| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: png777fh.dll' enthielt TR/Spy.585728.35[trojan]Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
10.08.2010, 16:06
| #1 |
| /// Malware-holic   | ![png777fh.dll' enthielt TR/Spy.585728.35[trojan] - Standard](images/icons/icon1.gif){kind=icon} png777fh.dll' enthielt TR/Spy.585728.35[trojan] start programme zubehör, editor, kopiere rein: Killall:: File:: C:\Windows\System32\png777fh.dll datei speichern unter, dateityp alle dateien, name cfscript.txt speicherort, dort wo sich combofix.exe befindet, ziehe cfscript auf combofix, programm startet, log posten. |
|
11.08.2010, 09:06
| #2 |
 | png777fh.dll' enthielt TR/Spy.585728.35[trojan] Also das habe ich alles gemacht. Dann hat Combofix den Rechner heruntergefahren. Beim Neustart habe ich mich als User angemeldet. Da kamen dann viele Aufforderungen nach Administratorrechten. Nach der 20. Aufforderung habe ich abgelehnt und dann hat combofix die Sache abgebrochen. Die Trojaner-Meldung ist in alter Schönheit da.
__________________Soll ich nochmal das gleiche machen und mich dann als Admin anmelden? Grüße Julius |
|
12.08.2010, 09:02
| #3 |
| | png777fh.dll' enthielt TR/Spy.585728.35[trojan] okay, habs nochmal als Admin nach dem Neustart gemacht. Hat soweit alles geklappt. Aber Antivir meldet immer noch den Trojaner.
__________________Code:
ATTFilter ComboFix 10-08-11.04 - yyyyyyy 12.08.2010 9:28.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1981 [GMT 2:00]
ausgeführt von:: c:\users\........\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\........\Downloads\cfscript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\System32\png777fh.dll"
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-12 bis 2010-08-12 ))))))))))))))))))))))))))))))
.
2010-08-12 07:35 . 2010-08-12 07:37 -------- d-----w- c:\users\yyyyyyy\AppData\Local\temp
2010-08-12 07:35 . 2010-08-12 07:35 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-08-12 07:35 . 2010-08-12 07:35 -------- d-----w- c:\users\TEMP.diavolo\AppData\Local\temp
2010-08-12 07:35 . 2010-08-12 07:35 -------- d-----w- c:\users\TEMP.diavolo.001\AppData\Local\temp
2010-08-12 07:35 . 2010-08-12 07:35 -------- d-----w- c:\users\TEMP.diavolo.000\AppData\Local\temp
2010-08-12 07:35 . 2010-08-12 07:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-12 07:35 . 2010-08-12 07:35 -------- d-----w- c:\users\........\AppData\Local\temp
2010-08-12 07:35 . 2010-08-12 07:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-11 11:34 . 2010-08-11 11:34 -------- d-----w- c:\users\........\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-08-11 08:59 . 2010-08-11 08:59 -------- d-----w- c:\users\........\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-08-11 08:59 . 2010-08-11 08:59 -------- d-----w- c:\users\........\AppData\Roaming\Adobe Mini Bridge CS5
2010-08-09 14:31 . 2010-08-09 14:31 -------- d-----w- c:\users\yyyyyyy\AppData\Roaming\Malwarebytes
2010-08-07 11:04 . 2010-08-07 11:04 -------- d-----w- c:\programdata\F-Secure
2010-08-06 16:03 . 2010-08-06 16:03 -------- d-----w- c:\users\yyyyyyy\AppData\Roaming\Avira
2010-08-06 15:46 . 2010-08-06 15:46 -------- d-----w- c:\program files\Trend Micro
2010-08-06 15:44 . 2010-08-06 15:44 -------- d-----w- c:\users\........\AppData\Roaming\Malwarebytes
2010-08-06 14:13 . 2010-08-06 14:13 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-06 11:50 . 2010-08-06 11:50 -------- d-----w- c:\users\........\Neuer Ordner
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 07:38 . 2010-03-14 07:19 52789 ----a-w- c:\programdata\nvModes.dat
2010-08-12 07:36 . 2010-02-16 16:26 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-11 13:08 . 2006-11-02 15:33 633360 ----a-w- c:\windows\system32\perfh007.dat
2010-08-11 13:08 . 2006-11-02 15:33 127170 ----a-w- c:\windows\system32\perfc007.dat
2010-08-11 11:35 . 2009-11-04 12:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-09 16:29 . 2010-04-26 06:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-09 11:51 . 2007-09-28 12:04 -------- d-----w- c:\program files\Java
2010-08-09 07:12 . 2010-05-07 09:14 -------- d-----w- c:\program files\CCleaner
2010-08-06 16:02 . 2007-09-14 17:25 159296 ----a-w- c:\users\yyyyyyy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-06 15:54 . 2010-06-24 10:26 -------- d-----w- c:\program files\pdfforge Toolbar
2010-08-06 14:20 . 2007-09-16 08:56 159296 ----a-w- c:\users\........\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-06 13:53 . 2007-05-30 12:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-03 16:20 . 2007-12-27 08:57 -------- d-----w- c:\users\........\AppData\Roaming\LPC
2010-08-02 07:16 . 2008-12-22 11:45 -------- d-----w- c:\program files\OpenOffice.org 3
2010-07-17 03:00 . 2010-05-21 06:35 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-01 14:48 . 2007-12-21 14:00 -------- d-----w- c:\program files\Opera
2010-06-24 10:53 . 2010-01-21 08:20 -------- d-----w- c:\program files\PDFCreator
2010-06-24 10:26 . 2010-06-24 10:26 -------- d-----w- c:\program files\Application Updater
2010-06-16 09:12 . 2010-06-16 09:10 -------- d-----w- c:\program files\ElsterFormular
2010-06-16 09:11 . 2010-06-16 09:11 -------- d-----w- c:\programdata\elsterformular
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-26 17:06 . 2010-06-09 16:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 16:26 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-03 08:33 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 08:37 . 2010-05-21 08:37 716800 ----a-w- c:\windows\system32\lxter20VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 69632 ----a-w- c:\windows\system32\PXTTool80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 557056 ----a-w- c:\windows\system32\zvkonline80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 4661248 ----a-w- c:\windows\system32\LxXtreme70VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 27648 ----a-w- c:\windows\system32\LXTPSW20VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 1347584 ----a-w- c:\windows\system32\LXTool80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 110592 ----a-w- c:\windows\system32\LxUISettings20Native.dll
2010-05-21 08:37 . 2010-05-21 08:37 323584 ----a-w- c:\windows\system32\LxImport80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 299008 ----a-w- c:\windows\system32\LXBtr80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 225280 ----a-w- c:\windows\system32\LxBasics80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 192512 ----a-w- c:\windows\system32\LXDasi80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 135168 ----a-w- c:\windows\system32\LxMail30VC8.dll
2010-05-16 14:28 . 2008-08-06 11:09 20 ---h--w- c:\programdata\PKP_DLdw.DAT
2010-05-16 13:18 . 2010-05-16 13:18 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2010-05-16 13:17 . 2003-03-18 19:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01FotoBank]
@="{489d8d66-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d66-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02FotoBank]
@="{489d8d67-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d67-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03FotoBank]
@="{489d8d68-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d68-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04FotoBank]
@="{489d8d6A-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6A-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\05FotoBank]
@="{489d8d6B-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6B-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\06FotoBank]
@="{489d8d6C-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6C-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\07FotoBank]
@="{489d8d6D-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6D-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\08FotoBank]
@="{489d8d6E-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6E-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-25 68856]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680]
"HybridTM_A"="c:\program files\HybridTM_IR(A)\RC620_A.exe" [2006-05-30 118784]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"freenetMail Dateimanager Taskleistensymbol"="c:\program files\freenetMail Dateimanager\DBDDsktDrvTrayApp.exe" [2005-08-16 142336]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"Skytel"="Skytel.exe" [2007-03-16 1822720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
c:\users\yyyyyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-11 110592]
c:\users\........\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Gigabank.lnk - c:\program files\FAST Gigabank\Gigabank.exe [2008-6-4 1666648]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-11 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):fc,c5,54,84,b9,ed,ca,01
R3 ECS_Loader_220;Digital TV Receiver Firmware Loader 5.10.31.0;c:\windows\system32\Drivers\ECS_Loader_220.sys [2005-10-31 15616]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-18 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2007-06-04 467456]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2007-06-04 15488]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - hide3tp9
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
2010-05-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-25 18:39]
2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 14:45]
2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 14:45]
2010-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-732255811-3183488341-2812780789-1001Core.job
- c:\users\........\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 15:50]
2010-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-732255811-3183488341-2812780789-1001UA.job
- c:\users\........\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 15:50]
2010-08-11 c:\windows\Tasks\User_Feed_Synchronization-{31D36847-25B7-4967-9ACD-59A7E1914681}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]
2010-08-12 c:\windows\Tasks\User_Feed_Synchronization-{C23C680E-AFD6-499B-8D62-7D4BDAABD7B3}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\yyyyyyy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\yyyyyyy\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-12 09:38
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(256)
c:\program files\FAST Gigabank\FotoBanker.dll
c:\program files\FAST Gigabank\Ltkrn15u.dll
c:\program files\FAST Gigabank\Ltfil15u.dll
c:\program files\FAST Gigabank\Ltdis15u.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-12 09:49:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-08-12 07:49
ComboFix2.txt 2010-08-09 19:16
Vor Suchlauf: 23 Verzeichnis(se), 80.245.137.408 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 80.119.603.200 Bytes frei
- - End Of File - - DAED5C72EEB19975ABF8B2C4E1A611B7
|
|
12.08.2010, 09:43
| #4 |
| | png777fh.dll' enthielt TR/Spy.585728.35[trojan] Ansonsten habe ich mal die png777fh.dll mit Malwarebytes gescannt, bevor Antivir sie entdeckt und beseitigt hat. Das Ergebnis: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
12.08.2010 10:22:15
mbam-log-2010-08-12 (10-22-15).txt
Scan type: Quick scan
Objects scanned: 1
Time elapsed: 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
|
|
| Themen zu png777fh.dll' enthielt TR/Spy.585728.35[trojan] |
| aktion, c:\windows, ccleaner, datei, folge, folgendes, kein fund, loszuwerden, malwarebytes, melde, meldet, namen, neustart, nichts, programm, rechner, registry, system, system32, tr/spy., troja, trojan, trojaner, unerwünschtes programm, verschoben, virus, windows |
![png777fh.dll' enthielt TR/Spy.585728.35[trojan]](iconimages/plagegeister-aller-art-deren-bekaempfung/png777fh-dll-enthielt-tr-spy-585728-35-trojan_ltr.gif)
Hybrid-Darstellung
