| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: noch ein opfer von Gozi,onlinebanking gesperrt,was nun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.11.2010, 16:52
| #1 |
| |  noch ein opfer von Gozi,onlinebanking gesperrt,was nun? hallo,wie oben beschrieben ist mein onlinebanking gesperrt,grund laut bank eindringen von fremden.. jetzt habe ich bereits Malwarebytes drüber laufen lassen/laufwerk c komplett) dort wurden 2 trojaner gefunden,diese habe ich gelöscht. und nun hatte ich diesen einen text kopiert der hier auch im forum steht und bei otl eingegeben unten und dann auf fix geklickt und dann kam beim wiederstart dieser text bei rum, was heisst das nun? kann ich mir neue bankdaten zukommen lassen oder muss ich komplett neu alles installieren?? All processes killed ========== OTL ========== Error: No service named HotSpotFSvc was found to stop! Service\Driver key HotSpotFSvc not found. File File not found not found. Error: No service named zlportio was found to stop! Service\Driver key zlportio not found. File E:\Download Firefox\ultrastardx-101a-full\zlportio.sys File not found not found. Error: No service named VcommMgr was found to stop! Service\Driver key VcommMgr not found. File H:\WINDOWS\System32\Drivers\VcommMgr.sys File not found not found. Error: No service named VComm was found to stop! Service\Driver key VComm not found. File H:\WINDOWS\System32\DRIVERS\VComm.sys File not found not found. Error: No service named Revolution1 was found to stop! Service\Driver key Revolution1 not found. File E:\Download Firefox\Revolution_Engine_8.3_ShaK3\Revolution_Engine_8.3_ShaK3\SHAK3.sys File not found not found. Error: No service named pccsmcfd was found to stop! Service\Driver key pccsmcfd not found. File H:\WINDOWS\System32\DRIVERS\pccsmcfd.sys File not found not found. Error: No service named NVR0FLASHDev was found to stop! Service\Driver key NVR0FLASHDev not found. File H:\WINDOWS\nvflash.sys File not found not found. Service GMSIPCI stopped successfully! Service GMSIPCI deleted successfully! File J:\INSTALL\GMSIPCI.SYS File not found not found. Error: No service named FLASHSYS was found to stop! Service\Driver key FLASHSYS not found. File c:\MSI\Live Update 4\LU4\FLASHSYS.sys File not found not found. Error: No service named DwProt was found to stop! Service\Driver key DwProt not found. File File not found not found. Error: No service named CrystalSysInfo was found to stop! Service\Driver key CrystalSysInfo not found. File C:\MediaCoder\SysInfo.sys File not found not found. Error: No service named BT was found to stop! Service\Driver key BT not found. File H:\WINDOWS\System32\DRIVERS\btnetdrv.sys File not found not found. Prefs.js: "Winload Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "127.0.0.1" removed from network.proxy.backup.ftp Prefs.js: 4001 removed from network.proxy.backup.ftp_port Prefs.js: "127.0.0.1" removed from network.proxy.backup.gopher Prefs.js: 4001 removed from network.proxy.backup.gopher_port Prefs.js: "127.0.0.1" removed from network.proxy.backup.socks Prefs.js: 4001 removed from network.proxy.backup.socks_port Prefs.js: "127.0.0.1" removed from network.proxy.backup.ssl Prefs.js: 4001 removed from network.proxy.backup.ssl_port Prefs.js: 0 removed from network.proxy.type Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. File not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7550b172-3ae1-11de-845c-001617bb7fec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7550b172-3ae1-11de-845c-001617bb7fec}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7550b172-3ae1-11de-845c-001617bb7fec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7550b172-3ae1-11de-845c-001617bb7fec}\ not found. File P:\DZEMO\\\\\FATA.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7550b172-3ae1-11de-845c-001617bb7fec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7550b172-3ae1-11de-845c-001617bb7fec}\ not found. File P:\DZEMO\\\\\\FATA.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7550b172-3ae1-11de-845c-001617bb7fec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7550b172-3ae1-11de-845c-001617bb7fec}\ not found. File P:\DZEMO\\\\\\FATA.exe not found. File H:\WINDOWS\hlktmp not found. File H:\WINDOWS\System32\drivers\bpmhbjbk.sys not found. Unable to delete ADS H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 . Unable to delete ADS H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5A775C3F . Unable to delete ADS H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF . Unable to delete ADS H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A5B56640 . ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: crxpower ->Temp folder emptied: 13052895 bytes ->Temporary Internet Files folder emptied: 845321192 bytes ->Java cache emptied: 97081910 bytes ->FireFox cache emptied: 75417901 bytes ->Flash cache emptied: 408180 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1332018 bytes RecycleBin emptied: 10123930685 bytes Total Files Cleaned = 10.640,00 mb Error: Unable to interpret <Klick dann oben links auf den Button Fix!> in the current context! Error: Unable to interpret <Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der > in the current context! OTL by OldTimer - Version 3.2.17.3 log created on 11102010_164323 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
| Themen zu noch ein opfer von Gozi,onlinebanking gesperrt,was nun? |
| button, download, ebanking, einstellungen, explorer, firefox, fix, forum, gesperrt, internet, java, links, live, logfile, malwarebytes, microsoft, neue, oldtimer, onlinebanking, reset, rojaner gefunden, software, system, system32, temp, trojaner, trojaner gefunden, update, windows |
Baum-Darstellung