Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
40 TAN trojaner - selbe symptone wieder bereits beschrieben

40 TAN trojaner - selbe symptone wieder bereits beschrieben


Plagegeister aller Art und deren Bekämpfung: 40 TAN trojaner - selbe symptone wieder bereits beschrieben

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 12.08.2010, 15:43   #16
lekakapo
 
40 TAN trojaner - selbe symptone wieder bereits beschrieben - Standard

40 TAN trojaner - selbe symptone wieder bereits beschrieben


hier das Ergebniss:

File name:
mshearts.exe
Submission date:
2010-08-12 14:35:02 (UTC)
Current status:
queued (#66) queued (#67) analysing finished
Result:
0/ 42 (0.0%)


Antivirus Version Last Update Result
AhnLab-V3 2010.08.12.00 2010.08.11 -
AntiVir 8.2.4.34 2010.08.12 -
Antiy-AVL 2.0.3.7 2010.08.11 -
Authentium 5.2.0.5 2010.08.12 -
Avast 4.8.1351.0 2010.08.12 -
Avast5 5.0.332.0 2010.08.12 -
AVG 9.0.0.851 2010.08.12 -
BitDefender 7.2 2010.08.12 -
CAT-QuickHeal 11.00 2010.08.12 -
ClamAV 0.96.0.3-git 2010.08.12 -
Comodo 5715 2010.08.12 -
DrWeb 5.0.2.03300 2010.08.12 -
Emsisoft 5.0.0.37 2010.08.12 -
eSafe 7.0.17.0 2010.08.11 -
eTrust-Vet 36.1.7785 2010.08.12 -
F-Prot 4.6.1.107 2010.08.12 -
F-Secure 9.0.15370.0 2010.08.12 -
Fortinet 4.1.143.0 2010.08.12 -
GData 21 2010.08.12 -
Ikarus T3.1.1.88.0 2010.08.12 -
Jiangmin 13.0.900 2010.08.12 -
Kaspersky 7.0.0.125 2010.08.12 -
McAfee 5.400.0.1158 2010.08.12 -
McAfee-GW-Edition 2010.1 2010.08.12 -
Microsoft 1.6004 2010.08.12 -
NOD32 5361 2010.08.12 -
Norman 6.05.11 2010.08.12 -
nProtect 2010-08-12.03 2010.08.12 -
Panda 10.0.2.7 2010.08.12 -
PCTools 7.0.3.5 2010.08.12 -
Prevx 3.0 2010.08.12 -
Rising 22.60.03.04 2010.08.12 -
Sophos 4.56.0 2010.08.12 -
Sunbelt 6722 2010.08.12 -
SUPERAntiSpyware 4.40.0.1006 2010.08.12 -
Symantec 20101.1.1.7 2010.08.12 -
TheHacker 6.5.2.1.343 2010.08.11 -
TrendMicro 9.120.0.1004 2010.08.12 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.12 -
VBA32 3.12.14.0 2010.08.11 -
ViRobot 2010.8.9.3978 2010.08.12 -
VirusBuster 5.0.27.0 2010.08.12 -
Additional information
Show all
MD5 : c91c6b79896824f1c3d615e4ad06fccb
SHA1 : cc061c32cd39dbde4ee7316a08c158410eaee44f
SHA256: 091b4ac271c881fddd410fa066fa1f7cee9622e51e3959ef2941a8c05274142f
ssdeep: 3072:Jwvi4RRZdyw6PmjeJKyS+tX1RAraPNC8884NJH:sFERHKv+tX1
File size : 135680 bytes
First seen: 2010-08-12 14:35:02
Last seen : 2010-08-12 14:35:02
TrID:
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. Alle Rechte vorbehalten.
product......: Betriebssystem Microsoft_ Windows_
description..: Das Microsoft-Netzwerk mit Herz
original name: MSHEARTS.EXE
internal name: MSHEARTS
file version.: 5.1.2600.0 (xpclient.010817-1148)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0xAA30
timedatestamp....: 0x3B7D847A (Fri Aug 17 20:54:18 2001)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xBEB4, 0xC000, 6.14, 57195ac518d6af9a1f6ab3371e4a9ec7
.data, 0xD000, 0x750, 0x400, 3.66, 14e3e6aae88289d5a732ef6c80345a7f
.rsrc, 0xE000, 0x13000, 0x12C00, 5.87, 18c386052387bbfcb4cf25452f1f6135

[[ 8 import(s) ]]
MFC42u.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
msvcrt.dll: rand, qsort, _errno, _c_exit, _exit, _XcptFilter, _cexit, exit, _wcmdln, __wgetmainargs, time, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, __1type_info@@UAE@XZ, __dllonexit, _onexit, _terminate@@YAXXZ, _controlfp, _except_handler3, srand, _initterm, _wtoi, wcscmp, _purecall, __CxxFrameHandler
ADVAPI32.dll: RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegCreateKeyW, RegQueryValueExW, RegSetValueExW, RegFlushKey, RegDeleteValueW
KERNEL32.dll: lstrcpyW, GetStartupInfoW, GetModuleHandleA, lstrcmpiW, FindResourceW, LoadResource, LockResource, SetErrorMode, lstrlenW, FreeLibrary, LoadLibraryW, GetProcAddress, LoadLibraryA, WinExec
GDI32.dll: CombineRgn, GetTextExtentPoint32W, GetTextMetricsW, GetDeviceCaps, CreateSolidBrush, UnrealizeObject, PatBlt, CreateFontW, SetLayout, SetPixel, GetPixel, BitBlt, CreateCompatibleBitmap, CreateRectRgn, SetRectRgn, CreateICW, CreateCompatibleDC
USER32.dll: MessageBeep, DdeGetLastError, IntersectRect, SystemParametersInfoW, GetSystemMetrics, GetDesktopWindow, UpdateWindow, GetMenu, EnableMenuItem, CheckMenuItem, FillRect, KillTimer, GetProcessDefaultLayout, SetTimer, InvalidateRect, LoadIconW, wsprintfW, EnableWindow, SendMessageW, GetParent, ClientToScreen, GetClientRect, SetRect, PostMessageW, DdeCreateDataHandle, DdeCreateStringHandleW, DdeFreeStringHandle, DdeGetData, DdeInitializeW, DdePostAdvise, DdeClientTransaction, DdeUninitialize, DdeNameService, DdeConnect, DdeDisconnect, DrawIcon, DrawTextW, GetWindowRect
SHELL32.dll: ShellAboutW
WINMM.dll: waveOutGetNumDevs, sndPlaySoundW
Symantec reputation:Suspicious.Insight

Alt 12.08.2010, 15:47   #17
markusg
/// Malware-holic
 
40 TAN trojaner - selbe symptone wieder bereits beschrieben - Standard

40 TAN trojaner - selbe symptone wieder bereits beschrieben


nutze mal den kaspersky tdss killer.
http://www.trojaner-board.de/82358-t...tml#post640150
und poste das ergebniss.
__________________
Alt 12.08.2010, 16:13   #18
lekakapo
 
40 TAN trojaner - selbe symptone wieder bereits beschrieben - Standard

40 TAN trojaner - selbe symptone wieder bereits beschrieben


Das Ergebniss:


2010/08/12 17:07:53.0937 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09
2010/08/12 17:07:53.0937 ================================================================================
2010/08/12 17:07:53.0937 SystemInfo:
2010/08/12 17:07:53.0937
2010/08/12 17:07:53.0937 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/12 17:07:53.0937 Product type: Workstation
2010/08/12 17:07:53.0937 ComputerName: PARKER
2010/08/12 17:07:53.0937 UserName: ***
2010/08/12 17:07:53.0937 Windows directory: C:\WINDOWS
2010/08/12 17:07:53.0937 System windows directory: C:\WINDOWS
2010/08/12 17:07:53.0937 Processor architecture: Intel x86
2010/08/12 17:07:53.0937 Number of processors: 1
2010/08/12 17:07:53.0937 Page size: 0x1000
2010/08/12 17:07:53.0937 Boot type: Normal boot
2010/08/12 17:07:53.0937 ================================================================================
2010/08/12 17:07:54.0203 Initialize success
2010/08/12 17:07:57.0828 ================================================================================
2010/08/12 17:07:57.0828 Scan started
2010/08/12 17:07:57.0828 Mode: Manual;
2010/08/12 17:07:57.0828 ================================================================================
2010/08/12 17:08:00.0937 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/12 17:08:01.0015 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/08/12 17:08:01.0125 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/12 17:08:01.0250 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/12 17:08:01.0500 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/08/12 17:08:01.0843 ALCXWDM (35045a23957a71ba649740741e69408c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/08/12 17:08:02.0140 ANIO (92defe8a13a7ce457817e3bd464a9ff4) C:\WINDOWS\system32\ANIO.SYS
2010/08/12 17:08:02.0234 ApfiltrService (87ec3fdcaf6c5052e2e72b861dedd3d3) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/08/12 17:08:02.0328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/12 17:08:02.0500 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2010/08/12 17:08:02.0562 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/12 17:08:02.0750 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/12 17:08:02.0828 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/12 17:08:02.0921 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/12 17:08:03.0000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/12 17:08:03.0078 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
2010/08/12 17:08:03.0171 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/12 17:08:03.0312 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/12 17:08:03.0406 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/12 17:08:03.0484 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/12 17:08:03.0578 Cdr4vsd (9fc549cb9099f92f032df52f7a6092d4) C:\WINDOWS\system32\drivers\Cdr4vsd.sys
2010/08/12 17:08:03.0671 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/12 17:08:03.0875 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/12 17:08:03.0968 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/12 17:08:04.0109 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
2010/08/12 17:08:04.0156 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
2010/08/12 17:08:04.0312 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/12 17:08:04.0421 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/12 17:08:04.0578 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/12 17:08:04.0671 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/12 17:08:04.0750 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/12 17:08:04.0828 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/12 17:08:04.0921 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/08/12 17:08:05.0015 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/08/12 17:08:05.0218 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/12 17:08:05.0296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/12 17:08:05.0359 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/12 17:08:05.0421 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/12 17:08:05.0515 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/12 17:08:05.0593 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/12 17:08:05.0796 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/12 17:08:05.0906 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/12 17:08:05.0968 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/12 17:08:06.0078 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/12 17:08:06.0250 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/12 17:08:06.0484 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/12 17:08:06.0609 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/12 17:08:06.0703 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/12 17:08:06.0765 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/12 17:08:06.0953 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/12 17:08:07.0031 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/12 17:08:07.0250 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/12 17:08:07.0312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/12 17:08:07.0421 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/12 17:08:07.0546 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/12 17:08:07.0625 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/12 17:08:07.0703 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2010/08/12 17:08:07.0781 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\WINDOWS\system32\DRIVERS\k750bus.sys
2010/08/12 17:08:07.0828 k750mdfl (f44521f63c0c00364fa3d59db980de6a) C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
2010/08/12 17:08:07.0890 k750mdm (e93323c3ed5e8923a177740a973c27b2) C:\WINDOWS\system32\DRIVERS\k750mdm.sys
2010/08/12 17:08:08.0015 k750obex (81ca2d57b2c14f76f4ba80846784bb3d) C:\WINDOWS\system32\DRIVERS\k750obex.sys
2010/08/12 17:08:08.0062 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/12 17:08:08.0171 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/12 17:08:08.0281 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/12 17:08:08.0406 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/12 17:08:08.0531 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/12 17:08:08.0625 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/12 17:08:08.0812 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/12 17:08:08.0906 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/12 17:08:09.0000 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/12 17:08:09.0140 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/12 17:08:09.0312 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/12 17:08:09.0390 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/12 17:08:09.0421 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/12 17:08:09.0484 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/12 17:08:09.0546 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/12 17:08:09.0593 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/12 17:08:09.0671 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/12 17:08:09.0812 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/12 17:08:09.0937 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/12 17:08:10.0109 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/12 17:08:10.0187 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/12 17:08:10.0234 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/12 17:08:10.0281 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/12 17:08:10.0328 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/12 17:08:10.0406 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/12 17:08:10.0578 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/12 17:08:10.0734 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/12 17:08:10.0828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/12 17:08:10.0968 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/12 17:08:11.0078 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/12 17:08:11.0171 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/12 17:08:11.0234 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/12 17:08:11.0312 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/12 17:08:11.0453 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2010/08/12 17:08:11.0531 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/12 17:08:11.0656 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/12 17:08:11.0734 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/12 17:08:11.0828 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/12 17:08:12.0000 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/08/12 17:08:12.0343 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2010/08/12 17:08:12.0453 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/12 17:08:12.0515 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/12 17:08:12.0593 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/12 17:08:12.0734 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/12 17:08:13.0046 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/12 17:08:13.0093 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/12 17:08:13.0171 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/12 17:08:13.0234 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/12 17:08:13.0312 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/12 17:08:13.0453 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/12 17:08:13.0578 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/12 17:08:13.0687 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/12 17:08:13.0796 RT73 (cb20f16afdba63707fb971e0922edec1) C:\WINDOWS\system32\DRIVERS\Dr71WU.sys
2010/08/12 17:08:13.0953 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2010/08/12 17:08:14.0125 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/08/12 17:08:14.0218 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/08/12 17:08:14.0296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/12 17:08:14.0359 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/12 17:08:14.0515 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
2010/08/12 17:08:14.0640 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/08/12 17:08:14.0687 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/08/12 17:08:14.0750 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
2010/08/12 17:08:14.0812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/08/12 17:08:14.0859 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
2010/08/12 17:08:15.0046 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
2010/08/12 17:08:15.0171 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/12 17:08:15.0265 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/12 17:08:15.0359 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/12 17:08:15.0468 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/12 17:08:15.0625 SrvcSSIOMngr (79b7af340d55861df1d69e7bac975fcc) C:\WINDOWS\system32\Drivers\SSIoMngr.sys
2010/08/12 17:08:15.0734 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/08/12 17:08:15.0812 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/08/12 17:08:15.0875 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/12 17:08:15.0937 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/12 17:08:15.0984 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/12 17:08:16.0265 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/12 17:08:16.0468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/12 17:08:16.0625 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/08/12 17:08:16.0781 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/12 17:08:16.0875 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/12 17:08:16.0921 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/12 17:08:17.0015 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/08/12 17:08:17.0078 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/08/12 17:08:17.0140 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/08/12 17:08:17.0218 tfsndres (6740bd5e6a73a48e896fe80134aeaad5) C:\WINDOWS\system32\dla\tfsndres.sys
2010/08/12 17:08:17.0281 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/08/12 17:08:17.0390 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/08/12 17:08:17.0453 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/08/12 17:08:17.0500 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/08/12 17:08:17.0531 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/08/12 17:08:17.0656 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys
2010/08/12 17:08:17.0781 tosrfec (28c252f4311244a07b6dafc1fa0a2b0e) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
2010/08/12 17:08:17.0843 TPwSav (f163e994d26c2b17fee748fa84fbdba5) C:\WINDOWS\system32\Drivers\TPwSav.sys
2010/08/12 17:08:17.0921 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/08/12 17:08:18.0062 Tvs (925b851b10eefece7ed6b9a1c8873135) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2010/08/12 17:08:18.0218 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/12 17:08:18.0343 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/12 17:08:18.0421 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/12 17:08:18.0500 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/12 17:08:18.0578 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/12 17:08:18.0734 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/12 17:08:18.0843 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/12 17:08:18.0890 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/12 17:08:18.0937 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/12 17:08:19.0031 V0220Dev (d26829d436f592f6d80d71b9c02c690f) C:\WINDOWS\system32\DRIVERS\V0220Dev.sys
2010/08/12 17:08:19.0078 V0220Vfx (eb4e73963bc2eda84b93b29174e15b02) C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys
2010/08/12 17:08:19.0156 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/12 17:08:19.0375 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/12 17:08:19.0703 w29n51 (67caa926ef06e07f2d31056b39f51c54) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2010/08/12 17:08:19.0968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/12 17:08:20.0093 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/12 17:08:20.0250 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/12 17:08:20.0312 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/12 17:08:20.0375 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/12 17:08:20.0484 ================================================================================
2010/08/12 17:08:20.0484 Scan finished
2010/08/12 17:08:20.0484 ================================================================================
__________________
Alt 12.08.2010, 16:29   #19
markusg
/// Malware-holic
 
40 TAN trojaner - selbe symptone wieder bereits beschrieben - Standard

40 TAN trojaner - selbe symptone wieder bereits beschrieben


musstest du Cure *oder Delete ausführen?

Alt 12.08.2010, 16:41   #20
lekakapo
 
40 TAN trojaner - selbe symptone wieder bereits beschrieben - Standard

40 TAN trojaner - selbe symptone wieder bereits beschrieben


Nein nichts.


Alt 12.08.2010, 16:45   #21
markusg
/// Malware-holic
 
40 TAN trojaner - selbe symptone wieder bereits beschrieben - Standard

40 TAN trojaner - selbe symptone wieder bereits beschrieben


poste einen GMER report
http://www.trojaner-board.de/74908-a...t-scanner.html

Alt 12.08.2010, 17:09   #22
lekakapo
 
40 TAN trojaner - selbe symptone wieder bereits beschrieben - Standard

40 TAN trojaner - selbe symptone wieder bereits beschrieben


Bei dem Versuch das Programm zu starten erscheint eine Problemmeldung:

Problemsignatur:

AppName: 1g3s1s3l.exe AppVer: 1.0.15.15281 ModName: 1g3s1s3l.exe
ModVer: 1.0.15.15281 Offset: 0005c887


Brauchst du weitere Details oder soll ich etwas anderes versuchen?

Alt 12.08.2010, 17:14   #23
markusg
/// Malware-holic
 
40 TAN trojaner - selbe symptone wieder bereits beschrieben - Standard

40 TAN trojaner - selbe symptone wieder bereits beschrieben


ne versuchen wir n anderes.
download radix
Radix Antirootkit - Download - CHIP Online
bitte schalte alles an laufender software ab, trenne die internetverbindung, radix in nen eigenen ordner entpacken, klicke dann die radixgui.exe, aktiviere auf der 1-klick registerkarte alles, lasse ihn scannen, nichts löschen am ende
log hier hochladen:
File-Upload.net
download link posten.

Alt 12.08.2010, 17:32   #24
lekakapo
 
40 TAN trojaner - selbe symptone wieder bereits beschrieben - Standard

40 TAN trojaner - selbe symptone wieder bereits beschrieben


Während des Scanvorgangs kamen verschiedene Anfragen. Soll ich immer zustimmen?

Alt 12.08.2010, 17:36   #25
markusg
/// Malware-holic
 
40 TAN trojaner - selbe symptone wieder bereits beschrieben - Standard

40 TAN trojaner - selbe symptone wieder bereits beschrieben


ja, mach das bitte

Alt 12.08.2010, 17:57   #26
lekakapo
 
40 TAN trojaner - selbe symptone wieder bereits beschrieben - Standard

40 TAN trojaner - selbe symptone wieder bereits beschrieben


Der Computer ist während des Scans abgestürzt. Es gibt dennoch eine Log. Soll ich es noch mal versuchen oder den existierenden Log hochladen?

Ein Auszug:

95 >\FileSystem\srfs 82F01D08 sr.sys
97 \FileSystem\tfsndrct 82C57DA0 tfsndrct.sys --[HOOKED]--
This might be a false positive, as I was unable to check.
* Majorfunction 03 (IRP_MJ_READ) hooked at 82C862C8 probably by C:\WINDOWS\system32\DRIVERS\d347bus.sys
WARNING: This is just a rough guess that was made by analyzing the code at this address!
-------------------------------------------------------------------------------
Information for module d347bus.sys:
-------------------------------------------------------------------------------
Index: 4
Base address: F857C000
Size: 00026000
Flags: 09004000
Load count: 1
Imagename: d347bus.sys
Name:
Version: 3.47.0.0
Company:
File Version: 3.47.0.0 built by: WinDDK
Description: PnP BIOS Extension
Possible path: C:\WINDOWS\system32\DRIVERS\d347bus.sys
Signed: > NO! <



* The DriverUnload function points to another module than the start routine.
* Unload routine is at F857ECEC by C:\WINDOWS\system32\DRIVERS\d347bus.sys
-------------------------------------------------------------------------------
Information for module d347bus.sys:
-------------------------------------------------------------------------------
Index: 4
Base address: F857C000
Size: 00026000
Flags: 09004000
Load count: 1
Imagename: d347bus.sys
Name:
Version: 3.47.0.0
Company:
File Version: 3.47.0.0 built by: WinDDK
Description: PnP BIOS Extension
Possible path: C:\WINDOWS\system32\DRIVERS\d347bus.sys
Signed: > NO! <



98 \FileSystem\NetBIOS 82B05390 netbios.sys
96 \FileSystem\sr 82F01D08 sr.sys
99 \FileSystem\tfsnboio 82C57550 tfsnboio.sys --[HOOKED]--
This might be a false positive, as I was unable to check.
* Majorfunction 03 (IRP_MJ_READ) hooked at 82C89178 probably by C:\WINDOWS\system32\DRIVERS\d347bus.sys
WARNING: This is just a rough guess that was made by analyzing the code at this address!
-------------------------------------------------------------------------------
Information for module d347bus.sys:
-------------------------------------------------------------------------------
Index: 4
Base address: F857C000
Size: 00026000
Flags: 09004000
Load count: 1
Imagename: d347bus.sys
Name:
Version: 3.47.0.0
Company:
File Version: 3.47.0.0 built by: WinDDK
Description: PnP BIOS Extension
Possible path: C:\WINDOWS\system32\DRIVERS\d347bus.sys
Signed: > NO! <



* The DriverUnload function points to another module than the start routine.
* Unload routine is at F857ECEC by C:\WINDOWS\system32\DRIVERS\d347bus.sys
-------------------------------------------------------------------------------
Information for module d347bus.sys:
-------------------------------------------------------------------------------
Index: 4
Base address: F857C000
Size: 00026000
Flags: 09004000
Load count: 1
Imagename: d347bus.sys
Name:
Version: 3.47.0.0
Company:
File Version: 3.47.0.0 built by: WinDDK
Description: PnP BIOS Extension
Possible path: C:\WINDOWS\system32\DRIVERS\d347bus.sys
Signed: > NO! <



100 \FileSystem\Rdbss 82A9AA70 rdbss.sys --[HOOKED]--
This might be a false positive, as I was unable to check.
* Majorfunction 03 (IRP_MJ_READ) hooked at 82B2E1E8 probably by C:\WINDOWS\system32\DRIVERS\d347bus.sys
WARNING: This is just a rough guess that was made by analyzing the code at this address!
-------------------------------------------------------------------------------
Information for module d347bus.sys:
-------------------------------------------------------------------------------
Index: 4
Base address: F857C000
Size: 00026000
Flags: 09004000
Load count: 1
Imagename: d347bus.sys
Name:
Version: 3.47.0.0
Company:
File Version: 3.47.0.0 built by: WinDDK
Description: PnP BIOS Extension
Possible path: C:\WINDOWS\system32\DRIVERS\d347bus.sys
Signed: > NO! <



75 \FileSystem\sscdbhk5 82D53768 sscdbhk5.sys
75 >\Driver\Cdromscdbhk5 82D4CF38 cdrom.sys
58 >\Driver\redbookdbhk5 82D53528 redbook.sys
101 \FileSystem\tfsndres 82B46DA0 tfsndres.sys
102 \FileSystem\ssrtln 82DC3550 ssrtln.sys
103 \FileSystem\tfsnifs 82C1C030 tfsnifs.sys
104 \FileSystem\tfsnopio 82A92A70 tfsnopio.sys
105 \FileSystem\Msfs 829B5550 Msfs.SYS --[HOOKED]--
This might be a false positive, as I was unable to check.
* Majorfunction 03 (IRP_MJ_READ) hooked at 82A8C7F0 probably by C:\WINDOWS\system32\DRIVERS\d347bus.sys
WARNING: This is just a rough guess that was made by analyzing the code at this address!
-------------------------------------------------------------------------------
Information for module d347bus.sys:
-------------------------------------------------------------------------------
Index: 4
Base address: F857C000
Size: 00026000
Flags: 09004000
Load count: 1
Imagename: d347bus.sys
Name:
Version: 3.47.0.0
Company:
File Version: 3.47.0.0 built by: WinDDK
Description: PnP BIOS Extension
Possible path: C:\WINDOWS\system32\DRIVERS\d347bus.sys
Signed: > NO! <



* The DriverUnload function points to another module than the start routine.
* Unload routine is at F857ECEC by C:\WINDOWS\system32\DRIVERS\d347bus.sys
-------------------------------------------------------------------------------
Information for module d347bus.sys:
-------------------------------------------------------------------------------
Index: 4
Base address: F857C000
Size: 00026000
Flags: 09004000
Load count: 1
Imagename: d347bus.sys
Name:
Version: 3.47.0.0
Company:
File Version: 3.47.0.0 built by: WinDDK
Description: PnP BIOS Extension
Possible path: C:\WINDOWS\system32\DRIVERS\d347bus.sys
Signed: > NO! <



106 \FileSystem\MRxSmb 82D0F878 mrxsmb.sys --[HOOKED]--
This might be a false positive, as I was unable to check.
* Majorfunction 03 (IRP_MJ_READ) hooked at 82B2D1E8 probably by C:\WINDOWS\system32\DRIVERS\d347bus.sys
WARNING: This is just a rough guess that was made by analyzing the code at this address!
-------------------------------------------------------------------------------
Information for module d347bus.sys:
-------------------------------------------------------------------------------
Index: 4
Base address: F857C000
Size: 00026000
Flags: 09004000
Load count: 1
Imagename: d347bus.sys
Name:
Version: 3.47.0.0
Company:
File Version: 3.47.0.0 built by: WinDDK
Description: PnP BIOS Extension
Possible path: C:\WINDOWS\system32\DRIVERS\d347bus.sys
Signed: > NO! <

Alt 12.08.2010, 18:01   #27
markusg
/// Malware-holic
 
40 TAN trojaner - selbe symptone wieder bereits beschrieben - Standard

40 TAN trojaner - selbe symptone wieder bereits beschrieben


lad mal das ganze log bei file-upload hoch, ich schaue mir mal an was da ist.

Alt 12.08.2010, 18:05   #28
lekakapo
 
40 TAN trojaner - selbe symptone wieder bereits beschrieben - Standard

40 TAN trojaner - selbe symptone wieder bereits beschrieben


hier der link:

hxxp://www.file-upload.net/download-2740724/log.txt.html

Alt 12.08.2010, 19:17   #29
markusg
/// Malware-holic
 
40 TAN trojaner - selbe symptone wieder bereits beschrieben - Standard

40 TAN trojaner - selbe symptone wieder bereits beschrieben


versuche mal normans tdss cleaner:
Rootkit.tdss entfernen: Norman TDSS Cleaner - Paules-PC-Forum.de
poste die oder das log.

Alt 12.08.2010, 20:01   #30
lekakapo
 
40 TAN trojaner - selbe symptone wieder bereits beschrieben - Standard

40 TAN trojaner - selbe symptone wieder bereits beschrieben


hier die Log:

Norman TDSS Cleaner
Version 1.9.3
Copyright © 1990 - 2010, Norman ASA. Built 2010/05/25 11:56:03

Norman Scanner Engine Version: 6.04.08
Nvcbin.def Version: 6.04.00, Date: 2010/05/25 11:56:03, Variants: 57644

Scan started: 2010/08/12 20:50:36

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 3
Logged on user: PARKER\***

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Running anti-TDSS module:

No TDSS infection detected

TDSS scan complete. Will now scan for related malware

Scanning bootsectors...

Number of sectors found: 1
Number of sectors scanned: 1
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 31ms


Scanning running processes and process memory...

Number of processes/threads found: 3665
Number of processes/threads scanned: 3665
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 1m 21s


Scanning file system...

Scanning: prescan

Scanning: C:\WINDOWS\system32\drivers\*

Scanning: postscan


Running post-scan cleanup routine:
Failed to locate shared service executable: C:\WINDOWS\System32\appmgmts.dll
Removed service: AppMgmt

Number of files found: 427
Number of archives unpacked: 0
Number of files scanned: 427
Number of files not scanned: 0
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 17s

Antwort
Seite 2 von 3 1 2 3

Themen zu 40 TAN trojaner - selbe symptone wieder bereits beschrieben
0x00000001, 40 tan, acroiehelper.dll, adobe, agere systems, antivir, ask toolbar, ask.com, avgntflt.sys, avira, bho, browser, components, einstellungen, error, explorer, firefox.exe, format, google, helper, home, homepage, jucheck.exe, launch, location, logfile, mozilla, object, oldtimer, otl logfile, otl scan, otl.exe, plug-in, realtek, registry, scan, sched.exe, searchplugins, security, software, symantec, tan trojaner, temp, trojaner, usb


« Antimalware Doctor / Dropper / Immer IFrame im Browser | 40 TAN Trojaner - auch ich... »


Ähnliche Themen: 40 TAN trojaner - selbe symptone wieder bereits beschrieben


  1. USB Stick kann nicht beschrieben werden
    Netzwerk und Hardware - 11.11.2015 (9)
  2. GVU Trojaner - System bereits wiederhergestellt!
    Log-Analyse und Auswertung - 06.07.2013 (11)
  3. Google, FB startet nicht, Delta Search vor einer Woche bereits deinstalliert, ungewollte Werbeeinblendungen ebenfalls bereits deinstalliert
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (7)
  4. GVU-Trojaner- WindowsUnlocker bereits erfolgreich
    Log-Analyse und Auswertung - 04.02.2013 (40)
  5. Grafikkarte selbe Spannund auf P3 und P0 ?
    Netzwerk und Hardware - 20.11.2012 (0)
  6. Bundespolizei Trojaner (Otl bereits heruntergeladen)
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (7)
  7. GVU Locksite Trojaner (selbe wie bei User "DieTina")
    Log-Analyse und Auswertung - 11.07.2012 (3)
  8. sirefef.bp.1 wird in avira angezeigt - kann nicht entfernen - OTL benutzt wie beschrieben
    Log-Analyse und Auswertung - 06.03.2012 (7)
  9. Wie schon beschrieben, Windows blockert --> 50€ bezahlen etc...
    Log-Analyse und Auswertung - 14.02.2012 (1)
  10. 50 Euro Trojaner, OTL bereits
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (9)
  11. Trojaner auf dem Rechnern, Virenscan bringt immer wieder selbe Ergebnisse
    Plagegeister aller Art und deren Bekämpfung - 16.08.2010 (30)
  12. Trojaner mit TAN-Abfrage wie mehrfach beschrieben
    Plagegeister aller Art und deren Bekämpfung - 15.08.2010 (7)
  13. Virus immer wieder der Selbe
    Antiviren-, Firewall- und andere Schutzprogramme - 31.08.2009 (4)
  14. Trojaner entfernen immer der selbe Weg?
    Mülltonne - 20.10.2008 (0)
  15. Habe Trojaner Downloader.Swizzor.CP und das selbe CR
    Log-Analyse und Auswertung - 12.10.2005 (4)
  16. Immer die selbe Startseite
    Log-Analyse und Auswertung - 19.08.2004 (5)
  17. Immer noch das selbe Problem ?
    Plagegeister aller Art und deren Bekämpfung - 10.12.2003 (18)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema 40 TAN trojaner - selbe symptone wieder bereits beschrieben - hier das Ergebniss: File name: mshearts.exe Submission date: 2010-08-12 14:35:02 (UTC) Current status: queued (#66) queued (#67) analysing finished Result: 0/ 42 (0.0%) Antivirus Version Last Update Result AhnLab-V3 2010.08.12.00 - 40 TAN trojaner - selbe symptone wieder bereits beschrieben...
Archiv
Du betrachtest: 40 TAN trojaner - selbe symptone wieder bereits beschrieben auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131