Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TAN-Abfrage Commerzbank

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 12.05.2013, 22:46   #1
JustJoolez
 
TAN-Abfrage Commerzbank - Standard

TAN-Abfrage Commerzbank



Hallo alle zusammen...

ich bin wohl nicht die erste, die ein Problem mit einem Trojaner hat, der eine Seite beim Onlinebanking (Commerzbank) aufpoppen lässt und gerne meine Tans möchte...

Malwarebytes lässt sich nicht updaten, auf die INternetseiten von Microsoft und einigen anderen (vor allem Virenscannern) habe ich keinen Zugriff mehr.

Ich habe einen OTL Scan durchgeführt, nachdem ich den defogger durchgeführt habe...

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.05.2013 23:22:14 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,82% Memory free
6,24 Gb Paging File | 4,92 Gb Available in Paging File | 78,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 51,32 Gb Free Space | 17,22% Space Free | Partition Type: NTFS
Drive H: | 232,88 Gb Total Space | 156,64 Gb Free Space | 67,26% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\PureSync\PureSyncTray.exe (Jumping Bytes)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Programme\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\ProgramData\DatacardService\DCService.exe ()
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ba39e27ea796912fce296963622dfbae\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Windows\System32\atitmpxx.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (PMBDeviceInfoProvider) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe ()
SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (ewdmaudn) -- C:\Users\User\AppData\Local\Temp\ewdmaudn.sys File not found
DRV - (catchme) -- C:\Users\User\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdLH3.sys (Advanced Micro Devices)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (AppleHFS) -- C:\Windows\System32\drivers\AppleHFS.sys (Apple Inc.)
DRV - (AppleMNT) -- C:\Windows\System32\drivers\AppleMNT.sys (Apple Inc.)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (hxctlflt) -- C:\Windows\System32\drivers\hxctlflt.sys (Guillemot Corporation)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (s217unic) -- C:\Windows\System32\drivers\s217unic.sys (MCCI)
DRV - (s217mgmt) -- C:\Windows\System32\drivers\s217mgmt.sys (MCCI Corporation)
DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation)
DRV - (s217nd5) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation)
DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation)
DRV - (s217bus) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation)
DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation)
DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation)
DRV - (s125bus) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4F11ACBB-393F-4c86-A214-FF3D0D155CC3}: "URL" = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\User\AppData\Roaming\Flatcast\NpFv522.dll (1 mal 1 Software GmbH)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.07.31 21:30:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.01.23 20:23:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.28 10:10:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.28 10:10:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.02 20:46:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.02 20:46:35 | 000,000,000 | ---D | M]
 
[2010.12.05 18:57:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010.12.05 18:57:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{a79fe89b-6662-4ff4-8e88-09950ad4dfde}
[2013.04.02 19:54:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\qtnzqs1n.default\extensions
[2009.10.26 19:21:17 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\qtnzqs1n.default\extensions\moveplayer@movenetworks.com
[2013.04.02 19:54:57 | 000,392,806 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2012.07.23 21:32:42 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012.12.11 13:25:11 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.05.11 07:50:20 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-1.xml
[2011.03.02 22:28:28 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-10.xml
[2011.03.23 17:35:00 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-11.xml
[2011.04.30 00:36:33 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-12.xml
[2011.06.22 23:00:50 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-13.xml
[2011.08.29 20:55:24 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-14.xml
[2011.09.01 17:38:35 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-15.xml
[2011.09.11 15:15:47 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-16.xml
[2011.09.28 21:37:50 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-17.xml
[2011.11.23 10:37:11 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-18.xml
[2012.01.10 12:03:24 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-19.xml
[2010.01.03 14:57:45 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-2.xml
[2010.01.09 13:13:07 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-3.xml
[2010.02.23 23:23:46 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-4.xml
[2010.04.03 08:47:51 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-5.xml
[2010.06.24 21:54:48 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-6.xml
[2010.07.14 11:05:15 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-7.xml
[2010.09.14 14:48:36 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-8.xml
[2010.12.10 19:57:04 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-9.xml
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin.xml
[2013.04.28 10:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.28 10:10:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013.04.28 10:10:17 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.03.03 12:00:30 | 001,275,856 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv501.dll
[2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
[2010.03.08 12:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll
[2013.04.28 10:10:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.28 10:10:13 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.04.28 10:10:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.28 10:10:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.28 10:10:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.28 10:10:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.10 09:16:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [PureSync] C:\Program Files\PureSync\PureSyncTray.exe (Jumping Bytes)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Uhguhauq] C:\Users\User\AppData\Roaming\Vodono\giib.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{477C6D91-E73F-4224-9551-E52262579A7A}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F4E43E1-D31D-4533-B5CA-CF197CFB0C5F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9106E2FD-0022-4030-A314-80F62D5AC611}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4115A20-A349-476D-96E7-AB5C209394EC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D296F445-97CD-4566-883E-45FE9DFD96F9}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.01 16:10:50 | 000,000,000 | RH-D | M] - H:\autorun -- [ NTFS ]
O32 - Unable to obtain root file information for disk H:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.12 23:21:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.05.12 11:22:21 | 000,000,000 | ---D | C] -- C:\Users\User\Ebooks und Anleitungen
[2013.05.12 11:20:19 | 000,000,000 | ---D | C] -- C:\Users\User\SchachtelmacherBlog
[2013.05.10 17:33:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Vodono
[2013.05.10 17:33:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Miru
[2013.05.10 17:33:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Edzouz
[2013.04.28 10:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.23 17:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.04.23 17:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2013.04.23 17:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013.04.21 13:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.04.15 07:44:00 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\verkaufen
[2013.01.30 20:16:47 | 006,451,200 | ---- | C] (Across Systems GmbH) -- C:\Program Files\setup.exe
[2010.08.23 19:13:39 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\User\AppData\Roaming\REX Shared Library.dll
[2010.08.23 19:13:39 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\User\AppData\Roaming\Rewire.dll
[2010.08.08 19:20:43 | 002,497,825 | ---- | C] (No23) -- C:\Users\User\No23Recorder2103.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.12 23:21:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.05.12 23:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.12 23:15:49 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2013.05.12 23:15:15 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2013.05.12 22:06:45 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.12 22:06:45 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.12 22:06:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.12 22:06:31 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.12 22:05:17 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.05.12 16:51:21 | 000,000,206 | ---- | M] () -- C:\Users\User\Documents\cc_20130512_165119.reg
[2013.05.12 16:51:07 | 000,000,456 | ---- | M] () -- C:\Users\User\Documents\cc_20130512_165105.reg
[2013.05.12 16:50:50 | 000,122,862 | ---- | M] () -- C:\Users\User\Documents\cc_20130512_165040.reg
[2013.05.11 14:50:33 | 000,071,568 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.11 14:50:33 | 000,022,322 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.11 14:50:33 | 000,019,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.11 14:50:33 | 000,011,390 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.24 18:40:14 | 000,214,016 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.04.15 14:04:13 | 000,474,417 | ---- | M] () -- C:\Users\User\Desktop\ticketbielefeld.pdf
[2013.04.13 11:12:56 | 043,456,913 | ---- | M] () -- C:\Users\User\Desktop\Set_Gleis3.mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.12 23:15:49 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2013.05.12 23:15:14 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2013.05.12 16:51:20 | 000,000,206 | ---- | C] () -- C:\Users\User\Documents\cc_20130512_165119.reg
[2013.05.12 16:51:06 | 000,000,456 | ---- | C] () -- C:\Users\User\Documents\cc_20130512_165105.reg
[2013.05.12 16:50:44 | 000,122,862 | ---- | C] () -- C:\Users\User\Documents\cc_20130512_165040.reg
[2013.04.15 14:04:13 | 000,474,417 | ---- | C] () -- C:\Users\User\Desktop\ticketbielefeld.pdf
[2013.04.13 11:11:50 | 043,456,913 | ---- | C] () -- C:\Users\User\Desktop\Set_Gleis3.mp3
[2013.01.30 20:16:48 | 000,001,985 | ---- | C] () -- C:\Program Files\setup.ini
[2013.01.30 20:16:47 | 001,583,298 | ---- | C] () -- C:\Program Files\setup.chm
[2013.01.30 12:26:34 | 746,653,266 | ---- | C] () -- C:\Program Files\Across_v5.0_SP1_de_LS_Offline_Client.zip
[2013.01.30 12:26:12 | 395,410,043 | ---- | C] () -- C:\Program Files\Across_v5.3_50636_mui.zip
[2013.01.26 21:01:16 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.12.19 16:45:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.11.29 17:40:02 | 000,662,786 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.09.19 21:09:40 | 000,076,660 | ---- | C] () -- C:\Windows\System32\ativce02.dat
[2012.09.04 17:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat
[2012.09.04 17:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.08.10 20:40:20 | 000,000,027 | -HS- | C] () -- C:\ProgramData\.pr_data
[2011.08.10 19:14:12 | 000,000,000 | -HS- | C] () -- C:\ProgramData\.pr_stat_data
[2011.08.03 15:11:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.08.03 15:11:03 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.07.28 22:52:38 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.02.18 17:23:49 | 000,708,106 | ---- | C] () -- C:\Users\User\tatooschrift.psd
[2011.02.18 17:23:39 | 000,138,280 | ---- | C] () -- C:\Users\User\tattoo.psd
[2011.02.05 17:53:58 | 104,915,069 | ---- | C] () -- C:\Users\User\test.psd
[2010.11.22 16:50:30 | 000,707,072 | ---- | C] () -- C:\Users\User\ws_ftple.exe
[2010.09.14 14:53:35 | 000,009,675 | ---- | C] () -- C:\Users\User\emailadressen.csv
[2010.07.23 16:59:03 | 000,003,661 | ---- | C] () -- C:\Users\User\license.lic
[2010.07.23 09:27:00 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2009.06.03 18:30:04 | 000,001,482 | ---- | C] () -- C:\Users\User\AppData\Local\RecConfig.xml
[2008.08.28 12:32:57 | 000,004,096 | -H-- | C] () -- C:\Users\User\AppData\Local\keyfile3.drm
[2008.07.09 18:10:57 | 000,214,016 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.21 12:31:28 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.02.23 18:06:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Acreon
[2011.07.27 13:18:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Atari
[2011.04.10 09:03:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Azureus
[2013.04.07 18:23:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitTorrent
[2008.10.04 08:36:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\blg
[2012.11.02 14:50:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\calibre
[2013.01.20 20:10:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Cobra Mobile
[2010.12.05 18:57:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\conkeror.mozdev.org
[2013.04.18 11:29:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox
[2013.04.06 15:41:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft
[2011.03.08 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.05.10 17:33:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Edzouz
[2010.01.28 16:52:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Flatcast
[2010.11.21 10:49:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FUEL Demo
[2008.10.09 20:12:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Games
[2011.08.11 20:59:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GARMIN
[2009.08.13 18:38:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRightToGo
[2011.04.07 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER
[2011.05.21 17:27:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HandBrake
[2011.01.19 22:16:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HyperLobby
[2010.08.07 10:51:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ
[2011.04.11 19:28:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iPodder
[2013.01.24 11:11:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Jumping Bytes
[2010.12.12 15:47:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\lingDIALOG
[2010.07.13 19:52:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ManyCam
[2013.05.12 09:18:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Miru
[2010.08.15 11:37:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ML
[2010.08.25 13:15:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MudTV
[2013.01.23 19:43:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\My Games
[2010.08.25 16:24:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Navigram
[2011.04.11 19:32:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nimiq
[2011.10.07 14:04:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PlayFirst
[2010.11.05 13:38:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Polynomial
[2010.08.29 13:12:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Propellerhead Software
[2010.11.06 15:44:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ProtectDISC
[2010.11.05 14:30:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Quest3D
[2010.11.05 14:30:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Roaming
[2011.11.04 17:23:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Rovio
[2012.10.30 23:38:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
[2011.07.24 14:21:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SimpleScreenshot
[2013.01.25 11:44:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sony
[2013.05.08 16:16:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
[2010.06.07 19:35:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Teleca
[2013.01.23 22:45:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly
[2012.07.23 22:11:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird
[2010.12.12 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Trados
[2010.11.26 22:26:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tropico 3 Demo
[2013.04.07 18:23:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TS3Client
[2011.02.26 19:28:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2013.01.26 21:14:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity of Command DEMO
[2013.05.12 16:47:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2013.05.10 17:33:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Vodono
[2011.07.10 22:11:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\wargaming.net
[2011.07.24 12:29:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WEB.DE
[2009.05.14 12:09:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\yess
[2010.11.06 15:02:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\YoudaGames
[2010.11.05 12:47:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ZombieDriver
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:33384BC0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E5DE9C8F

< End of report >
         
--- --- ---


Ich hoffe ich habe soweit alles richtig gemacht und mir kann hier jemand weiterhelfen.

DANKE!

 

Themen zu TAN-Abfrage Commerzbank
antivir, avg, avira, bho, bonjour, converter, defender, downloader, ebanking, error, excel, firefox, flash player, format, google, home, logfile, mp3, nodrives, object, plug-in, problem, realtek, registry, safer networking, scan, schach, software, temp, vista




Ähnliche Themen: TAN-Abfrage Commerzbank


  1. Commerzbank Online-Banking, Tan-Liste 100 Abfrage
    Log-Analyse und Auswertung - 17.09.2013 (7)
  2. Commerzbank TAN Abfrage Trojaner
    Log-Analyse und Auswertung - 25.05.2013 (12)
  3. 100 TAN Trojaner Commerzbank
    Plagegeister aller Art und deren Bekämpfung - 24.05.2013 (9)
  4. 100 Tan Abfrage Commerzbank Windows Vista Home Premium 32 Bit, IE 9.0.16
    Log-Analyse und Auswertung - 18.05.2013 (7)
  5. 100 Tan Abfrage Commerzbank windows 8
    Log-Analyse und Auswertung - 24.04.2013 (1)
  6. 2x | Commerzbank 100 Tan Abfrage Trojaner Windows 8
    Mülltonne - 24.04.2013 (1)
  7. Commerzbank 100 TAN Trojaner
    Log-Analyse und Auswertung - 14.03.2013 (15)
  8. Commerzbank Trojaner (100 TAN Abfrage)
    Plagegeister aller Art und deren Bekämpfung - 08.12.2012 (14)
  9. Commerzbank Trojaner (100 TAN Abfrage)
    Diskussionsforum - 01.12.2012 (2)
  10. Commerzbank 100 Tan Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (15)
  11. Commerzbank Trojaner (100 TAN Abfrage)
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (13)
  12. 100 Tan Trojaner Commerzbank
    Plagegeister aller Art und deren Bekämpfung - 10.08.2011 (1)
  13. Commerzbank Trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.07.2011 (23)
  14. Commerzbank 100 Tan
    Plagegeister aller Art und deren Bekämpfung - 12.07.2011 (17)
  15. Trojaner 100-Pin Commerzbank
    Plagegeister aller Art und deren Bekämpfung - 08.07.2011 (4)
  16. Commerzbank Trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.06.2011 (18)
  17. TAN Trojaner bei Commerzbank
    Plagegeister aller Art und deren Bekämpfung - 10.11.2010 (15)

Zum Thema TAN-Abfrage Commerzbank - Hallo alle zusammen... ich bin wohl nicht die erste, die ein Problem mit einem Trojaner hat, der eine Seite beim Onlinebanking (Commerzbank) aufpoppen lässt und gerne meine Tans möchte... Malwarebytes - TAN-Abfrage Commerzbank...
Archiv
Du betrachtest: TAN-Abfrage Commerzbank auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.