Postbank Online Banking Trojaner

markusg · 11.06.2013, 19:05

nur eine.
browser schließen, hitmanpro funde löschen, neustart neues otl log.

mw84 · 12.06.2013, 00:25

Servus markusg,

Hitmanpro hat keine Threats angezeigt die gelöscht werden könnten, nur Cookies, diese konnte ich nicht löschen da ich keinen Lizenzschlüssel habe. Hier ist das neue OTL-Log:

Code:

ATTFilter

OTL logfile created on: 12.06.2013 01:07:27 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Administrator***.000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,24 Gb Total Physical Memory | 0,74 Gb Available Physical Memory | 59,73% Memory free
2,34 Gb Paging File | 1,87 Gb Available in Paging File | 79,96% Paging File free
Paging file location(s): F:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 24,77 Gb Total Space | 4,88 Gb Free Space | 19,72% Space Free | Partition Type: NTFS
Drive F: | 49,76 Gb Total Space | 14,47 Gb Free Space | 29,09% Space Free | Partition Type: NTFS
Drive Y: | 100,00 Gb Total Space | 25,25 Gb Free Space | 25,25% Space Free | Partition Type: NTFS
Drive Z: | 100,00 Gb Total Space | 25,25 Gb Free Space | 25,25% Space Free | Partition Type: NTFS
 
Computer Name: WS01 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Dokumente und Einstellungen\Administrator***.000\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
PRC - C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - c:\Programme\TeamViewer\Version7\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - c:\Programme\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\NetPhone Client\CLMgr.exe (Deutsche Telekom AG)
PRC - C:\Programme\NetPhone Client\NetPhone Client.exe (Deutsche Telekom AG)
PRC - C:\Programme\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\MDM.EXE (Microsoft Corporation)
PRC - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe (Computer Associates)
PRC - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe (Computer Associates)
PRC - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe (Computer Associates)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b6efe2639cf6d0f305cf4cb8d0a34304\System.ServiceModel.ni.dll ()
MOD - c:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\7a988be08a38e064d76f9a6decdc4ed7\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\51e7151c1420690c754d7f986c4b1c42\System.Runtime.Serialization.ni.dll ()
MOD - c:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8437e1bde9814389b822daaa51e7862e\UIAutomationTypes.ni.dll ()
MOD - c:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\0b5c7d832d0a10ddcfa764d3e4adce14\UIAutomationProvider.ni.dll ()
MOD - c:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - c:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - c:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\7af854942c9c39fe54d805b8c5b83360\PresentationCFFRasterizer.ni.dll ()
MOD - c:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - c:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\IpPbxTracing\1.0.0.0__cf78dfa0a74454f8\IpPbxTracing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\IpPbxCDSSharedLib\8.1.0.634__cf78dfa0a74454f8\IpPbxCDSSharedLib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\NetPhone Client\SPLicense.dll ()
MOD - C:\Programme\Hardcopy\HcDllS.dll ()
MOD - C:\Programme\Hardcopy\hardcopy_03.dll ()
MOD - C:\Programme\Hardcopy\HcDLL2_30_Win32.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (CrossLoopService) -- C:\Dokumente und Einstellungen\Administrator***\Lokale Einstellungen\Anwendungsdaten\CrossLoop\CrossLoopService.exe File not found
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (avgwd) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FolderSize) -- C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\MDM.EXE (Microsoft Corporation)
SRV - (CA_LIC_SRVR) -- C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe (Computer Associates)
SRV - (LogWatch) -- C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe (Computer Associates)
SRV - (CA_LIC_CLNT) -- C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe (Computer Associates)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Xdi27) -- System32\Drivers\Xdi27.sys File not found
DRV - (WDICA) --  File not found
DRV - (Sye73) -- System32\Drivers\Sye73.sys File not found
DRV - (Sxc05) -- System32\Drivers\Sxc05.sys File not found
DRV - (Qvb40) -- System32\Drivers\Qvb40.sys File not found
DRV - (PLCMPR5) -- C:\WINDOWS\system32\PLCMPR5.SYS File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (Otx16) -- System32\Drivers\Otx16.sys File not found
DRV - (Nsx83) -- System32\Drivers\Nsx83.sys File not found
DRV - (Lqu84) -- System32\Drivers\Lqu84.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (Jos16) -- System32\Drivers\Jos16.sys File not found
DRV - (Ins38) -- System32\Drivers\Ins38.sys File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (Afj38) -- System32\Drivers\Afj38.sys File not found
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ezplay) -- C:\WINDOWS\system32\drivers\ezplay.sys (VSO Software)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc. and WildPackets, Inc.)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (ATHER) -- C:\WINDOWS\system32\drivers\ar5210b.sys (Atheros Communications, Inc. and WildPackets, Inc.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1258913651-1105399225-782984527-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.postbank.de/
IE - HKU\S-1-5-21-1258913651-1105399225-782984527-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1258913651-1105399225-782984527-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1693978300-2304331782-1079778971-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1693978300-2304331782-1079778971-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1693978300-2304331782-1079778971-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A 2A C8 75 42 DC CC 01  [binary data]
IE - HKU\S-1-5-21-1693978300-2304331782-1079778971-1136\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1693978300-2304331782-1079778971-1136\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1693978300-2304331782-1079778971-1136\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1693978300-2304331782-1079778971-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1693978300-2304331782-1079778971-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1693978300-2304331782-1079778971-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1802611827-2498659178-3567448414-1138\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1802611827-2498659178-3567448414-1138\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1802611827-2498659178-3567448414-1138\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1802611827-2498659178-3567448414-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1802611827-2498659178-3567448414-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1802611827-2498659178-3567448414-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1802611827-2498659178-3567448414-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-854245398-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-854245398-1177238915-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-854245398-1177238915-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-854245398-1177238915-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 35 73 41 70 61 CA 01  [binary data]
IE - HKU\S-1-5-21-854245398-1177238915-839522115-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-854245398-1177238915-839522115-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-854245398-1177238915-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Administrator***.000\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Administrator***.000\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Programme\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.24 11:08:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.05.22 10:54:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.06.11 15:06:28 | 000,000,000 | ---D | M]
 
[2012.08.22 09:32:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator***.000\Anwendungsdaten\Mozilla\Extensions
[2012.11.27 01:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator***.000\Anwendungsdaten\Mozilla\Firefox\Profiles\acrpuytn.default\extensions
[2013.06.11 15:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.05.22 10:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.22 10:54:10 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2013.06.10 20:57:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1693978300-2304331782-1079778971-500\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKU\S-1-5-21-1802611827-2498659178-3567448414-1138..\Run: [execkexec] "C:\Dokumente und Einstellungen\rweber***.000\Anwendungsdaten\execkexec.exe" -autorun File not found
O4 - HKU\S-1-5-21-1802611827-2498659178-3567448414-1138..\Run: [SlimDrivers] C:\Programme\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.)
O4 - HKU\S-1-5-21-1258913651-1105399225-782984527-1008..\RunOnce: [spchecker] "C:\Programme\AVG\AVG10\Notification\SPCheckerTE.exe" File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NetPhone Client.lnk = C:\Programme\NetPhone Client\NetPhone Client.exe (Deutsche Telekom AG)
O4 - Startup: C:\Dokumente und Einstellungen\RWeber***\Startmenü\Programme\Autostart\OpenOffice.org 2.3.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1258913651-1105399225-782984527-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1258913651-1105399225-782984527-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1258913651-1105399225-782984527-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1258913651-1105399225-782984527-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1693978300-2304331782-1079778971-1136\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1693978300-2304331782-1079778971-1136\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1693978300-2304331782-1079778971-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1693978300-2304331782-1079778971-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1802611827-2498659178-3567448414-1138\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1802611827-2498659178-3567448414-1138\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1802611827-2498659178-3567448414-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1802611827-2498659178-3567448414-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1802611827-2498659178-3567448414-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1802611827-2498659178-3567448414-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-854245398-1177238915-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854245398-1177238915-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-1177238915-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854245398-1177238915-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Markierte Rufnummer/URI wählen - C:\Programme\NetPhone Client\IEDial.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office2k\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office2k\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: NetPhone Client Wählhilfe - {F8E553C6-4C00-11D3-80BC-00105A653379} - C:\Programme\NetPhone Client\IEDial.htm ()
O9 - Extra 'Tools' menuitem : NetPhone Client Wählhilfe - {F8E553C6-4C00-11D3-80BC-00105A653379} - C:\Programme\NetPhone Client\IEDial.htm ()
O15 - HKU\S-1-5-21-854245398-1177238915-839522115-500\..Trusted Domains: server1 ([]* in Lokales Intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ralfweber.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{644B8927-A506-4B42-A7FC-DBCE5FD5D022}: DhcpNameServer = 192.168.0.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACBF4C40-1DA6-4663-B474-2888ADE499FB}: NameServer = 192.168.0.254
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.05.21 20:22:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.12 01:06:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator***.000\Desktop\OTL.exe
[2013.06.11 19:29:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2013.06.11 15:23:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator***.000\Recent
[2013.06.11 15:23:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.06.11 15:22:01 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2013.06.11 15:21:44 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.06.11 15:21:43 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.06.11 15:21:33 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.06.11 15:21:33 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.06.11 15:21:32 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.06.11 15:01:25 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.06.11 15:01:25 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.06.11 15:00:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator***.000\Lokale Einstellungen\Anwendungsdaten\Adobe
[2013.06.11 01:03:01 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2013.06.10 20:33:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.06.10 19:44:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.06.10 19:44:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.06.10 19:44:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.06.10 19:44:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.06.10 19:44:28 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.10 19:44:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.10 19:44:03 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator***.000\Startmenü\Programme\Verwaltung
[2013.06.10 19:44:03 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator***.000\Eigene Dateien\Eigene Videos
[2013.06.10 19:43:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.06.10 17:11:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.10 14:48:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
[2013.06.07 21:37:30 | 000,000,000 | ---D | C] -- C:\Programme\Emsisoft Anti-Malware
[2013.06.07 21:37:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator***.000\Eigene Dateien\Anti-Malware
[2013.05.22 10:53:48 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.05.15 12:14:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.12 01:04:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.12 00:46:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.06.12 00:35:00 | 000,001,270 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1802611827-2498659178-3567448414-500UA.job
[2013.06.11 19:55:01 | 000,096,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator***.000\Desktop\HitmanPro_20130611_1951.xml
[2013.06.11 17:35:00 | 000,001,218 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1802611827-2498659178-3567448414-500Core.job
[2013.06.11 15:38:28 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.11 15:38:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.06.11 15:34:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.06.11 15:21:13 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.06.11 15:21:11 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.06.11 15:21:11 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.06.11 15:21:11 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.06.11 15:21:11 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.06.11 15:21:10 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013.06.11 15:21:10 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013.06.11 15:16:43 | 000,478,134 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.06.11 15:16:43 | 000,436,480 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.06.11 15:16:43 | 000,092,198 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.06.11 15:16:43 | 000,069,376 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.06.11 15:06:30 | 000,001,720 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
[2013.06.11 15:01:25 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.06.11 15:01:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.06.11 14:47:43 | 000,208,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.06.11 11:59:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013.06.11 11:49:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.06.11 11:22:19 | 000,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2013.06.11 08:39:57 | 000,149,355 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2013.06.11 08:33:30 | 122,751,937 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2013.06.11 01:03:05 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2013.06.10 20:57:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.06.10 20:33:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.06.10 16:18:07 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator***.000\Desktop\MBR.dat
[2013.06.10 15:32:31 | 000,648,201 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator***.000\Desktop\adwcleaner2303.exe
[2013.06.10 14:34:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator***.000\Desktop\OTL.exe
[2013.06.07 19:32:17 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.15 12:14:23 | 000,000,704 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2012.lnk
[2 C:\Programme\*.tmp files -> C:\Programme\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.11 19:51:47 | 000,096,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator***.000\Desktop\HitmanPro_20130611_1951.xml
[2013.06.11 15:30:45 | 000,648,201 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator***.000\Desktop\adwcleaner2303.exe
[2013.06.11 15:06:29 | 000,001,720 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
[2013.06.11 15:06:28 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk
[2013.06.11 15:01:26 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.06.11 01:03:04 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2013.06.10 20:33:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.06.10 20:33:35 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.06.10 19:44:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.06.10 19:44:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.06.10 19:44:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.06.10 19:44:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.06.10 19:44:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.06.10 16:18:07 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator***.000\Desktop\MBR.dat
[2012.02.15 14:22:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2007.10.03 20:08:39 | 000,008,924 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2012.02.20 21:57:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.04.29 06:33:23 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

MfG

Manuel

markusg · 12.06.2013, 14:26

Hi,

otl fix

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
SRV - (CrossLoopService) -- C:\Dokumente und Einstellungen\Administrator***\Lokale Einstellungen\Anwendungsdaten\CrossLoop\CrossLoopService.exe File not
found
DRV - (Sxc05) -- System32\Drivers\Sxc05.sys File not found
DRV - (Qvb40) -- System32\Drivers\Qvb40.sys File not found
DRV - (PLCMPR5) -- C:\WINDOWS\system32\PLCMPR5.SYS File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (Otx16) -- System32\Drivers\Otx16.sys File not found
DRV - (Nsx83) -- System32\Drivers\Nsx83.sys File not found
DRV - (Lqu84) -- System32\Drivers\Lqu84.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (Jos16) -- System32\Drivers\Jos16.sys File not found
DRV - (Ins38) -- System32\Drivers\Ins38.sys File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (Afj38) -- System32\Drivers\Afj38.sys File not found
O3 - HKU\S-1-5-21-1693978300-2304331782-1079778971-500\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKU\S-1-5-21-1802611827-2498659178-3567448414-1138..\Run: [execkexec] "C:\Dokumente und Einstellungen\rweber***.000\Anwendungsdaten\execkexec.exe"
-autorun File not found
O4 - Startup: C:\Dokumente und Einstellungen\RWeber***\Startmenü\Programme\Autostart\OpenOffice.org 2.3.lnk =  File not found
:files
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.

mw84 · 12.06.2013, 16:07

Servus markusg,

nachdem ich auf den Fix-Button gedrückt habe hat sich OTL aufgehängt. Damit meine ich es hat über einen Zeitraum von über einer halben Stunde nicht reagiert, es konnte sich nur durch den Task-Manager beenden lassen. Auch ein 2. Versuch kam zu demselben Ergebnis. Ich habe einen Screenshot gemacht, ich hoffe darauf kann man erkennen woran es liegt da auch nach einem Neustart keine Log-Datei erstellt wird. Der Screenshot befindet sich im Anhang.

MfG

Manuel

markusg · 12.06.2013, 18:00

speichere dir mal das script ab, starte neu, drücke f8 wähle abgesicherter Modus melde dich in deinem Konto an und teste es noch mal

mw84 · 12.06.2013, 19:10

Servus markusg,

leider hat das Script auch im abgesicherten Modus dasselbe Ergebnis geliefert.

MfG

Manuel

mw84 · 13.06.2013, 21:30

Servus markusg,

ist der PC jetzt eigentlich wieder sauber? Oder soll mein Verwandter auf jeden Fall noch warten?

lg

Manuel

markusg · 13.06.2013, 21:36

sorry, habs übersehen, teste mal wie unter dem script geschrieben

13.06.2013, 21:36	#23
markusg /// Malware-holic	Postbank Online Banking Trojaner sorry, habs übersehen, teste mal wie unter dem script geschrieben __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Postbank Online Banking Trojaner

Plagegeister aller Art und deren Bekämpfung: Postbank Online Banking Trojaner