| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner will 40 TANs bei Postbank-KontoWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.08.2010, 12:00
| #16 |
| /// Malware-holic   |  Trojaner will 40 TANs bei Postbank-Konto sorry es muss heißen folders to delete: |
|
05.08.2010, 16:38
| #17 |
 | Trojaner will 40 TANs bei Postbank-Konto Hallo markusg,
__________________show must go on... ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.0 (build 6002, Service Pack 2) Wed Aug 04 23:36:51 2010 23:36:51: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.0 (build 6002, Service Pack 2) Wed Aug 04 23:38:05 2010 23:38:05: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.0 (build 6002, Service Pack 2) Wed Aug 04 23:38:15 2010 23:38:15: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.0 (build 6002, Service Pack 2) Wed Aug 04 23:39:38 2010 23:39:38: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.0 (build 6002, Service Pack 2) Wed Aug 04 23:42:01 2010 23:42:01: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// Logfile of The Avenger Version 2.0, (c) by Swandog46 hxxp://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: folder "c:\users\***\AppData\Roaming\Yhqed" not found! Deletion of folder "c:\users\***\AppData\Roaming\Yhqed" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. |
|
05.08.2010, 16:45
| #18 |
| /// Malware-holic | Trojaner will 40 TANs bei Postbank-Konto hmm neustart und schau mal mit combofix obs geklappt hatt, log posten bitte
__________________ |
|
05.08.2010, 17:34
| #19 |
| | Trojaner will 40 TANs bei Postbank-Konto Hi markusg, und hier wieder das logfile: Combofix Logfile: Code:
ATTFilter ComboFix 10-08-04.05 - *** 05.08.2010 18:09:53.6.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3325.2121 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\***\AppData\Roaming\Yhqed\ufby.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-05 bis 2010-08-05 ))))))))))))))))))))))))))))))
.
2010-08-05 16:18 . 2010-08-05 16:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-05 16:18 . 2010-08-05 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-05 16:18 . 2010-08-05 16:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-08-03 22:48 . 2010-08-05 16:19 -------- d-----w- c:\users\***\AppData\Local\temp
2010-08-03 13:58 . 2010-08-03 13:58 776870 ----a-w- C:\Qoobox.zip
2010-08-03 13:58 . 2010-08-03 13:58 1334 ----a-w- C:\_OTL.zip
2010-08-03 12:53 . 2010-08-03 12:53 -------- d-----w- C:\_OTL
2010-08-02 20:57 . 2010-08-02 20:57 -------- d-----w- c:\users\***\AppData\Roaming\Yahoo!
2010-08-02 20:57 . 2010-08-02 20:57 -------- d-----w- c:\program files\Yahoo!
2010-08-02 20:57 . 2010-08-03 13:07 -------- d-----w- c:\program files\CCleaner
2010-08-02 19:53 . 2010-08-02 19:54 -------- d-----w- c:\program files\ERUNT
2010-07-23 18:44 . 2010-07-23 18:44 -------- d-----w- c:\program files\iPod
2010-07-23 18:44 . 2010-07-23 18:44 -------- d-----w- c:\program files\iTunes
2010-07-21 22:40 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-07-21 22:40 . 1998-07-06 16:55 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2010-07-21 22:40 . 1998-07-06 16:55 64512 ----a-w- c:\windows\system32\MSCC2DE.DLL
2010-07-21 22:40 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-07-13 20:49 . 2010-07-13 20:49 -------- d--h--w- c:\windows\PIF
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 16:03 . 2010-01-30 15:39 -------- d-----w- c:\users\***\AppData\Roaming\Dropbox
2010-08-03 14:07 . 2009-03-26 00:13 621714 ----a-w- c:\windows\system32\perfh007.dat
2010-08-03 14:07 . 2009-03-26 00:13 123646 ----a-w- c:\windows\system32\perfc007.dat
2010-08-03 13:37 . 2010-06-09 22:02 -------- d-----w- c:\program files\pdfforge Toolbar
2010-08-03 12:47 . 2009-08-24 18:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-23 18:44 . 2009-06-19 16:12 -------- d-----w- c:\program files\Common Files\Apple
2010-07-21 22:40 . 2010-06-09 22:01 -------- d-----w- c:\program files\PDFCreator
2010-07-17 06:13 . 2009-07-08 19:01 -------- d-----w- c:\users\***\AppData\Roaming\Audacity
2010-07-14 13:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-11 21:02 . 2009-09-11 15:10 -------- d-----w- c:\users\***\AppData\Roaming\vlc
2010-07-06 13:36 . 2010-07-06 13:36 -------- d-----w- c:\program files\MSECache
2010-07-02 11:45 . 2009-04-02 14:42 -------- d-----w- c:\program files\Microsoft.NET
2010-06-21 13:01 . 2009-06-19 16:15 -------- d-----w- c:\users\***\AppData\Roaming\Apple Computer
2010-06-20 22:25 . 2010-06-20 22:25 -------- d-----w- c:\program files\Bonjour
2010-06-19 10:05 . 2010-04-16 19:10 -------- d-----w- c:\users\***\AppData\Roaming\AF680FFA80B5C56972D00E662AB39CF0
2010-06-19 08:55 . 2010-06-19 08:55 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-06-19 08:55 . 2010-06-19 08:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 22:02 . 2010-06-09 22:02 -------- d-----w- c:\program files\Application Updater
2010-06-08 21:32 . 2009-09-14 17:12 408456 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-08 21:32 . 2010-06-08 21:32 -------- d-----w- c:\users\Administrator\AppData\Roaming\Apple Computer
2010-06-07 15:48 . 2009-03-25 17:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-28 22:45 . 2009-06-19 16:02 408456 ----a-w- c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-26 17:06 . 2010-06-11 11:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 11:37 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-03-11 14:14 . 2009-03-11 14:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2010-08-03_13.39.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-08-05 16:03 53246 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-06-23 21:17 . 2010-08-05 16:03 14764 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-284029172-3591923393-892959723-1000_UserData.bin
- 2009-06-19 15:55 . 2010-08-03 13:12 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-19 15:55 . 2010-08-05 16:01 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-02 19:51 . 2010-08-05 16:01 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-02 19:51 . 2010-08-03 13:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-19 15:55 . 2010-08-05 16:01 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-19 15:55 . 2010-08-03 13:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-16 12:50 . 2010-08-02 23:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-16 12:50 . 2010-08-04 21:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-16 12:50 . 2010-08-04 21:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-16 12:50 . 2010-08-02 23:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-16 12:50 . 2010-08-04 21:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-16 12:50 . 2010-08-02 23:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-02 15:44 . 2010-08-03 12:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-02 15:44 . 2010-08-05 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-02 15:44 . 2010-08-05 16:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-02 15:44 . 2010-08-03 12:56 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-02 15:44 . 2010-08-03 12:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-02 15:44 . 2010-08-05 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-05 16:01 . 2010-08-05 16:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-03 12:56 . 2010-08-03 12:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-03 12:56 . 2010-08-03 12:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-05 16:01 . 2010-08-05 16:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-13 23:38 . 2010-08-04 21:30 327728 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2006-11-02 13:05 . 2010-08-05 16:03 120954 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2010-08-03 14:07 589884 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-08-03 14:07 101896 c:\windows\System32\perfc009.dat
- 2009-07-19 13:59 . 2010-08-03 12:56 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-19 13:59 . 2010-08-05 16:01 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2006-11-02 10:22 . 2010-08-03 12:46 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2010-08-03 15:19 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-08-03 11:37 . 2010-07-26 18:04 11587072 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.22454_none_6e6736812864c2a8\shell32.dll
+ 2010-08-03 11:37 . 2010-07-26 15:51 11584512 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18287_none_6dc028ea0f5cc58f\shell32.dll
+ 2010-08-03 11:38 . 2010-07-26 16:56 11586560 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22735_none_6c9764bb2b2d4ef9\shell32.dll
+ 2010-08-03 11:37 . 2010-07-26 16:55 11581440 c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18505_none_6c2e35ce11f75e35\shell32.dll
+ 2010-08-03 11:37 . 2010-07-26 15:51 11584512 c:\windows\System32\shell32.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-19 39408]
"pdfSaver3"="c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"{12877358-7964-0725-C41E-A74282570AA2}"="c:\users\***\AppData\Roaming\Yhqed\ufby.exe" [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-03-30 75048]
"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"Dell MFP Color Laser Printer 3115cn Launcher"="c:\program files\DELL\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe" [2007-05-09 639896]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\Dell Printers\paperport\pptd40nt.exe" [2008-04-02 29984]
"IndexSearch"="c:\program files\Dell Printers\paperport\IndexSearch.exe" [2008-04-02 46368]
"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2007-07-25 393944]
"MMReminderService"="c:\program files\Mindjet\MindManager 6\MMReminderService.exe" [2005-11-18 28672]
"TrayServer"="c:\progra~1\MAGIX\VIDEO_~1\TrayServer.exe" [2008-08-07 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-07 974848]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-26 113664]
CAPIControl.lnk - c:\windows\Installer\{0B2FF6D9-359D-4481-8A0D-43A674B665C9}\Ta33usb.exe [2010-4-16 2238]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
REM [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 13:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)]
2010-04-29 10:19 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):2d,c0,db,bc,66,37,ca,01
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-02-03 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100804.001\IDSvix86.sys [2010-05-28 344112]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/22 16:10];c:\program files\HomeCinema\PowerDVD9\000.fcl [2009-03-30 15:53 87536]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 CAPI20;Eumex 504PC USB; [x]
S2 DETEWECP;DeTeWe CapiPort;c:\windows\System32\drivers\detewecp.sys [2001-09-18 38480]
S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 140184]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-05-06 1220608]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2009-08-22 48688]
S3 ulisa;DeTeWe ISDN-Adapter (USB);c:\windows\system32\Drivers\ulisa.sys [2004-05-14 122716]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-27 20:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
2010-08-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-19 15:59]
2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 16:44]
2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 16:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.zirkus-paletti.de/aktuell.php
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0uha01la.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.zirkus-paletti.de/aktuell.php|hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-05 18:19
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2010-08-05 18:23:38
ComboFix-quarantined-files.txt 2010-08-05 16:23
ComboFix2.txt 2010-08-04 16:13
ComboFix3.txt 2010-08-03 22:48
ComboFix4.txt 2010-08-03 18:44
ComboFix5.txt 2010-08-05 16:06
Vor Suchlauf: 20 Verzeichnis(se), 712.375.320.576 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 712.378.765.312 Bytes frei
- - End Of File - - C997A633B66511662695F04C73E5B5E2
|
|
05.08.2010, 17:41
| #20 |
| /// Malware-holic | Trojaner will 40 TANs bei Postbank-Konto also ich würd eh wir noch lange hier rum basteln formatieren. danach alle passwörter endern, folgendes umsetzen. http://www.trojaner-board.de/74052-s...-internet.html dep für alle prozesse: Datenausführungsverhinderung (DEP) • "Datenausführungsverhinderung für alle Programme und Dienste mit Ausnahme der ausgewählten einschalten:". wenn es zu problemen kommen sollte, kann man die betroffenen prozesse aus der Überwachung entfernen. SEHOP aktivieren: Aktivieren von SEHOP (Structured Exception Handling Overwrite Protection) in Windows-Betriebssystemen automatisch aktivieren lassen kannst dus. um deine software aktuell zu halten, nutze secunia. dep für alle prozesse: Datenausführungsverhinderung (DEP) • "Datenausführungsverhinderung für alle Programme und Dienste mit Ausnahme der ausgewählten einschalten:". wenn es zu problemen kommen sollte, kann man die betroffenen prozesse aus der Überwachung entfernen. SEHOP aktivieren: Aktivieren von SEHOP (Structured Exception Handling Overwrite Protection) in Windows-Betriebssystemen um das surfen sicherer zu machen, würde ich Sandboxie empfehlen. Download: drop.io (als pdf) es ist weiterhin zu empfehlen, sich, wenn du mit dem programm auskommst, ne lizenz zu besorgen, die kostet 25 € und ist dein ganzes leben lang gültig, du kannst die weiterhin auf allen pcs in deinem haushalt einsetzen. |
|
05.08.2010, 17:54
| #21 |
| | Trojaner will 40 TANs bei Postbank-Konto ok, alles klar. Vielen Dank für Deine Zeit und Mühe!!! Schöne Grüße tschongleur |
|
05.08.2010, 18:13
| #22 |
| /// Malware-holic | Trojaner will 40 TANs bei Postbank-Konto ok wenn noch fragen sind, melden, wenn du die tipps alle einhältst dann sollten wir uns eigendlich nie wieder sehen :d zu mindest nicht im bereich entfernung von trojanern. |
|
| Themen zu Trojaner will 40 TANs bei Postbank-Konto |
| 0 bytes, 40 tan, 40 tans, 7-zip, adobe, alternate, bho, bonjour, cdburnerxp, components, corp./icp, defender, dropbox, e-banking, error, excel.exe, firefox, firefox.exe, flash player, fontcache, format, google, helper, home, home premium, iastor.sys, iexplore.exe, install.exe, intrusion prevention, ip-adresse, kunde, location, logfile, microsoft office word, monitor, nt.exe, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, otl.exe, otl.txt, pdfforge toolbar, picasa, plug-in, problem, programdata, realtek, registry, rundll, safer networking, searchplugins, security, security tools, security update, senden, shell32.dll, software, spigot, staropen, start menu, svchost.exe, symantec, tan's, tracker, trojaner, vista, vlc media player |
Linear-Darstellung
