| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Postbank TAN TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.03.2011, 13:42
| #1 |
| |  Postbank TAN Trojaner Hallo, ich habe ein Problem mit einem Trojaner oder ähnlichem. Und zwar fragt er nach Tans beim Postbank login. Zudem ist der PC extrem langsam. Was kann ich tun habe eben mal HijackThis laufen lassen hier ist der log. ich hoffe ihr könnt mir helfen. vielen dank schon mal HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:35:59, on 13.03.2011 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18565) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\PROGRAMS\MSMONEY99\System\REMINDER.EXE C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\PDFCreator\PDFCreator.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\explorer.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Users\Ilse\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQCFLNNE\HiJackThis204[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Reminder] C:\PROGRAMS\MSMONEY99\System\reminder.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Regatl] C:\Users\Ilse\AppData\Roaming\Userres\javadep.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe O4 - Global Startup: Zahlungserinnerung.lnk = C:\Program Files\Quicken 2002\billmind.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- End of file - 5694 bytes OTL SCANOTL Logfile: Code:
ATTFilter OTL logfile created on: 13.03.2011 13:50:03 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ilse\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 63,09 Gb Total Space | 23,51 Gb Free Space | 37,27% Space Free | Partition Type: NTFS Drive D: | 63,07 Gb Total Space | 62,26 Gb Free Space | 98,71% Space Free | Partition Type: NTFS Drive F: | 88,18 Gb Total Space | 75,86 Gb Free Space | 86,03% Space Free | Partition Type: NTFS Drive I: | 73,75 Gb Total Space | 63,26 Gb Free Space | 85,77% Space Free | Partition Type: NTFS Computer Name: PC11 | User Name: Ilse | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ilse\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\TrojanHunter 5.3\TrojanHunter.exe (Mischel Internet Security) PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\PDFCreator\PDFCreator.exe (pdfforge hxxp://www.pdfforge.org/) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\PROGRAMS\MSMONEY99\System\REMINDER.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Ilse\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hotcore3) -- C:\Windows\system32\drivers\hotcore3.sys (Paragon Software Group) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-747838754-838963952-2563827996-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKU\S-1-5-21-747838754-838963952-2563827996-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-747838754-838963952-2563827996-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKU\S-1-5-21-747838754-838963952-2563827996-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.13 13:09:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.13 13:09:01 | 000,000,000 | ---D | M] [2011.03.13 13:09:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.06.17 16:08:49 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.03.03 19:06:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.03 19:06:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.03 19:06:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.03 19:06:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.03 19:06:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-747838754-838963952-2563827996-1003..\Run: [Regatl] C:\Users\Ilse\AppData\Roaming\Userres\javadep.exe () O4 - HKU\S-1-5-21-747838754-838963952-2563827996-1003..\Run: [Reminder] C:\PROGRAMS\MSMONEY99\System\REMINDER.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.97 217.0.43.113 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.13 12:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter [2011.03.13 12:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TrojanHunter [2011.03.13 12:30:37 | 000,000,000 | ---D | C] -- C:\Programme\TrojanHunter 5.3 [2011.03.13 12:26:22 | 025,251,448 | ---- | C] (Mischel Internet Security ) -- C:\Users\Ilse\Desktop\TrojanHunter53994Setup.exe [2011.03.12 15:53:33 | 000,000,000 | ---D | C] -- C:\Users\Ilse\AppData\Roaming\Userres [2011.03.09 23:39:41 | 000,000,000 | ---D | C] -- C:\Users\Ilse\Desktop\Felix [2011.03.09 09:05:35 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.09 09:05:35 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.09 09:05:35 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.09 09:05:35 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.03.04 12:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2011.03.04 12:44:45 | 000,000,000 | ---D | C] -- C:\Users\Ilse\AppData\Roaming\AVS4YOU [2011.03.04 12:44:29 | 000,000,000 | ---D | C] -- C:\Users\Ilse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2011.03.04 12:44:27 | 000,000,000 | ---D | C] -- C:\Programme\AVS4YOU [2011.03.04 12:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2011.03.04 12:43:59 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll [2011.03.04 12:43:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\AVSMedia [2011.03.04 12:43:42 | 000,000,000 | ---D | C] -- C:\Programme\AVSAudioEditor [2011.03.04 12:05:53 | 000,000,000 | ---D | C] -- C:\Users\Ilse\AppData\Roaming\GetRightToGo [2011.03.04 12:05:53 | 000,000,000 | ---D | C] -- C:\Users\Ilse\Documents\Downloads [2011.03.04 11:19:57 | 000,000,000 | ---D | C] -- C:\Users\Ilse\Documents\Avisoft Bioacoustics [2011.03.03 16:11:17 | 000,000,000 | ---D | C] -- C:\Users\Ilse\AppData\Roaming\5012 [2011.03.02 17:05:56 | 000,000,000 | ---D | C] -- C:\Programme\MSECache [2011.03.01 17:38:50 | 000,000,000 | ---D | C] -- C:\Users\Ilse\AppData\Roaming\UAs [2011.03.01 16:11:11 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Ilse\AppData\Roaming\AcroIEHelpe.dll [2011.03.01 16:11:10 | 000,000,000 | ---D | C] -- C:\Users\Ilse\AppData\Roaming\5011 [2011.03.01 16:10:57 | 000,000,000 | ---D | C] -- C:\Users\Ilse\AppData\Roaming\xmldm [2011.03.01 16:10:56 | 000,000,000 | ---D | C] -- C:\Users\Ilse\AppData\Roaming\kock [2011.02.27 10:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Buchen [2011.02.27 10:25:45 | 000,000,000 | ---D | C] -- C:\Buchhaltungsprogramm [2011.02.23 13:41:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.02.23 13:39:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.02.23 13:39:26 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.02.23 13:39:26 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.02.23 13:39:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.02.23 13:39:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.02.23 13:39:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.02.23 13:39:22 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.02.23 13:39:22 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.02.23 13:39:22 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.02.23 13:39:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.02.23 13:39:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.02.23 13:39:13 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.02.23 13:39:13 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.02.23 13:39:13 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.02.23 13:39:13 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.02.23 13:39:13 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011.02.11 17:54:17 | 000,000,000 | ---D | C] -- C:\Users\Ilse\Documents\Meine Paletten [2011.02.11 17:54:14 | 000,000,000 | ---D | C] -- C:\Users\Ilse\Documents\Corel [2011.02.11 17:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis [2011.02.11 17:53:58 | 000,000,000 | ---D | C] -- C:\Users\Ilse\AppData\Roaming\Corel [2011.02.11 17:49:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel [2011.02.11 17:49:16 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Corel [2011.02.11 17:48:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Protexis [2011.02.11 17:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2011.02.11 17:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Home & Student Suite X5 [2011.02.11 17:41:19 | 000,000,000 | ---D | C] -- C:\Programme\Corel [2006.11.24 06:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll [2006.11.24 06:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll [1 C:\Users\Ilse\AppData\Roaming\*.tmp files -> C:\Users\Ilse\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.03.13 13:25:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.03.13 13:23:42 | 001,362,548 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.13 13:23:42 | 000,848,794 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.13 13:23:42 | 000,370,962 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.13 13:23:42 | 000,323,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.13 13:17:22 | 000,222,610 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.03.13 13:17:05 | 000,222,610 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.03.13 13:17:03 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.13 13:17:03 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.13 13:17:03 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.03.13 13:16:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.13 13:16:49 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys [2011.03.13 13:16:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.03.13 12:31:31 | 000,059,392 | R--- | M] () -- C:\Windows\System32\streamhlp.dll [2011.03.13 12:31:31 | 000,000,814 | ---- | M] () -- C:\Users\Ilse\Desktop\TrojanHunter.lnk [2011.03.13 12:30:20 | 025,251,448 | ---- | M] (Mischel Internet Security ) -- C:\Users\Ilse\Desktop\TrojanHunter53994Setup.exe [2011.03.13 11:14:03 | 000,393,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.03.13 11:08:42 | 000,000,060 | ---- | M] () -- C:\Users\Ilse\AppData\Roaming\urhtps.dat [2011.03.12 17:26:14 | 000,021,504 | ---- | M] () -- C:\Users\Ilse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.12 14:45:21 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3A8D74D0-2FF0-495D-AC22-7F12D9E02FFF}.job [2011.03.10 10:57:12 | 000,002,665 | ---- | M] () -- C:\Users\Ilse\Desktop\Excel.lnk [2011.03.09 19:08:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2011.03.04 12:44:14 | 000,000,876 | ---- | M] () -- C:\Users\Ilse\Desktop\AVS Audio Editor.lnk [2011.03.01 16:11:11 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Ilse\AppData\Roaming\AcroIEHelpe.dll [2011.02.27 17:12:41 | 000,002,379 | ---- | M] () -- C:\Users\Ilse\Desktop\Skype.lnk [2011.02.16 15:18:28 | 000,002,637 | ---- | M] () -- C:\Users\Ilse\Desktop\Word.lnk [2011.02.11 17:56:44 | 000,023,050 | ---- | M] () -- C:\Users\Ilse\Documents\Test.cdr [1 C:\Users\Ilse\AppData\Roaming\*.tmp files -> C:\Users\Ilse\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.13 12:31:31 | 000,000,814 | ---- | C] () -- C:\Users\Ilse\Desktop\TrojanHunter.lnk [2011.03.13 12:30:39 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll [2011.03.09 19:08:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2011.03.04 12:44:14 | 000,000,876 | ---- | C] () -- C:\Users\Ilse\Desktop\AVS Audio Editor.lnk [2011.03.03 09:51:30 | 000,000,060 | ---- | C] () -- C:\Users\Ilse\AppData\Roaming\urhtps.dat [2011.02.23 13:39:14 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.02.23 13:39:14 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.02.23 13:39:14 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011.02.11 17:56:44 | 000,023,050 | ---- | C] () -- C:\Users\Ilse\Documents\Test.cdr [2010.10.09 18:36:51 | 000,000,680 | ---- | C] () -- C:\Users\Ilse\AppData\Local\d3d9caps.dat [2010.03.26 16:45:56 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.10.24 10:04:15 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.10.24 10:04:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.03.20 10:36:11 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll [2009.02.25 11:45:10 | 000,001,144 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.02.17 14:50:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.01.04 11:22:59 | 000,001,047 | ---- | C] () -- C:\Windows\QUICKEN.INI [2009.01.04 11:22:59 | 000,000,052 | ---- | C] () -- C:\Windows\Intuprof.ini [2009.01.04 11:22:51 | 000,005,990 | ---- | C] () -- C:\Windows\icoadb32.dat [2009.01.04 11:05:51 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.12.26 09:58:28 | 000,247,560 | ---- | C] () -- C:\Windows\System32\prgiso.dll [2008.12.26 09:58:27 | 004,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll [2008.12.26 09:58:27 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll [2008.12.25 00:41:28 | 000,021,504 | ---- | C] () -- C:\Users\Ilse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.09 16:23:13 | 000,045,576 | -HS- | C] () -- C:\Users\Ilse\AppData\Roaming\appconf32.exe [2008.07.09 07:09:20 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.07.08 15:50:18 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini [2008.07.08 15:39:09 | 000,222,610 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.07.08 15:39:09 | 000,222,610 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.07.08 15:32:17 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2008.07.08 15:31:32 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini [2008.07.08 15:31:32 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini [2008.07.08 15:18:03 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe [2008.07.08 15:18:02 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe [2008.07.08 13:54:14 | 001,362,548 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.07.08 13:54:14 | 000,370,962 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.07.08 13:54:14 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.07.08 13:54:14 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.07.08 13:45:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.02.09 17:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe [2007.02.26 08:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat [2007.02.15 08:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll [2006.11.29 09:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe [2006.11.29 09:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,393,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,848,794 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,323,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.10.09 02:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001.11.14 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2011.03.01 19:35:44 | 000,000,000 | ---D | M] -- C:\Users\Ilse\AppData\Roaming\5011 [2011.03.03 23:43:15 | 000,000,000 | ---D | M] -- C:\Users\Ilse\AppData\Roaming\5012 [2010.03.26 16:46:08 | 000,000,000 | ---D | M] -- C:\Users\Ilse\AppData\Roaming\Canneverbe Limited [2011.03.04 12:06:06 | 000,000,000 | ---D | M] -- C:\Users\Ilse\AppData\Roaming\GetRightToGo [2011.03.01 16:10:56 | 000,000,000 | ---D | M] -- C:\Users\Ilse\AppData\Roaming\kock [2008.12.25 10:23:24 | 000,000,000 | ---D | M] -- C:\Users\Ilse\AppData\Roaming\SpeedProject [2011.03.08 22:33:01 | 000,000,000 | ---D | M] -- C:\Users\Ilse\AppData\Roaming\UAs [2011.03.12 15:53:33 | 000,000,000 | ---D | M] -- C:\Users\Ilse\AppData\Roaming\Userres [2011.03.13 13:04:48 | 000,000,000 | ---D | M] -- C:\Users\Ilse\AppData\Roaming\xmldm [2011.03.13 13:16:08 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.03.12 14:45:21 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3A8D74D0-2FF0-495D-AC22-7F12D9E02FFF}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > |
|
15.03.2011, 16:44
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Postbank TAN Trojaner Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html
__________________ |
|
| Themen zu Postbank TAN Trojaner |
| 0x00000001, alternate, antivir, antivir guard, avg, avgntflt.sys, avira, cdburnerxp, components, desktop, dll, excel, explorer, google, hijack, hijackthis, internet, internet explorer, location, microsoft, msvcrt, nvidia, nvlddmkm.sys, oldtimer, otl.exe, problem, programdata, registry, rundll, searchplugins, skype.exe, software, staropen, start menu, system, tan, trojane, trojaner, vista, windows, wmp |
Linear-Darstellung
