Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner "TR/Spy.Banker.FJ"

Trojaner "TR/Spy.Banker.FJ"


Log-Analyse und Auswertung: Trojaner "TR/Spy.Banker.FJ"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 6 von 7 « Erste 45 6 7
Alt 22.11.2010, 14:33   #76
Swisstreasure
/// Malwareteam
 
Trojaner "TR/Spy.Banker.FJ" - Standard

Trojaner "TR/Spy.Banker.FJ"


Nein klingt es nicht..

Dann versuche einfach einmal einen Quickscan mit Malwarebytes und poste dann das Log.

Alt 22.11.2010, 16:24   #77
masi76
 
Trojaner "TR/Spy.Banker.FJ" - Standard

Trojaner "TR/Spy.Banker.FJ"


Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5129

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

22/11/2010 16:21:24
mbam-log-2010-11-22 (16-21-24).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 145484
Laufzeit: 17 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bkmgvvyq (Rogue.AntivirusAction) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Markus\AppData\Local\Temp\qaclevdrb\gvhvcpytsbl.exe (Rogue.AntivirusAction) -> Quarantined and deleted successfully.
C:\Users\Markus\Local Settings\Application Data\syssvc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
__________________
Alt 22.11.2010, 16:26   #78
Swisstreasure
/// Malwareteam
 
Trojaner "TR/Spy.Banker.FJ" - Standard

Trojaner "TR/Spy.Banker.FJ"


Versuche jetzt nochmals mit otl.exe zu scannen.
__________________
Alt 22.11.2010, 16:50   #79
masi76
 
Trojaner "TR/Spy.Banker.FJ" - Standard

Trojaner "TR/Spy.Banker.FJ"


Code:
ATTFilter
OTL logfile created on: 22/11/2010 16:32:22 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Markus\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1,013.00 Mb Total Physical Memory | 388.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.41 Gb Total Space | 31.10 Gb Free Space | 44.80% Space Free | Partition Type: NTFS
Drive D: | 5.12 Gb Total Space | 1.16 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
 
Computer Name: PIM-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Markus\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Markus\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (iatmunin) -- C:\Users\Pim\AppData\Local\Temp\iatmunin.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://www.Google.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/31 06:08:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/12 05:54:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/12 05:54:17 | 000,000,000 | ---D | M]
 
[2008/11/11 18:54:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla\Extensions
[2010/11/19 07:31:43 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions
[2010/11/13 07:14:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/11 18:53:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/06 21:46:25 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/11/12 05:54:07 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/11/12 05:54:07 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/11/12 05:54:07 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/11/12 05:54:07 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/11/12 05:54:07 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/10/30 06:45:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/11/22 09:31:36 | 000,094,848 | ---- | C] (GMER) -- C:\uwldapow.sys
[2010/11/16 23:03:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/16 23:03:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/16 23:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/09 08:33:08 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Avira
[2010/11/08 08:11:26 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/11/08 08:11:26 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/10/30 06:45:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/10/30 06:40:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/27 14:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/27 06:57:02 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/27 06:56:58 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/27 06:56:57 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/05/19 19:45:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Markus\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010/11/22 16:35:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
[2010/11/22 16:30:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/11/22 16:28:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/22 16:28:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/22 16:27:32 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/22 16:25:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/22 16:25:52 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/22 16:24:52 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/22 16:05:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/22 13:22:27 | 138,622,950 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/22 09:31:36 | 000,094,848 | ---- | M] (GMER) -- C:\uwldapow.sys
[2010/11/22 09:13:43 | 000,000,000 | ---- | M] () -- C:\Users\Markus\defogger_reenable
[2010/11/16 23:03:43 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/16 22:40:55 | 000,441,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/12 08:13:50 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1916800003-2860886627-113782704-1002.job
[2010/11/12 07:10:13 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{52C964EE-F448-412B-8FE7-0550962111FD}.job
[2010/11/10 08:31:38 | 000,612,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/10 08:31:37 | 000,109,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/09 08:36:09 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/09 08:36:09 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/02 07:48:44 | 000,001,680 | ---- | M] () -- C:\Users\Markus\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2010/10/30 06:45:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
 
========== Files Created - No Company Name ==========
 
[2010/11/22 09:13:43 | 000,000,000 | ---- | C] () -- C:\Users\Markus\defogger_reenable
[2010/11/16 23:03:43 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/12 08:14:30 | 1063,378,944 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/12 07:57:04 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1916800003-2860886627-113782704-1002.job
[2010/11/12 07:10:13 | 000,000,424 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{52C964EE-F448-412B-8FE7-0550962111FD}.job
[2010/11/02 07:48:44 | 000,001,680 | ---- | C] () -- C:\Users\Markus\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2010/10/30 07:45:40 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/27 12:20:56 | 138,622,950 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/19 19:45:14 | 000,000,033 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.log
[2010/05/19 19:45:13 | 000,007,887 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.cat
[2010/05/19 19:45:13 | 000,001,144 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.inf
[2009/10/21 14:14:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/12 14:22:52 | 000,059,904 | ---- | C] () -- C:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 03:52:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\QSwitch.txt
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\DSwitch.txt
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\AtStart.txt
[2008/09/08 19:24:54 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2008/03/27 01:00:27 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007/11/08 14:24:54 | 000,000,167 | ---- | C] () -- C:\Windows\wininit.ini
[2007/11/06 21:27:30 | 000,090,112 | ---- | C] () -- C:\Windows\System32\custmon2k.dll
[2007/09/20 18:50:48 | 000,009,793 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/07/14 10:51:35 | 000,001,634 | ---- | C] () -- C:\Windows\bsm.ini
[2007/06/20 12:19:09 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007/06/06 11:23:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/06 12:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/06 10:05:40 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/06 10:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/06 10:00:56 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/19 08:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 08:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/01/24 10:29:26 | 000,077,824 | ---- | C] () -- C:\Windows\System32\lxaxlcnp.dll
 
========== LOP Check ==========
 
[2009/11/13 18:11:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\AvaTrader
[2009/08/26 06:58:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HaCon
[2008/11/01 11:35:02 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\PC Suite
[2009/05/20 08:48:41 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Thunderbird
[2010/05/19 19:45:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Vso
[2010/11/22 16:24:56 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/22 16:35:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
[2010/11/12 07:10:13 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{52C964EE-F448-412B-8FE7-0550962111FD}.job
 
========== Purity Check ==========
 
 

< End of report >

Alt 22.11.2010, 16:51   #80
masi76
 
Trojaner "TR/Spy.Banker.FJ" - Standard

Trojaner "TR/Spy.Banker.FJ"


Code:
ATTFilter
OTL Extras logfile created on: 22/11/2010 16:32:22 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Markus\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1,013.00 Mb Total Physical Memory | 388.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.41 Gb Total Space | 31.10 Gb Free Space | 44.80% Space Free | Partition Type: NTFS
Drive D: | 5.12 Gb Total Space | 1.16 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
 
Computer Name: PIM-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{475EC59A-B91B-4911-BDC2-084239247EC3}" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\7zsd463.tmp\symnrt.exe | 
"{4A12E9F4-9705-467D-8BFB-0B22B357ADB2}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqsudi.exe | 
"{4A3D3F83-04F6-4D95-A73A-B38767A57ADC}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpsapp.exe | 
"{668EEA5A-A3E8-43B9-906E-2D3684E12F54}" = protocol=17 | dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{7F7E42EA-1882-42D3-B188-A91B6E602F6B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{7FFBEACD-1835-4E2E-B204-9455A9C8C691}" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\7zs8065.tmp\symnrt.exe | 
"{98321619-A523-4E84-A508-509F40722BCD}" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\7zs8065.tmp\symnrt.exe | 
"{A6DB229D-9944-48FE-BE3A-B32531776067}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B2DF8117-DF89-43E9-B78A-B436BBB8378D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{CE8D2281-E568-4C76-9708-488A4AF6355A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{D0100667-560B-4C9F-B92C-5BC8244F45B8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D080FF2A-F170-48A0-952F-5B4216743661}" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\7zsd463.tmp\symnrt.exe | 
"{D1CC0E3A-E64F-482D-B4FE-4E3AAB555D04}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{D8918E37-8914-4C5A-BF0E-AEEFC1E2E009}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{E673E3DB-F26B-401C-8286-2C5084B6024B}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{E8FC7B4B-DE1E-4D84-808A-204159898D9D}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpse.exe | 
"TCP Query User{05A672C5-0508-4269-A89B-79421114F250}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{0D099135-DB97-4304-92EF-F302CDECDCC4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{3D56595E-153C-4308-807E-24CF0DFCB96E}C:\program files\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"TCP Query User{535ED4F5-7478-4369-AF0A-1E12809DE55B}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{A28BF2C2-3EDC-4D77-A2FF-B44FD2703B19}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{C29761DB-AE73-4826-823A-8A27D3ABA934}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{1FBDDF3F-ABAB-4DD4-A61D-FFCAD1D840CA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{374241BF-0AE6-4773-9C80-DB73BEF14CEE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{6E26DB86-A7A7-4F68-949B-DF6F75A25C25}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{882031B7-AA4F-41C6-9F5A-768BB5BAA487}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{9EF7B8D7-A31D-40F6-949D-6FA41E10C14F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{F65A47E5-FFE6-46D6-9D73-84A0603B0383}C:\program files\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15DD1D3C-8386-47D4-91A4-2D25FAFE1255}" = HP User Guide 0039
"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}" = Serif PagePlus SE 1.0
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}" = Ad-Aware SE Personal
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D12EBB4E-CF21-496D-979F-89D9DE58C5B8}" = PDFill PDF Editor with FREE PDF Writer and Tools
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem  (05/22/2008 3.8)
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.5.15)" = Mozilla Firefox (3.5.15)
"PDFill PDF Writer" = PDFill PDF Writer
"RealPlayer 12.0" = RealPlayer
"SopCast" = SopCast 2.0.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12/05/2009 02:59:01 | Computer Name = Pim-PC | Source = Application Hang | ID = 1002
Description = The program SoftwareUpdate.exe version 2.1.1.116 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: dc0  Start Time: 01c9d2ce59a76b56  Termination Time: 4010
 
Error - 25/05/2009 14:10:32 | Computer Name = Pim-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.0.3399 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 93c  Start Time: 01c9dd63b4bccdd6  Termination Time: 172
 
Error - 02/06/2009 03:11:53 | Computer Name = Pim-PC | Source = Application Hang | ID = 1002
Description = The program SoftwareUpdate.exe version 2.1.1.116 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: fb8  Start Time: 01c9e34e9c6ff885  Termination Time: 3541
 
Error - 04/06/2009 06:20:50 | Computer Name = Pim-PC | Source = Application Hang | ID = 1002
Description = The program fx_client.exe version 3.3.268.1 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: fcc  Start Time: 01c9e4e101972538  Termination Time: 94
 
Error - 05/06/2009 18:58:48 | Computer Name = Pim-PC | Source = Google Update | ID = 20
Description = 
 
Error - 15/06/2009 02:38:01 | Computer Name = Pim-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: ab4  Start Time: 01c9ed812eac1ad6  Termination Time: 50768
 
Error - 15/06/2009 02:45:05 | Computer Name = Pim-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.exe version 6.0.6001.18164 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 840  Start Time: 01c9ed83d7025d56  Termination Time: 60000
 
Error - 22/06/2009 01:17:21 | Computer Name = Pim-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 170  Start Time: 01c9f2f7ad273f1f  Termination Time: 39858
 
Error - 28/06/2009 12:08:14 | Computer Name = Pim-PC | Source = Application Hang | ID = 1002
Description = The program Nss.exe version 2.2.0.26 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Problem Reports and Solutions control panel.  Process 
ID: bf8  Start Time: 01c9f809a7fe97e9  Termination Time: 93
 
Error - 30/06/2009 02:39:39 | Computer Name = Pim-PC | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37,
 faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
 0xc0000005, fault offset 0x24005d7e,  process id 0x240, application start time 0x01c9f94d05e8d1da.
 
[ System Events ]
Error - 16/11/2010 18:08:14 | Computer Name = Pim-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 17/11/2010 02:46:01 | Computer Name = Pim-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 17/11/2010 08:10:37 | Computer Name = Pim-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 19/11/2010 02:14:03 | Computer Name = Pim-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 19/11/2010 02:14:40 | Computer Name = Pim-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 22/11/2010 04:33:12 | Computer Name = Pim-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 09:32:12 on 22/11/2010 was unexpected.
 
Error - 22/11/2010 08:13:53 | Computer Name = Pim-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:15:15 on 22/11/2010 was unexpected.
 
Error - 22/11/2010 08:22:40 | Computer Name = Pim-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 13:21:40 on 22/11/2010 was unexpected.
 
Error - 22/11/2010 08:26:10 | Computer Name = Pim-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 22/11/2010 10:53:39 | Computer Name = Pim-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 13:55:48 on 22/11/2010 was unexpected.
 
 
< End of report >


Alt 22.11.2010, 16:55   #81
Swisstreasure
/// Malwareteam
 
Trojaner "TR/Spy.Banker.FJ" - Standard

Trojaner "TR/Spy.Banker.FJ"


Schritt 1
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf .
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:
  • Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
  • Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
  • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Gmer startet automatisch einen ersten Scan.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    Code:
    ATTFilter
    WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?
  • Unbedingt auf "No" klicken,
    in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

    .
  • Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
  • Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
  • Wichtig: "Show all" darf nicht angehakt sein!
  • Starte den Scan durch Drücken des Buttons "Scan".
    Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
  • Wenn der Scan fertig ist, bleibt die Zeile leer.
    Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
    Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

Alt 22.11.2010, 17:26   #82
masi76
 
Trojaner "TR/Spy.Banker.FJ" - Standard

Trojaner "TR/Spy.Banker.FJ"


Code:
ATTFilter
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Markus
->Temp folder emptied: 705066 bytes
->Temporary Internet Files folder emptied: 679732 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45504457 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3074 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1576788 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 46.00 mb
 
 
OTL by OldTimer - Version 3.2.17.3 log created on 11222010_171558

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 22.11.2010, 19:23   #83
masi76
 
Trojaner "TR/Spy.Banker.FJ" - Standard

Trojaner "TR/Spy.Banker.FJ"


Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-22 19:17:24
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST98823AS rev.7.24
Running: gwsx03h9.exe; Driver: C:\Users\Markus\AppData\Local\Temp\uwldapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd105d2a                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd105d2a@001963f1ab0c         0x8C 0x50 0x65 0x11 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583ba72f1                      
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd105d2a (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd105d2a@001963f1ab0c             0x8C 0x50 0x65 0x11 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001583ba72f1 (not active ControlSet)  

---- EOF - GMER 1.0.15 ----

Alt 22.11.2010, 20:08   #84
Swisstreasure
/// Malwareteam
 
Trojaner "TR/Spy.Banker.FJ" - Standard

Trojaner "TR/Spy.Banker.FJ"


Und das Icon noch vorhanden?

Alt 22.11.2010, 20:16   #85
masi76
 
Trojaner "TR/Spy.Banker.FJ" - Standard

Trojaner "TR/Spy.Banker.FJ"


Das Icon ist verschwunden.
Gott sei Dank!

Alt 22.11.2010, 20:29   #86
Swisstreasure
/// Malwareteam
 
Trojaner "TR/Spy.Banker.FJ" - Standard

Trojaner "TR/Spy.Banker.FJ"


Schritt 1

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threads kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.

Schritt 2
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Bitte während des Scans alle Hintergrundwächter abstellen/deaktivieren.
  • Java muss installiert, aktiv und erlaubt sein.
  • Bebilderte Anleitung von sundavis.
  • Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick.
  • Wir werden Dir helfen, die Funde manuell vom System zu entfernen.
  • Die Datenschutzerklärung akzeptieren.
  • Programm installieren lassen.
  • Update der Signaturen installieren lassen.
  • Wenn der Status "Complete" ist,
  • Scan-Einstellungen (Settings) Standard lassen
  • Links den Link "My Computer" anklicken.
  • Scan beginnt automatisch.
  • Wenn der Scan fertig ist, auf "View scan report" klicken,
  • "Save report as" und Dateityp auf .txt umstellen,
  • und auf dem Desktop als Kaspersky.txt speichern.
  • Logdatei hier posten.
  • Deinstallation ist nicht nötig, alle Dateien werden in temporären Ordnern gespeichert.
Alt 23.11.2010, 10:59   #87
masi76
 
Trojaner "TR/Spy.Banker.FJ" - Standard

Trojaner "TR/Spy.Banker.FJ"


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d0981509bee53c42abe9a9defe537834
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-27 03:42:42
# local_time=2010-10-27 05:42:42 (+0100, W. Europe Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 428077 428077 0 0
# compatibility_mode=1024 16777215 100 0 75847330 75847330 0 0
# compatibility_mode=1797 16775165 100 100 514405 63703884 20827 0
# compatibility_mode=5892 16776573 100 100 29490 125721305 0 0
# compatibility_mode=8192 67108863 100 0 681 681 0 0
# scanned=133035
# found=0
# cleaned=0
# scan_time=5585
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d0981509bee53c42abe9a9defe537834
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-23 09:42:11
# local_time=2010-11-23 10:42:11 (+0100, W. Europe Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 2734452 2734452 0 0
# compatibility_mode=1024 16777215 100 0 78153705 78153705 0 0
# compatibility_mode=1797 16775165 100 100 710478 65391516 742481 0
# compatibility_mode=5892 16776573 100 100 4284 128027680 0 0
# compatibility_mode=8192 67108863 100 0 2307056 2307056 0 0
# scanned=132685
# found=1
# cleaned=0
# scan_time=10379
C:\Users\Markus\AppData\Local\VirtualStore\Windows\System32\owlg.uto	a variant of Win32/Oficla.IF trojan	00000000000000000000000000000000	I

Alt 23.11.2010, 11:07   #88
masi76
 
Trojaner "TR/Spy.Banker.FJ" - Standard

Trojaner "TR/Spy.Banker.FJ"


Irgendwie komme ich mit dem Kaspersky-Scan nicht weiter.
Glaube das liegt an dem Java...
Auf jeden Fall komme ich bei dem link zu Kaspersky nicht weiter.

Alt 23.11.2010, 13:05   #89
Swisstreasure
/// Malwareteam
 
Trojaner "TR/Spy.Banker.FJ" - Standard

Trojaner "TR/Spy.Banker.FJ"


Wie nicht weiter? Java hast Du sicher aktiviert oder?

Alt 23.11.2010, 13:19   #90
masi76
 
Trojaner "TR/Spy.Banker.FJ" - Standard

Trojaner "TR/Spy.Banker.FJ"


Ich weiss nicht wie ich prüfen kann ob Java aktiviert ist.

Wie gesagt, wenn ich auf den link zu
Kaspersky Scan gehe, kann ich nix mehr
anklicken, was einen Scan startet oder
mich sonst irgendwie weiterbringt.
Habe auch Antivir und die Firewall ausgeschaltet
gehabt. Bei dem Link zeigt es mir unter
Systeminformationen folgendes an:

* OS type: ...
* Browser: ...
* Java vendor: ...
* Java version: ...
* OS architecture: ...
* Java support by the browser: false

Please enable browser support for Java and JavaScript.

Antwort
Seite 6 von 7 « Erste 45 6 7

Themen zu Trojaner "TR/Spy.Banker.FJ"
anderer, beheben, down, malwarebytes, meldung, minute, runtergeladen, shut down, tagen, troja, trojaner, virus, virustotal, weiterhelfen, windows, windows shut down


« Tastatur macht doppel ^^ und doppel ´´/`` (Akzenttaste) | Google verlinkt mich auf andere Seiten Windows XP Internet Explorer 8 »


Ähnliche Themen: Trojaner "TR/Spy.Banker.FJ"


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  3. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  4. "Trojan.Banker" im Malwarebytes-Logfile
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (2)
  5. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  6. Trojaner "TR/Jorik.Banker.bfu"
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (1)
  7. Trojaner "Es besteht keine Internetverbindung" - "REATOGO X-PE Desktop" wird nicht angezeigt
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (19)
  8. Trojaner "appconf32.exe" und "Trojan.Banker" gefunden
    Log-Analyse und Auswertung - 11.01.2012 (7)
  9. TR/Spy.Banker.Gen2 nach "BKA-Meldung"
    Plagegeister aller Art und deren Bekämpfung - 03.12.2011 (22)
  10. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  11. Was ist tr "crypt.xpack.gen2" und "TR/Banker.Multi.TB"?
    Plagegeister aller Art und deren Bekämpfung - 09.01.2011 (7)
  12. Was ist tr "crypt.xpack.gen2" und "TR/Banker.Multi.TB"?
    Alles rund um Windows - 08.01.2011 (1)
  13. Malwarebytes entdeckt "Trojan.Banker", Rechner total langsam - System clean?
    Plagegeister aller Art und deren Bekämpfung - 16.11.2009 (12)
  14. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  15. Spybot findet "Banker.FAT". Entfernung??
    Plagegeister aller Art und deren Bekämpfung - 30.08.2007 (2)
  16. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner "TR/Spy.Banker.FJ" - Nein klingt es nicht.. Dann versuche einfach einmal einen Quickscan mit Malwarebytes und poste dann das Log. - Trojaner "TR/Spy.Banker.FJ"...
Archiv
Du betrachtest: Trojaner "TR/Spy.Banker.FJ" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131