09.14 14:48:36 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-8.xml [2010.12.10 19:57:04 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-9.xml [2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin.xml [2013.04.28 10:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.28 10:10:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013.04.28 10:10:17 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009.03.03 12:00:30 | 001,275,856 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv501.dll [2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll [2010.03.08 12:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll [2013.04.28 10:10:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.28 10:10:13 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.04.28 10:10:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.04.28 10:10:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.28 10:10:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.28 10:10:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.10 09:16:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKCU..\Run: [PureSync] C:\Program Files\PureSync\PureSyncTray.exe (Jumping Bytes) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Uhguhauq] C:\Users\User\AppData\Roaming\Vodono\giib.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([]* in Trusted sites) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{477C6D91-E73F-4224-9551-E52262579A7A}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F4E43E1-D31D-4533-B5CA-CF197CFB0C5F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9106E2FD-0022-4030-A314-80F62D5AC611}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4115A20-A349-476D-96E7-AB5C209394EC}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D296F445-97CD-4566-883E-45FE9DFD96F9}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.01 16:10:50 | 000,000,000 | RH-D | M] - H:\autorun -- [ NTFS ] O32 - Unable to obtain root file information for disk H:\ O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.12 23:21:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.05.12 11:22:21 | 000,000,000 | ---D | C] -- C:\Users\User\Ebooks und Anleitungen [2013.05.12 11:20:19 | 000,000,000 | ---D | C] -- C:\Users\User\SchachtelmacherBlog [2013.05.10 17:33:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Vodono [2013.05.10 17:33:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Miru [2013.05.10 17:33:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Edzouz [2013.04.28 10:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.04.23 17:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.04.23 17:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2013.04.23 17:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2013.04.21 13:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.04.15 07:44:00 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\verkaufen [2013.01.30 20:16:47 | 006,451,200 | ---- | C] (Across Systems GmbH) -- C:\Program Files\setup.exe [2010.08.23 19:13:39 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\User\AppData\Roaming\REX Shared Library.dll [2010.08.23 19:13:39 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\User\AppData\Roaming\Rewire.dll [2010.08.08 19:20:43 | 002,497,825 | ---- | C] (No23) -- C:\Users\User\No23Recorder2103.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.12 23:21:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.05.12 23:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.12 23:15:49 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable [2013.05.12 23:15:15 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe [2013.05.12 22:06:45 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.12 22:06:45 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.12 22:06:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.12 22:06:31 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys [2013.05.12 22:05:17 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.05.12 16:51:21 | 000,000,206 | ---- | M] () -- C:\Users\User\Documents\cc_20130512_165119.reg [2013.05.12 16:51:07 | 000,000,456 | ---- | M] () -- C:\Users\User\Documents\cc_20130512_165105.reg [2013.05.12 16:50:50 | 000,122,862 | ---- | M] () -- C:\Users\User\Documents\cc_20130512_165040.reg [2013.05.11 14:50:33 | 000,071,568 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.11 14:50:33 | 000,022,322 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.11 14:50:33 | 000,019,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.11 14:50:33 | 000,011,390 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.24 18:40:14 | 000,214,016 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.15 14:04:13 | 000,474,417 | ---- | M] () -- C:\Users\User\Desktop\ticketbielefeld.pdf [2013.04.13 11:12:56 | 043,456,913 | ---- | M] () -- C:\Users\User\Desktop\Set_Gleis3.mp3 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.12 23:15:49 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable [2013.05.12 23:15:14 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe [2013.05.12 16:51:20 | 000,000,206 | ---- | C] () -- C:\Users\User\Documents\cc_20130512_165119.reg [2013.05.12 16:51:06 | 000,000,456 | ---- | C] () -- C:\Users\User\Documents\cc_20130512_165105.reg [2013.05.12 16:50:44 | 000,122,862 | ---- | C] () -- C:\Users\User\Documents\cc_20130512_165040.reg [2013.04.15 14:04:13 | 000,474,417 | ---- | C] () -- C:\Users\User\Desktop\ticketbielefeld.pdf [2013.04.13 11:11:50 | 043,456,913 | ---- | C] () -- C:\Users\User\Desktop\Set_Gleis3.mp3 [2013.01.30 20:16:48 | 000,001,985 | ---- | C] () -- C:\Program Files\setup.ini [2013.01.30 20:16:47 | 001,583,298 | ---- | C] () -- C:\Program Files\setup.chm [2013.01.30 12:26:34 | 746,653,266 | ---- | C] () -- C:\Program Files\Across_v5.0_SP1_de_LS_Offline_Client.zip [2013.01.30 12:26:12 | 395,410,043 | ---- | C] () -- C:\Program Files\Across_v5.3_50636_mui.zip [2013.01.26 21:01:16 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2012.12.19 16:45:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.11.29 17:40:02 | 000,662,786 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012.09.19 21:09:40 | 000,076,660 | ---- | C] () -- C:\Windows\System32\ativce02.dat [2012.09.04 17:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat [2012.09.04 17:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.08.10 20:40:20 | 000,000,027 | -HS- | C] () -- C:\ProgramData\.pr_data [2011.08.10 19:14:12 | 000,000,000 | -HS- | C] () -- C:\ProgramData\.pr_stat_data [2011.08.03 15:11:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.08.03 15:11:03 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.07.28 22:52:38 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2011.02.18 17:23:49 | 000,708,106 | ---- | C] () -- C:\Users\User\tatooschrift.psd [2011.02.18 17:23:39 | 000,138,280 | ---- | C] () -- C:\Users\User\tattoo.psd [2011.02.05 17:53:58 | 104,915,069 | ---- | C] () -- C:\Users\User\test.psd [2010.11.22 16:50:30 | 000,707,072 | ---- | C] () -- C:\Users\User\ws_ftple.exe [2010.09.14 14:53:35 | 000,009,675 | ---- | C] () -- C:\Users\User\emailadressen.csv [2010.07.23 16:59:03 | 000,003,661 | ---- | C] () -- C:\Users\User\license.lic [2010.07.23 09:27:00 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat [2009.06.03 18:30:04 | 000,001,482 | ---- | C] () -- C:\Users\User\AppData\Local\RecConfig.xml [2008.08.28 12:32:57 | 000,004,096 | -H-- | C] () -- C:\Users\User\AppData\Local\keyfile3.drm [2008.07.09 18:10:57 | 000,214,016 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.21 12:31:28 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.02.23 18:06:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Acreon [2011.07.27 13:18:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Atari [2011.04.10 09:03:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Azureus [2013.04.07 18:23:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitTorrent [2008.10.04 08:36:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\blg [2012.11.02 14:50:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\calibre [2013.01.20 20:10:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Cobra Mobile [2010.12.05 18:57:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\conkeror.mozdev.org [2013.04.18 11:29:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox [2013.04.06 15:41:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft [2011.03.08 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers [2013.05.10 17:33:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Edzouz [2010.01.28 16:52:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Flatcast [2010.11.21 10:49:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FUEL Demo [2008.10.09 20:12:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Games [2011.08.11 20:59:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GARMIN [2009.08.13 18:38:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRightToGo [2011.04.07 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER [2011.05.21 17:27:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HandBrake [2011.01.19 22:16:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HyperLobby [2010.08.07 10:51:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ [2011.04.11 19:28:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iPodder [2013.01.24 11:11:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Jumping Bytes [2010.12.12 15:47:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\lingDIALOG [2010.07.13 19:52:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ManyCam [2013.05.12 09:18:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Miru [2010.08.15 11:37:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ML [2010.08.25 13:15:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MudTV [2013.01.23 19:43:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\My Games [2010.08.25 16:24:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Navigram [2011.04.11 19:32:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nimiq [2011.10.07 14:04:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PlayFirst [2010.11.05 13:38:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Polynomial [2010.08.29 13:12:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Propellerhead Software [2010.11.06 15:44:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ProtectDISC [2010.11.05 14:30:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Quest3D [2010.11.05 14:30:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Roaming [2011.11.04 17:23:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Rovio [2012.10.30 23:38:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung [2011.07.24 14:21:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SimpleScreenshot [2013.01.25 11:44:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sony [2013.05.08 16:16:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify [2010.06.07 19:35:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Teleca [2013.01.23 22:45:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly [2012.07.23 22:11:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird [2010.12.12 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Trados [2010.11.26 22:26:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tropico 3 Demo [2013.04.07 18:23:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TS3Client [2011.02.26 19:28:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software [2013.01.26 21:14:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity of Command DEMO [2013.05.12 16:47:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent [2013.05.10 17:33:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Vodono [2011.07.10 22:11:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\wargaming.net [2011.07.24 12:29:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WEB.DE [2009.05.14 12:09:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\yess [2010.11.06 15:02:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\YoudaGames [2010.11.05 12:47:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ZombieDriver ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:33384BC0 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E5DE9C8F < End of report > Ich hoffe ich habe soweit alles richtig gemacht und mir kann hier jemand weiterhelfen. DANKE! |
| Themen zu TAN-Abfrage Commerzbank |
| antivir, avg, avira, bho, bonjour, converter, defender, downloader, ebanking, error, excel, firefox, flash player, format, google, home, logfile, mp3, nodrives, object, plug-in, problem, realtek, registry, safer networking, scan, schach, software, temp, vista |
Baum-Darstellung