trojaner an bord! online-banking gesperrt

tozi · 26.06.2011, 15:20

hallo und danke für die antwort und hilfe. Defogger forderte aber nicht zum Neustart auf
hier die defogger-copies:

defogger_enable by jpshortstuff (23.02.10.1)
Log created at 16:18 on 26/06/2011 (Thomas)

Parsing file...

-=E.O.F=-

________________________________________________________________

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:15 on 26/06/2011 (Thomas)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

M-K-D-B · 26.06.2011, 15:40

Hallo Thomas,

Zitat:

Zitat von tozi

Defogger forderte aber nicht zum Neustart auf

Das ist ok so.

Führe die beiden anderen Programm aus und poste die gewünschten Logfiles.

Vielen Dank.

tozi · 26.06.2011, 16:00

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 26.06.2011 16:25:06 - Run 1
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Dokumente und Einstellungen\Thomas\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,25 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 71,80% Memory free
1,48 Gb Paging File | 0,98 Gb Available in Paging File | 66,39% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 8,79 Gb Total Space | 0,01 Gb Free Space | 0,09% Space Free | Partition Type: NTFS
Drive D: | 5,50 Gb Total Space | 3,58 Gb Free Space | 65,08% Space Free | Partition Type: FAT32
Drive E: | 197,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 465,76 Gb Total Space | 452,63 Gb Free Space | 97,18% Space Free | Partition Type: NTFS
 
Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.06.26 16:23:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe
PRC - [2011.04.27 14:50:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.27 18:57:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.01.10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.03.27 17:00:00 | 000,057,344 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CNAB4RPK.EXE
PRC - [2002.10.15 19:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.26 16:23:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe
MOD - [2008.04.14 04:20:11 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.04.27 14:50:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.27 18:57:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.08.13 09:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009.11.24 13:33:20 | 000,307,968 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.02.27 14:15:14 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.27 18:57:15 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.01.10 15:23:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.04.13 20:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.10.19 10:05:00 | 000,380,928 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2004.08.04 08:38:56 | 000,327,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2002.11.18 16:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001.08.17 14:04:46 | 000,223,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrv21.sys -- (camvid20)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/?status=login-failed&mc=freemail@msg@logonfailed.hp@home@hinweis
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/fm?status=login-failed"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&q="
 
 
FF - HKLM\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5018 [2011.06.15 20:20:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: D:\mozilla\components [2009.09.07 11:52:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: D:\mozilla\plugins [2009.09.07 11:52:30 | 000,000,000 | ---D | M]
 
[2009.05.07 17:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Extensions
[2011.03.30 19:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\extensions
[2009.09.03 09:43:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.25 23:11:40 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2010.08.30 21:15:14 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.08.05 21:33:12 | 000,000,935 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\searchplugins\conduit.xml
[2009.09.07 11:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.01.19 23:22:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.06.15 20:20:23 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5018
[2009.12.04 16:30:30 | 000,000,000 | ---D | M] (Java Console) -- D:\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.01 16:34:18 | 000,000,000 | ---D | M] (Java Console) -- D:\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.05.12 19:54:14 | 000,000,000 | ---D | M] (Java Console) -- D:\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009.04.15 17:37:50 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
 
O1 HOSTS File: ([2003.04.02 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - No CLSID value found.
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {C689C99E-3A8C-4c87-A79C-C80DC9C81632} - C:\WINDOWS\system32\AcroIEHelpe035.dll (Adobe Systems, Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [{8F48A3C8-B867-6C6B-E368-15DDC3AF994D}] C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Henag\inojo.exe ()
O4 - HKCU..\RunOnce: [Shockwave Updater]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226429018769 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\appconf32.exe) - C:\WINDOWS\system32\appconf32.exe ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.11 20:09:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{520c9390-b055-11df-bbc9-001e58a1587d}\Shell - "" = AutoRun
O33 - MountPoints2\{520c9390-b055-11df-bbc9-001e58a1587d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{520c9390-b055-11df-bbc9-001e58a1587d}\Shell\AutoRun\command - "" = G:\iStudio.exe
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.26 16:23:20 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe
[2011.06.25 14:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.06.19 17:44:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011.06.19 17:41:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\.sol Editor
[2011.06.19 17:41:09 | 000,000,000 | ---D | C] -- C:\Programme\Sol Edit
[2011.06.15 20:20:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5018
[2011.06.10 15:19:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2011.06.10 15:19:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5017
[2011.06.08 15:25:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5016
[2011.06.08 15:24:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2011.06.08 15:24:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.26 16:23:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe
[2011.06.26 16:03:49 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2011.06.26 16:03:40 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.06.26 16:03:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.06.26 16:03:37 | 1341,689,856 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.22 23:26:39 | 000,137,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.20 00:48:19 | 000,000,043 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.10 19:11:27 | 000,000,043 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
[2011.03.27 16:00:13 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2010.07.16 19:45:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.16 17:04:44 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010.03.28 11:53:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CPC10QA4.INI
[2009.12.10 17:36:08 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2009.11.26 16:47:19 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2009.11.26 16:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BBCAuto.INI
[2009.04.14 18:53:54 | 000,000,373 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2009.01.26 18:44:18 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Thomas.ini
[2009.01.08 18:00:31 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008.12.09 17:23:13 | 000,047,104 | RHS- | C] () -- C:\WINDOWS\System32\appconf32.exe
[2008.11.30 14:49:11 | 000,000,250 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008.11.12 22:16:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.11.12 00:07:12 | 000,000,888 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008.11.12 00:07:05 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2008.11.11 23:02:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.11.11 22:44:21 | 000,137,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.11 21:42:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.11.11 20:13:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.11.11 20:06:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.11.11 19:59:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.11.11 19:57:06 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.05.26 23:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 23:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 23:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2004.08.04 07:29:31 | 000,032,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2004.08.04 07:29:31 | 000,032,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2004.08.04 07:29:30 | 000,065,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2004.08.04 07:29:30 | 000,020,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2004.08.04 07:29:29 | 000,032,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2004.08.04 07:29:29 | 000,011,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2004.08.04 07:29:28 | 000,011,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2004.08.04 07:29:27 | 000,060,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2003.04.02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003.04.02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003.04.02 14:00:00 | 000,473,624 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003.04.02 14:00:00 | 000,432,492 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003.04.02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003.04.02 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003.04.02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003.04.02 14:00:00 | 000,089,914 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003.04.02 14:00:00 | 000,067,448 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003.04.02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003.04.02 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003.04.02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003.04.02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003.04.02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003.04.02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.11.19 16:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2002.11.19 16:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
 
========== LOP Check ==========
 
[2010.02.25 14:51:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2009.04.14 18:44:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2009.05.03 12:01:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2008.11.11 22:59:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011.06.26 16:04:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Arxop
[2010.09.11 10:17:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Ashampoo
[2009.04.14 18:44:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Buhl Data Service
[2009.04.15 17:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Foxit
[2010.07.29 17:31:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Foxit Software
[2010.05.01 12:03:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\GrabPro
[2011.05.13 22:22:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Henag
[2010.06.03 09:09:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Orbit
[2010.12.01 00:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\PriceGong
[2008.11.11 22:59:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\TuneUp Software
[2009.01.08 18:03:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\WEBDE
[2008.11.12 14:53:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Windows Desktop Search
[2008.11.12 21:25:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Windows Search
[2011.06.26 16:03:49 | 000,000,494 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Dokumente und Einstellungen\Thomas\Desktop\CWSysinfo.exe:SummaryInformation
@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B606BA34

< End of report >

--- --- ---

trojaner an bord! online-banking gesperrt

Plagegeister aller Art und deren Bekämpfung: trojaner an bord! online-banking gesperrt