Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner Remover zeigt Trojan.Spy.Banker und ROOTKIT.AGENT

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.07.2012, 11:36   #1
wertz31
 
Trojaner Remover zeigt Trojan.Spy.Banker und ROOTKIT.AGENT - Standard

Trojaner Remover zeigt Trojan.Spy.Banker und ROOTKIT.AGENT



Trajaner Remover zeigte 2 Infektionen an
----------
Checks for rogue DNS NameServers completed
----------
Checking for specific malicious files:
C:\Users\Netz\AppData\Roaming\appconf32.exe - Trojan.Spy.Banker
C:\Users\Netz\AppData\Roaming\appconf32.exe
51152 bytes
Created: 09.12.2008 17:23
Modified: 09.12.2008 17:23
Company: [no info]
C:\Users\Netz\AppData\Roaming\appconf32.exe - process is either not running or could not be terminated
C:\Users\Netz\AppData\Roaming\appconf32.exe - MoveFileEx call failed
C:\Users\Netz\AppData\Roaming\appconf32.exe - marked for renaming when the PC is restarted
----------
Additional checks completed

************************************************************
11:33:18: Scanning ----- RUNNING PROCESSES -----

C:\Windows\system32\taskeng.exe
171520 bytes
Created: 02.06.2012 20:55
Modified: 04.11.2010 18:34
Company: Microsoft Corporation
C:\Users\Netz\AppData\Roaming\BAcroIEHelpe172.dll appears to contain: ROOTKIT.AGENT
C:\Users\Netz\AppData\Roaming\BAcroIEHelpe172.dll - MoveFileEx call failed (in ForceRename)
C:\Users\Netz\AppData\Roaming\BAcroIEHelpe172.dll - file renamed to: C:\Users\Netz\AppData\Roaming\BAcroIEHelpe172.dll.vir
[81 loaded modules in total]

die er auch als behoben meldet bin mir aber nicht sicher ob auch wirklich alles sauber ist
habe OTL durchlaufen lassen und hier sind die logs vielleicht kann sich das mal einer ansehen im Voraus schon mal danke
OTL
OTL logfile created on: 22.07.2012 12:21:26 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Netz\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

765,94 Mb Total Physical Memory | 82,14 Mb Available Physical Memory | 10,72% Memory free
1,75 Gb Paging File | 0,96 Gb Available in Paging File | 54,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,88 Gb Total Space | 31,45 Gb Free Space | 45,01% Space Free | Partition Type: NTFS
Drive E: | 1,91 Gb Total Space | 0,61 Gb Free Space | 32,14% Space Free | Partition Type: FAT

Computer Name: *****| User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Netz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Trojan Remover\Rmvtrjan.exe (Simply Super Software)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Netz\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\Netz\AppData\Roaming\13001.028\components\AcroFF028.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\ztvunrar36.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=acaf21ee00000000000000197e5718a5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 25 72 1F 07 40 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=acaf21ee00000000000000197e5718a5
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=acaf21ee00000000000000197e5718a5&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.07 10:12:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.09 14:48:16 | 000,000,000 | ---D | M]

[2012.06.01 17:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Extensions
[2012.07.22 11:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\p792o8to.default\extensions
[2012.06.01 17:51:43 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\p792o8to.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2012.07.16 20:26:17 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\p792o8to.default\extensions\crossriderapp2258@crossrider.com
[2012.06.01 17:41:58 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\p792o8to.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.06.01 17:43:33 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\p792o8to.default\extensions\dictionary-switcher@design-noir.de
[2012.07.22 11:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\p792o8to.default\extensions\staged
[2012.06.01 17:37:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.01 17:41:58 | 000,061,219 | ---- | M] () (No name found) -- C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P792O8TO.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
[2012.06.01 17:51:43 | 000,438,080 | ---- | M] () (No name found) -- C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P792O8TO.DEFAULT\EXTENSIONS\STEFANVANDAMME@STEFANVD.NET.XPI
[2012.06.07 10:12:51 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 17:55:06 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Programme\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4361990-05F8-42C5-8B6E-67A21CC7A1E8}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.22 11:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.07.22 11:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012.07.18 18:26:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2012.07.16 19:31:17 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Local\Macromedia
[2012.07.15 23:21:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012.07.15 14:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.07.15 14:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24
[2012.07.12 18:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.07.12 18:15:30 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.12 18:12:39 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 18:12:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 18:12:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 18:12:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 18:12:20 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 18:12:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 18:12:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 21:30:07 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.01 14:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.07.01 14:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.07.01 14:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

========== Files - Modified Within 30 Days ==========

[2012.07.22 11:52:09 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 11:52:09 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 11:44:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.22 11:44:14 | 803,913,728 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.22 11:24:01 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.07.22 11:15:35 | 000,013,025 | ---- | M] () -- C:\Users\Danny\AppData\Roaming\nvModes.001
[2012.07.22 10:43:29 | 000,620,468 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.22 10:43:29 | 000,589,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.22 10:43:29 | 000,123,830 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.22 10:43:29 | 000,102,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.20 21:17:58 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.1.lnk
[2012.07.16 21:42:07 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.16 21:42:07 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.16 19:29:48 | 000,013,025 | ---- | M] () -- C:\Users\Danny\AppData\Roaming\nvModes.dat
[2012.07.15 14:54:30 | 000,001,653 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.07.15 14:54:30 | 000,001,638 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.07.12 18:23:07 | 000,228,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.01 14:08:16 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

========== Files Created - No Company Name ==========

[2012.07.22 11:24:01 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.07.20 21:17:58 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.1.lnk
[2012.07.20 21:17:58 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.1.lnk
[2012.07.15 14:54:30 | 000,001,653 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.07.15 14:54:30 | 000,001,638 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.07.01 14:08:16 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.07.01 14:08:15 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.06.11 20:25:08 | 000,178,176 | ---- | C] () -- C:\Windows\System32\ztvunrar39.dll
[2012.06.11 20:25:08 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2012.06.11 20:25:08 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2012.06.11 20:25:08 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2012.06.11 20:25:08 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012.06.02 12:01:09 | 000,013,025 | ---- | C] () -- C:\Users\Danny\AppData\Roaming\nvModes.dat
[2012.06.02 12:01:09 | 000,013,025 | ---- | C] () -- C:\Users\Danny\AppData\Roaming\nvModes.001
[2012.06.01 20:41:34 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.06.01 16:53:50 | 000,000,680 | ---- | C] () -- C:\Users\Danny\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012.06.01 17:54:54 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Babylon
[2012.06.04 14:35:09 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\IrfanView
[2012.06.10 12:39:53 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\pdfforge
[2012.06.11 20:24:50 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Simply Super Software
[2012.07.22 11:43:23 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

Extra
OTL Extras logfile created on: 22.07.2012 12:21:26 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Netz\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

765,94 Mb Total Physical Memory | 82,14 Mb Available Physical Memory | 10,72% Memory free
1,75 Gb Paging File | 0,96 Gb Available in Paging File | 54,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,88 Gb Total Space | 31,45 Gb Free Space | 45,01% Space Free | Partition Type: NTFS
Drive E: | 1,91 Gb Total Space | 0,61 Gb Free Space | 32,14% Space Free | Partition Type: FAT

Computer Name: DANNY-PC | User Name: Danny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer MyAllm Driver v7.1.0.90 Installation Program
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.7.0
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{C1575982-F1CA-46DC-A77D-43FF12F2EFC7}" = Adobe Photoshop Lightroom 4.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"I Want This" = I Want This
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Trojan Remover_is1" = Trojan Remover 6.8.4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FLV Player" = FLV Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20.07.2012 16:54:15 | Computer Name = Danny-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 20.07.2012 16:57:17 | Computer Name = Danny-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 20.07.2012 16:59:15 | Computer Name = Danny-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 20.07.2012 16:59:15 | Computer Name = Danny-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 20.07.2012 16:59:21 | Computer Name = Danny-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 20.07.2012 16:59:21 | Computer Name = Danny-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 20.07.2012 16:59:21 | Computer Name = Danny-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 20.07.2012 16:59:21 | Computer Name = Danny-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 20.07.2012 16:59:21 | Computer Name = Danny-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 20.07.2012 16:59:22 | Computer Name = Danny-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 08.07.2012 06:13:38 | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 08.07.2012 14:29:44 | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09.07.2012 08:31:21 | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.07.2012 11:46:41 | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.07.2012 14:42:42 | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11.07.2012 15:19:17 | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.07.2012 11:55:20 | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.07.2012 12:07:11 | Computer Name = Danny-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 12.07.2012 um 18:04:32 unerwartet heruntergefahren.

Error - 12.07.2012 12:08:28 | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.07.2012 12:20:00 | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >

Alt 25.07.2012, 12:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Remover zeigt Trojan.Spy.Banker und ROOTKIT.AGENT - Standard

Trojaner Remover zeigt Trojan.Spy.Banker und ROOTKIT.AGENT



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Antwort

Themen zu Trojaner Remover zeigt Trojan.Spy.Banker und ROOTKIT.AGENT
adobe, application/pdf:, autorun, bho, defender, error, firefox, flash player, format, google, helper, install.exe, installation, langs, logfile, mozilla, nicht sicher, photoshop, plug-in, realtek, registry, rundll, scan, search the web, searchscopes, security, software, super, system, temp, tracker, trojan.spy.banker, trojaner, vista, windows




Ähnliche Themen: Trojaner Remover zeigt Trojan.Spy.Banker und ROOTKIT.AGENT


  1. 2 Trojaner eingefangen durch E-Mail-Anhänge // Trojan-Banker.Win32.Agent.ubo und Trojan.Win32.Yakes.ghny
    Log-Analyse und Auswertung - 19.07.2015 (28)
  2. WinXp Trojan.Agent/Gen-Reputation Stolen.Data Trojan.Agent/Gen-DunDun Win32/Spy.Banker.YPK trojan
    Log-Analyse und Auswertung - 29.10.2013 (7)
  3. Mehrere Trojaner (trojan.banker, trojan.agent), pup.funmoods
    Log-Analyse und Auswertung - 01.05.2013 (6)
  4. Trojan.Downloader, Trojan.Agent.VGENX, Trojan.Agent, PUP.Pantsoff.PasswordFinder, TR/spy.banker.gen5
    Log-Analyse und Auswertung - 27.10.2012 (1)
  5. Trojan.Banker, Trojan.0Access, Rootkit.0access in Malwarebytes- Log
    Log-Analyse und Auswertung - 24.10.2012 (5)
  6. Trojan.Banker, Trojan.Agent, Stolen.Data, Malware.Trace, was nun?
    Log-Analyse und Auswertung - 07.10.2012 (1)
  7. Wohl mehrere Viren: Rootkit.0Access Trojan.Zaccess Trojan.RansomP.Gen Trojan.Agent bzw. TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (13)
  8. neue INfektion: Trojan.Banker, Backdoor.Agent
    Log-Analyse und Auswertung - 12.08.2012 (3)
  9. Trojan.Agent, Backdoor.Agent, Trojan.Banker > 10 Trojaner auf einem PC
    Log-Analyse und Auswertung - 22.07.2012 (0)
  10. EXP/2008-5353.AO TR/Kazy.80527.3 Trojan.BT.Soft.Gen Trojan.Banker Trojan.Agent
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (5)
  11. Trojan.Agent,Trojan.Banker,PUP.Blabbers .
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (3)
  12. Trojan.Banker und Backdoor.Agent mit Malwarebytes entfernt - weitere Schritte nötig?
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (3)
  13. Trojan.Banker & Rootkit gefunden. Wie werde ich die 100%ig wieder los?
    Log-Analyse und Auswertung - 17.08.2011 (1)
  14. Trojan.Banker, Trojan.Agent u.a.
    Plagegeister aller Art und deren Bekämpfung - 16.07.2009 (18)
  15. TR/Crypt.XDR.gen, Rootkit.Kobcka.B, Trojan/Win32.Agent, Rootkit-Agent.CW atd.
    Plagegeister aller Art und deren Bekämpfung - 11.04.2009 (1)
  16. Win32.Banker.FS.Trojan.Spay.Agent.DA
    Log-Analyse und Auswertung - 21.02.2009 (5)
  17. Trojan.Banker.VB.0D9D0998 und Trojan-Dropper.Win32.Agent.wd
    Log-Analyse und Auswertung - 04.10.2005 (2)

Zum Thema Trojaner Remover zeigt Trojan.Spy.Banker und ROOTKIT.AGENT - Trajaner Remover zeigte 2 Infektionen an ---------- Checks for rogue DNS NameServers completed ---------- Checking for specific malicious files: C:\Users\Netz\AppData\Roaming\appconf32.exe - Trojan.Spy.Banker C:\Users\Netz\AppData\Roaming\appconf32.exe 51152 bytes Created: 09.12.2008 17:23 Modified: 09.12.2008 - Trojaner Remover zeigt Trojan.Spy.Banker und ROOTKIT.AGENT...
Archiv
Du betrachtest: Trojaner Remover zeigt Trojan.Spy.Banker und ROOTKIT.AGENT auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.