| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Gozi-Trojaner Online Banking gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.11.2010, 08:01
| #3 |
| |  Gozi-Trojaner Online Banking gesperrt Danke für die schnelle Antwort.
__________________Es hat ca. 7 Stunden gedauert bis er die C-Platte durchsucht hat. Muss noch drei andere Partitionen durchsuchen. Hier ist schon mal die Result-Log von OTL: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\fvepsync not found.
File C:\Windows\System32\chguecab.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{054d788e-b0c3-11de-abe8-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{054d788e-b0c3-11de-abe8-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{054d788e-b0c3-11de-abe8-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{054d788e-b0c3-11de-abe8-001b38543b6f}\ not found.
File J:\machinarium_install.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{296da17e-43f4-11df-9dbc-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{296da17e-43f4-11df-9dbc-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{296da17e-43f4-11df-9dbc-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{296da17e-43f4-11df-9dbc-001b38543b6f}\ not found.
File I:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79f82546-b032-11de-b9cd-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79f82546-b032-11de-b9cd-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79f82546-b032-11de-b9cd-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79f82546-b032-11de-b9cd-001b38543b6f}\ not found.
File H:\AlterEgoDESetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{842dab3e-04ea-11df-95e3-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{842dab3e-04ea-11df-95e3-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{842dab3e-04ea-11df-95e3-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{842dab3e-04ea-11df-95e3-001b38543b6f}\ not found.
File I:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a710c1d1-d5a9-11de-bb96-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a710c1d1-d5a9-11de-bb96-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a710c1d1-d5a9-11de-bb96-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a710c1d1-d5a9-11de-bb96-005056c00008}\ not found.
File L:\AUTOSTARTER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae796ac2-502c-11df-b283-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae796ac2-502c-11df-b283-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae796ac2-502c-11df-b283-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae796ac2-502c-11df-b283-001b38543b6f}\ not found.
File H:\baldur.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c54ab67d-dab1-11de-8def-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c54ab67d-dab1-11de-8def-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c54ab67d-dab1-11de-8def-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c54ab67d-dab1-11de-8def-005056c00008}\ not found.
File I:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4a2ae14-6185-11df-b37d-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4a2ae14-6185-11df-b37d-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4a2ae14-6185-11df-b37d-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4a2ae14-6185-11df-b37d-001b38543b6f}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4a2ae17-6185-11df-b37d-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4a2ae17-6185-11df-b37d-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4a2ae17-6185-11df-b37d-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4a2ae17-6185-11df-b37d-001b38543b6f}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0a809fc-42f2-11df-a7d5-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0a809fc-42f2-11df-a7d5-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0a809fc-42f2-11df-a7d5-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0a809fc-42f2-11df-a7d5-001b38543b6f}\ not found.
File H:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1386bcb-e036-11de-9bfc-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1386bcb-e036-11de-9bfc-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1386bcb-e036-11de-9bfc-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1386bcb-e036-11de-9bfc-005056c00008}\ not found.
File I:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1386be9-e036-11de-9bfc-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1386be9-e036-11de-9bfc-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1386be9-e036-11de-9bfc-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1386be9-e036-11de-9bfc-005056c00008}\ not found.
File I:\setup_vmc_lite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6fb42b-6665-11df-8cb1-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6fb42b-6665-11df-8cb1-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6fb42b-6665-11df-8cb1-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6fb42b-6665-11df-8cb1-001b38543b6f}\ not found.
File J:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6fb436-6665-11df-8cb1-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6fb436-6665-11df-8cb1-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6fb436-6665-11df-8cb1-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6fb436-6665-11df-8cb1-001b38543b6f}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6fb44c-6665-11df-8cb1-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6fb44c-6665-11df-8cb1-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6fb44c-6665-11df-8cb1-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6fb44c-6665-11df-8cb1-001b38543b6f}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6fb44e-6665-11df-8cb1-001b38543b6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6fb44e-6665-11df-8cb1-001b38543b6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb6fb44e-6665-11df-8cb1-001b38543b6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb6fb44e-6665-11df-8cb1-001b38543b6f}\ not found.
File I:\AutoRun.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Code:
ATTFilter C:\Documents and Settings\Admin\Documents\DriverGenius\Backup\Driver Backup 2-7-2010-11596\Microsoft USB Sync\setup.exe infiziert mit Trojan.PWS.Stealer.121 - Desinfektion vom Benutzer abgelehnt
C:\Documents and Settings\Admin\Documents\DriverGenius\Backup\Driver Backup 2-7-2010-11596\Microsoft USB Sync#1\setup.exe infiziert mit Trojan.PWS.Stealer.121 - Desinfektion vom Benutzer abgelehnt
C:\Documents and Settings\Admin\Eigene Dateien\DriverGenius\Backup\Driver Backup 2-7-2010-11596\Microsoft USB Sync\setup.exe infiziert mit Trojan.PWS.Stealer.121 - Desinfektion vom Benutzer abgelehnt
C:\Documents and Settings\Admin\Eigene Dateien\DriverGenius\Backup\Driver Backup 2-7-2010-11596\Microsoft USB Sync#1\setup.exe infiziert mit Trojan.PWS.Stealer.121 - Desinfektion vom Benutzer abgelehnt
C:\Documents and Settings\Admin\Eigene Musik\Schiller\Schiller - Atemlose Klangwelten\06. Klangwelt Sechs.mp3 infiziert mit einer Modifikation von Trojan.Satanic.235 - Verschieben vom Benutzer abgelehnt
>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\483eec4c.qua/data001 infiziert mit BackDoor.Spy.657
>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\483eec4c.qua - Archiv enthält infizierte Objekte - Verschieben vom Benutzer abgelehnt
>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4959f0cb.qua/data001 infiziert mit BackDoor.Spy.657
>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4959f0cb.qua - Archiv enthält infizierte Objekte - Verschieben vom Benutzer abgelehnt
>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4e9193a8.qua/data001 infiziert mit Trojan.PWS.Dybalom
>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4e9193a8.qua - Archiv enthält infizierte Objekte - Verschieben vom Benutzer abgelehnt
>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4efbec0c.qua/data001 infiziert mit BackDoor.Spy.657
>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4efbec0c.qua - Archiv enthält infizierte Objekte - Verschieben vom Benutzer abgelehnt
>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4faf5e53.qua/data001 infiziert mit BackDoor.Poison.685
>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\4faf5e53.qua - Archiv enthält infizierte Objekte - Verschieben vom Benutzer abgelehnt
>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\50a9c987.qua/data001 infiziert mit BackDoor.Spy.657
>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\50a9c987.qua - Archiv enthält infizierte Objekte - Verschieben vom Benutzer abgelehnt
>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\566cc9c7.qua/data001 infiziert mit BackDoor.Spy.657
>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\566cc9c7.qua - Archiv enthält infizierte Objekte - Verschieben vom Benutzer abgelehnt
|
| Themen zu Gozi-Trojaner Online Banking gesperrt |
| 32-bit, alternate, antivir, avgntflt.sys, avira, backdoor.trace, bho, components, conhost.exe, corp./icp, downloader, e-banking, error, excel.exe, firefox, flash player, fontcache, generic.bot.h, google, gozi-infektion, helper, hijack, hijackthis, home, iexplore.exe, install.exe, langs, location, logfile, media center, microsoft office word, mp3, msvcr80.dll, nicht gefunden, nvlddmkm.sys, nvstor.sys, object, office 2007, oldtimer, otl.exe, plug-in, programdata, realtek, registry, richtlinie, saver, sched.exe, searchplugins, security, security update, server, shell32.dll, software, sptd.sys, static, studio, svchost, system, taskhost.exe, tower, updates, visual studio, vlc media player, webcheck |
Baum-Darstellung