Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Antivir meldet Fund TR/spy.banker.gen

Antivir meldet Fund TR/spy.banker.gen


Log-Analyse und Auswertung: Antivir meldet Fund TR/spy.banker.gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 13.07.2013, 11:25   #1
cinea
 
Antivir meldet Fund TR/spy.banker.gen - Standard

Antivir meldet Fund TR/spy.banker.gen


Hallo,
ich hatte mein Laptop an einen Freund ausgeliehen und nach der Rückgabe - zugegeben seit längerer Zeit - einen Scan mit Antivir durchgeführt. Antivir hat mir 3 Funde gemeldet. TR/spy.banker.gen, TR/spy.banker.gen2 und TR/spy.banker.gen5. Ich habe diese dann wie üblich in Quarantäne verschieben lassen. Habe dann aber doch nochmal gegoogelt und gefunden, dass dies durchaus bösartig sein könnte. Von einem anderen Rechner habe ich vorsichtshalber schonmal meine Passwörter verändert. Antivir findet nun nichts mehr, aber ich bin doch unsicher, ob mein Rechner "sauber" ist.
Ich habe jetzt einen Scan mit FRST durchgeführt und möchte hier nun die Ausgabe posten. Über Rückmeldung und Hilfe freue ich mich sehr.
Viele Grüße,
Cinea

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2013
Ran by SYSTEM on 13-07-2013 12:03:29
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelliPoint] - "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2327952 2010-07-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Boingo Wi-Fi] - "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2429 2010-08-13] ()
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [527312 2011-12-15] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\***\AppData\Roaming\Windows Net Data\net.exe (Windows Net)

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
S2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-07] ()
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-30] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-08] (Avira Operations GmbH & Co. KG)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-30] (AVG Technologies)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-08] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-08] (Avira Operations GmbH & Co. KG)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-07-17] ()
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
S3 tmlwf; 
S3 tmwfp; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-13 12:03 - 2013-07-13 12:03 - 00000000 ____D C:\FRST
2013-07-13 00:42 - 2013-07-13 00:42 - 00039232 _____ C:\Windows\PFRO.log
2013-07-12 12:51 - 2013-07-12 13:19 - 00000000 ____D C:\Users\***\Doctor Web
2013-07-12 12:31 - 2013-07-12 12:43 - 00002260 _____ C:\Windows\logboot_12.07.2013.tureg.log
2013-07-12 12:16 - 2013-07-12 12:24 - 124491656 _____ C:\Users\***\Desktop\mjcimtoo.exe
2013-07-12 12:03 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 12:03 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 12:03 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 12:03 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 12:03 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 12:03 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 12:03 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 12:03 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 12:03 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 12:03 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 12:03 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 12:03 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 12:03 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-12 12:03 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-12 12:03 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-12 12:03 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-12 12:03 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-12 12:03 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-12 12:03 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-12 12:03 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-12 12:03 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-12 12:03 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-12 12:03 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-12 12:03 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-12 12:03 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-12 12:03 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-12 12:03 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 12:03 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-12 12:03 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-12 12:03 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 12:02 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 12:01 - 2013-07-12 12:01 - 00000000 ____D C:\Users\***\AppData\Local\Google
2013-07-12 12:00 - 2013-07-12 12:01 - 00000000 ____D C:\Users\***\AppData\Roaming\Windows Net Data
2013-07-12 12:00 - 2013-07-12 12:00 - 00000000 ____D C:\Program Files (x86)\LevenfusProducts
2013-07-12 12:00 - 2008-04-03 05:20 - 00132880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.ocx
2013-07-12 12:00 - 2005-12-11 07:35 - 00102400 _____ (OstroSoft) C:\Windows\SysWOW64\oswinsck.dll
2013-07-12 12:00 - 2005-12-02 09:46 - 00532480 _____ C:\Windows\SysWOW64\CoolXPMenu.ocx
2013-07-12 12:00 - 2005-11-27 12:08 - 00372736 _____ C:\Windows\SysWOW64\CoolXPCheck.ocx
2013-07-12 12:00 - 2005-11-27 12:07 - 01138688 _____ C:\Windows\SysWOW64\CoolXPList.ocx
2013-07-12 12:00 - 2005-11-27 12:07 - 00507904 _____ C:\Windows\SysWOW64\CoolXPPicture.ocx
2013-07-12 12:00 - 2005-11-27 12:07 - 00491520 _____ C:\Windows\SysWOW64\CoolXPButton.ocx
2013-07-12 12:00 - 2005-11-27 12:07 - 00405504 _____ C:\Windows\SysWOW64\CoolXPSlider.ocx
2013-07-12 12:00 - 2005-11-27 12:07 - 00385024 _____ C:\Windows\SysWOW64\CoolXPOption.ocx
2013-07-12 12:00 - 2005-11-27 12:07 - 00303104 _____ C:\Windows\SysWOW64\CoolXPProgress.ocx
2013-07-12 12:00 - 2005-11-27 12:07 - 00237568 _____ C:\Windows\SysWOW64\CoolXPText.ocx
2013-07-12 12:00 - 2005-11-17 09:08 - 00114688 _____ (AvroSoft) C:\Windows\SysWOW64\scanmetendertray.ocx
2013-07-12 12:00 - 2001-06-09 23:32 - 00045056 _____ (OstroSoft) C:\Windows\SysWOW64\whois.ocx
2013-07-12 12:00 - 1998-06-23 14:00 - 00209192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TABCTL32.OCX
2013-07-12 11:59 - 2013-07-12 11:59 - 00000000 ____D C:\Users\***\ChromeExtensions
2013-07-12 11:59 - 2013-07-12 11:59 - 00000000 ____D C:\Users\***\AppData\Local\Temp86864fba51d619f1681bb6bfb8a021c3
2013-07-12 11:59 - 2013-07-12 11:59 - 00000000 ____D C:\Users\***\AppData\Local\Temp77465fc55969e6967b70a0e0e8a86ccd
2013-07-12 11:59 - 2013-07-12 11:59 - 00000000 ____D C:\Users\***\AppData\Local\Temp2a39c99e0036f46aeaaa493232845e60
2013-07-12 11:58 - 2013-07-12 11:58 - 00577280 _____ C:\Users\***\Downloads\Scanmetender-Standard-Setup.exe
2013-07-12 10:45 - 2013-07-12 10:45 - 00652800 _____ C:\Users\***\Downloads\MicrosoftFixit50362.msi
2013-07-12 08:16 - 2013-07-13 00:43 - 00000112 _____ C:\Windows\setupact.log
2013-07-12 08:16 - 2013-07-12 08:16 - 00000000 _____ C:\Windows\setuperr.log
2013-07-12 04:22 - 2013-07-13 00:49 - 00003170 _____ C:\Windows\System32\Tasks\P4GIntlCtrl
2013-07-11 12:17 - 2013-07-11 12:17 - 00000000 ____D C:\Users\***\AppData\Roaming\PDAppFlex
2013-07-11 12:16 - 2013-07-11 12:16 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-11 12:15 - 2013-07-11 12:15 - 00000000 ____D C:\Users\***\AppData\Roaming\Babylon
2013-07-11 12:15 - 2013-07-11 12:15 - 00000000 ____D C:\ProgramData\Babylon
2013-07-11 12:14 - 2013-07-11 12:14 - 01303209 _____ C:\Users\***\Downloads\adobe-acrobat-xi-pro-11-full-keygen.exe
2013-07-11 03:18 - 2013-07-11 03:18 - 00000000 ____D C:\Users\***\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2013-07-10 12:30 - 2013-07-10 13:15 - 00000000 ____D C:\Users\***\Downloads\Adobe Acrobat XI Pro
2013-07-10 12:26 - 2013-07-10 12:26 - 00000000 ____D C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-07-10 12:23 - 2013-07-10 12:23 - 02469824 _____ C:\Users\***\Downloads\AdobeDownloadAssistant.exe
2013-07-10 11:28 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 11:28 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-10 11:28 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 11:28 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-10 11:28 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 11:27 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 11:27 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-08 23:08 - 2013-07-08 23:08 - 01374418 _____ C:\Users\***\Documents\.RData
2013-07-03 11:26 - 2013-07-03 11:27 - 00000000 ____D C:\Users\***\AppData\Local\calibre-cache
2013-07-03 11:14 - 2013-07-04 22:46 - 00000000 ____D C:\Users\***\Documents\Calibre Bibliothek
2013-07-03 11:14 - 2013-07-03 12:50 - 00000000 ____D C:\Users\***\AppData\Roaming\calibre
2013-07-03 11:14 - 2013-07-03 11:14 - 00000962 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-07-03 11:14 - 2013-07-03 11:14 - 00000000 ____D C:\Program Files (x86)\Calibre2
2013-07-03 11:05 - 2013-07-03 11:11 - 52086272 _____ C:\Users\***\Downloads\calibre-0.9.37.msi
2013-06-26 23:24 - 2013-07-12 06:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 12:30 - 2013-06-25 12:30 - 00460132 _____ C:\Users\***\Downloads\ContentServer.aspx
2013-06-25 12:14 - 2013-07-12 06:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-19 02:40 - 2013-06-19 02:41 - 00000000 ____D C:\Windows\rescache
2013-06-19 01:42 - 2013-06-19 01:43 - 12353298 _____ C:\Users\***\Downloads\Faktencheck Gesundheit mit Eckart von Hirschhausen_ Weniger ist mehr.mp4
2013-06-13 07:23 - 2013-05-09 21:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 07:23 - 2013-05-09 19:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-13 07:23 - 2013-05-07 22:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 07:23 - 2013-04-25 21:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 07:23 - 2013-04-25 20:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-13 07:23 - 2013-04-16 23:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-13 07:23 - 2013-04-16 22:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-13 07:22 - 2013-05-12 21:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 07:22 - 2013-05-12 21:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 07:22 - 2013-05-12 21:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 07:22 - 2013-05-12 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 07:22 - 2013-05-12 20:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 07:22 - 2013-05-12 20:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-13 07:22 - 2013-05-12 20:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 07:22 - 2013-05-12 19:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 07:22 - 2013-05-12 19:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 07:22 - 2013-05-12 19:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-13 07:22 - 2013-04-25 15:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-13 07:22 - 2013-03-31 14:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-13 12:03 - 2013-07-13 12:03 - 00000000 ____D C:\FRST
2013-07-13 01:46 - 2010-08-13 11:37 - 02029231 _____ C:\Windows\WindowsUpdate.log
2013-07-13 01:37 - 2012-04-23 22:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-13 00:52 - 2009-07-13 20:45 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-13 00:52 - 2009-07-13 20:45 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 00:50 - 2013-01-29 04:03 - 00000000 ___RD C:\Users\***\Dropbox
2013-07-13 00:50 - 2013-01-29 03:49 - 00000000 ____D C:\Users\***\AppData\Roaming\Dropbox
2013-07-13 00:49 - 2013-07-12 04:22 - 00003170 _____ C:\Windows\System32\Tasks\P4GIntlCtrl
2013-07-13 00:49 - 2010-11-06 02:35 - 00067280 _____ C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-13 00:44 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-13 00:43 - 2013-07-12 08:16 - 00000112 _____ C:\Windows\setupact.log
2013-07-13 00:42 - 2013-07-13 00:42 - 00039232 _____ C:\Windows\PFRO.log
2013-07-12 13:19 - 2013-07-12 12:51 - 00000000 ____D C:\Users\***\Doctor Web
2013-07-12 12:51 - 2010-11-06 02:35 - 00000000 ____D C:\users\***
2013-07-12 12:46 - 2010-08-13 12:20 - 00002692 _____ C:\Windows\System32\AutoRunFilter.ini
2013-07-12 12:46 - 2009-07-28 22:03 - 00000000 ____D C:\Windows\Panther
2013-07-12 12:45 - 2009-07-13 20:45 - 00313096 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-12 12:43 - 2013-07-12 12:31 - 00002260 _____ C:\Windows\logboot_12.07.2013.tureg.log
2013-07-12 12:43 - 2009-07-13 18:34 - 82837504 _____ C:\Windows\System32\config\SOFTWARE_tureg_old
2013-07-12 12:43 - 2009-07-13 18:34 - 22020096 _____ C:\Windows\System32\config\SYSTEM_tureg_old
2013-07-12 12:43 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\System32\config\SECURITY_tureg_old
2013-07-12 12:31 - 2009-07-13 18:34 - 00524288 _____ C:\Windows\System32\config\DEFAULT_tureg_old
2013-07-12 12:31 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\System32\config\SAM_tureg_old
2013-07-12 12:30 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 12:30 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 12:30 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 12:25 - 2009-08-04 01:51 - 00654400 _____ C:\Windows\System32\perfh007.dat
2013-07-12 12:25 - 2009-08-04 01:51 - 00130240 _____ C:\Windows\System32\perfc007.dat
2013-07-12 12:25 - 2009-07-13 21:13 - 01520734 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-12 12:24 - 2013-07-12 12:16 - 124491656 _____ C:\Users\***\Desktop\mjcimtoo.exe
2013-07-12 12:08 - 2012-05-23 01:20 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-12 12:07 - 2010-11-06 12:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 12:01 - 2013-07-12 12:01 - 00000000 ____D C:\Users\***\AppData\Local\Google
2013-07-12 12:01 - 2013-07-12 12:00 - 00000000 ____D C:\Users\***\AppData\Roaming\Windows Net Data
2013-07-12 12:00 - 2013-07-12 12:00 - 00000000 ____D C:\Program Files (x86)\LevenfusProducts
2013-07-12 11:59 - 2013-07-12 11:59 - 00000000 ____D C:\Users\***\ChromeExtensions
2013-07-12 11:59 - 2013-07-12 11:59 - 00000000 ____D C:\Users\***\AppData\Local\Temp86864fba51d619f1681bb6bfb8a021c3
2013-07-12 11:59 - 2013-07-12 11:59 - 00000000 ____D C:\Users\***\AppData\Local\Temp77465fc55969e6967b70a0e0e8a86ccd
2013-07-12 11:59 - 2013-07-12 11:59 - 00000000 ____D C:\Users\***\AppData\Local\Temp2a39c99e0036f46aeaaa493232845e60
2013-07-12 11:58 - 2013-07-12 11:58 - 00577280 _____ C:\Users\***\Downloads\Scanmetender-Standard-Setup.exe
2013-07-12 11:37 - 2012-05-14 01:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 11:37 - 2012-05-14 01:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 10:46 - 2010-11-06 02:45 - 00003106 _____ C:\Windows\System32\Tasks\P4G Sidebar
2013-07-12 10:45 - 2013-07-12 10:45 - 00652800 _____ C:\Users\***\Downloads\MicrosoftFixit50362.msi
2013-07-12 08:16 - 2013-07-12 08:16 - 00000000 _____ C:\Windows\setuperr.log
2013-07-12 06:30 - 2010-08-13 11:59 - 00000000 ____D C:\Program Files (x86)\ASUS
2013-07-12 06:29 - 2013-06-26 23:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-12 06:29 - 2013-06-25 12:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-12 04:59 - 2012-12-14 03:43 - 00000000 ____D C:\Program Files (x86)\OnlineFotoservice
2013-07-12 04:49 - 2010-08-13 11:57 - 00000000 ____D C:\ProgramData\Adobe
2013-07-12 04:49 - 2010-08-13 11:57 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-11 12:17 - 2013-07-11 12:17 - 00000000 ____D C:\Users\***\AppData\Roaming\PDAppFlex
2013-07-11 12:17 - 2010-11-06 12:05 - 00000000 ____D C:\Users\***\AppData\Local\Adobe
2013-07-11 12:16 - 2013-07-11 12:16 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-11 12:15 - 2013-07-11 12:15 - 00000000 ____D C:\Users\***\AppData\Roaming\Babylon
2013-07-11 12:15 - 2013-07-11 12:15 - 00000000 ____D C:\ProgramData\Babylon
2013-07-11 12:14 - 2013-07-11 12:14 - 01303209 _____ C:\Users\***\Downloads\adobe-acrobat-xi-pro-11-full-keygen.exe
2013-07-11 03:18 - 2013-07-11 03:18 - 00000000 ____D C:\Users\***\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2013-07-11 03:11 - 2011-06-24 11:33 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-10 13:15 - 2013-07-10 12:30 - 00000000 ____D C:\Users\***\Downloads\Adobe Acrobat XI Pro
2013-07-10 12:26 - 2013-07-10 12:26 - 00000000 ____D C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-07-10 12:23 - 2013-07-10 12:23 - 02469824 _____ C:\Users\***\Downloads\AdobeDownloadAssistant.exe
2013-07-10 10:59 - 2011-10-14 10:44 - 00000000 ____D C:\Users\***\Documents\Mein Steuer-Sparbuch Heute
2013-07-08 23:08 - 2013-07-08 23:08 - 01374418 _____ C:\Users\***\Documents\.RData
2013-07-08 11:48 - 2011-10-14 08:45 - 00001188 _____ C:\Users\***\AppData\Local\crc32list11.txt
2013-07-04 22:46 - 2013-07-03 11:14 - 00000000 ____D C:\Users\***\Documents\Calibre Bibliothek
2013-07-03 23:19 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-07-03 12:50 - 2013-07-03 11:14 - 00000000 ____D C:\Users\***\AppData\Roaming\calibre
2013-07-03 11:27 - 2013-07-03 11:26 - 00000000 ____D C:\Users\***\AppData\Local\calibre-cache
2013-07-03 11:14 - 2013-07-03 11:14 - 00000962 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-07-03 11:14 - 2013-07-03 11:14 - 00000000 ____D C:\Program Files (x86)\Calibre2
2013-07-03 11:11 - 2013-07-03 11:05 - 52086272 _____ C:\Users\***\Downloads\calibre-0.9.37.msi
2013-07-02 00:40 - 2013-05-07 04:18 - 00000000 ____D C:\Users\***\Documents\Psychosomatik
2013-07-01 23:14 - 2010-11-06 12:46 - 00000000 ____D C:\Users\***\AppData\Local\Microsoft Help
2013-06-30 08:45 - 2012-04-25 10:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-30 08:45 - 2010-08-13 12:20 - 00001815 _____ C:\Windows\System32\ServiceFilter.ini
2013-06-30 05:35 - 2012-09-30 01:25 - 00000000 ____D C:\Users\***\AppData\Local\AVG Secure Search
2013-06-30 05:29 - 2013-05-21 09:58 - 00003718 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-06-30 05:27 - 2012-09-30 01:25 - 00045856 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-06-30 05:27 - 2012-09-30 01:25 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-06-30 05:27 - 2012-09-30 01:25 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-06-27 05:56 - 2013-05-07 11:51 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-25 12:30 - 2013-06-25 12:30 - 00460132 _____ C:\Users\***\Downloads\ContentServer.aspx
2013-06-19 02:41 - 2013-06-19 02:40 - 00000000 ____D C:\Windows\rescache
2013-06-19 01:43 - 2013-06-19 01:42 - 12353298 _____ C:\Users\***\Downloads\Faktencheck Gesundheit mit Eckart von Hirschhausen_ Weniger ist mehr.mp4
2013-06-19 01:11 - 2011-02-23 23:54 - 00000000 ____D C:\Users\***\Documents\Reviews
2013-06-13 10:20 - 2012-04-23 22:55 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-13 10:20 - 2012-04-23 22:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-13 10:20 - 2012-04-23 22:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-12 10:46:44
Restore point made on: 2013-07-12 11:01:15
Restore point made on: 2013-07-12 11:04:16
Restore point made on: 2013-07-12 11:35:12
Restore point made on: 2013-07-12 11:46:59
Restore point made on: 2013-07-12 12:14:29

==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 4061.02 MB
Available physical RAM: 3475.37 MB
Total Pagefile: 4059.17 MB
Available Pagefile: 3469.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:8.33 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:204.03 GB) (Free:176.61 GB) NTFS (Disk=0 Partition=3)
Drive f: () (Removable) (Total:3.75 GB) (Free:2.26 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=20 GB) - (Type=1C)
Partition 2: (Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=204 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 0AFDB603)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-07-02 23:08

==================== End Of Log ============================

 

Themen zu Antivir meldet Fund TR/spy.banker.gen
adobe flash player, antivir, association, asus, avg, avg secure search, avira, desktop, explorer, explorer.exe, farbar, farbar recovery scan tool, flash player, frst.txt, home, hotkey, log, microsoft, mozilla, opera, registry, scan, secure, secure search, security, services.exe, software, svchost.exe, system, temp, tr/spy.banker.gen, trojaner, viren, vtoolbarupdater, winlogon.exe


« PC wird immer langsamer firefox öffnet ständig neue Fenster | weißer Bildschirm nach Bundestrojanerbefall »


Ähnliche Themen: Antivir meldet Fund TR/spy.banker.gen


  1. Avira AntiVir meldet Speicherveränderung, jedoch keinen Fund eines Schädlings
    Log-Analyse und Auswertung - 08.04.2013 (13)
  2. Antivir meldet Fund: TR/Jorik.Sefbov.aq
    Log-Analyse und Auswertung - 26.08.2012 (17)
  3. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  4. Antivir meldet Fund : TR/Spy.Zbot.edsd
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (31)
  5. AntiVir meldet Fund: EXP/MS-0513.A
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (5)
  6. Antivir meldet ständig wiederholten Fund von TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)
  7. AntiVir meldet immer wieder den Fund von TR/Sirefef.BP.1
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (9)
  8. ANtivir meldet Fund - Rechner langsam
    Plagegeister aller Art und deren Bekämpfung - 17.10.2011 (0)
  9. Antivir meldet Fund: DR/Fakepic.Gen
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  10. Antivir meldet Fund: TR/Jorik.SpyEyes.tl
    Plagegeister aller Art und deren Bekämpfung - 23.07.2011 (16)
  11. Antivir meldet Fund: Trojanische Pferd TR/Crypt.XPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 04.12.2010 (8)
  12. Antivir meldet folgenden Fund: TR/PSW.Tibia.gmh!
    Log-Analyse und Auswertung - 13.08.2010 (16)
  13. AntiVir meldet stündlich Fund: 'TR/Drop.StartPage.F' [trojan]
    Plagegeister aller Art und deren Bekämpfung - 29.06.2009 (5)
  14. AntiVir meldet TR/Spy.Banker.vk.1
    Plagegeister aller Art und deren Bekämpfung - 22.03.2008 (7)
  15. AntiVir meldet den Fund von inject.aed
    Log-Analyse und Auswertung - 22.03.2008 (2)
  16. AntiVir meldet Fund "TR/Agent.40448"
    Plagegeister aller Art und deren Bekämpfung - 18.04.2007 (9)
  17. AntiVir meldet Zlob und DR/Agent Fund
    Log-Analyse und Auswertung - 17.02.2007 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Antivir meldet Fund TR/spy.banker.gen - Hallo, ich hatte mein Laptop an einen Freund ausgeliehen und nach der Rückgabe - zugegeben seit längerer Zeit - einen Scan mit Antivir durchgeführt. Antivir hat mir 3 Funde gemeldet. - Antivir meldet Fund TR/spy.banker.gen...
Archiv
Du betrachtest: Antivir meldet Fund TR/spy.banker.gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131