| |
| |||||||
Log-Analyse und Auswertung: Verdacht auf Banken Trojaner evtl. ZeusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.08.2012, 23:05
| #16 |
 |  Verdacht auf Banken Trojaner evtl. ZeusCode:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/10/2012 at 23:59:29
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Schulleitung - LENOVO1
# Running from : C:\Users\Schulleitung\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Schulleitung\AppData\Local\Babylon
Folder Deleted : C:\Users\SCHULL~1\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Schulleitung\AppData\Roaming\Babylon
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
***** [Registry] *****
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?AF=109958&tt=290312_bexdll&babsrc=HP_ss&mntrId=2831d05a00000000000000ffade9e61a --> hxxp://www.google.com
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Schulleitung\AppData\Roaming\Mozilla\Firefox\Profiles\4ppbbt4d.default\prefs.js
C:\Users\Schulleitung\AppData\Roaming\Mozilla\Firefox\Profiles\4ppbbt4d.default\user.js ... Deleted !
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=109958");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 13);
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "2831d05a00000000000000ffade9e61a");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15443");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 13);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1718:43:46");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "11.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://google.de");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 72906664);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1718:43:46");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109958");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "2831d05a00000000000000ffade9e61a");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "2831d05a00000000000000ffade9e61a");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15443");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:43:46");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
*************************
AdwCleaner[R1].txt - [6292 octets] - [09/08/2012 19:11:35]
AdwCleaner[S1].txt - [5593 octets] - [10/08/2012 23:59:29]
########## EOF - C:\AdwCleaner[S1].txt - [5721 octets] ##########
|
|
11.08.2012, 17:25
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Verdacht auf Banken Trojaner evtl. Zeus Hätte da mal zwei Fragen bevor es weiter geht
__________________1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ |
|
12.08.2012, 07:47
| #18 |
| | Verdacht auf Banken Trojaner evtl. Zeus Windows funktioniert uneingeschränkt.
__________________Es gibt keine leeren Ordner. Nur beim Öffnen des Internet Explorers meldet Secure Banking einen Malware befall. Firefox scheint clean zu sein. |
|
12.08.2012, 13:36
| #19 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf Banken Trojaner evtl. ZeusZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Verdacht auf Banken Trojaner evtl. Zeus |
| 5 minuten, adobe, antivir, autorun, avg, avira, bho, bonjour, browser, desktop, device driver, document, firefox, flash player, format, free download, ftp, helper, home, igdpmd64.sys, lenovo, logfile, mozilla, mp3, plug-in, realtek, registry, searchscopes, server, temp, trojaner, usb, windows |
Linear-Darstellung
