| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Deutsche Bank 30 tan trojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
29.12.2010, 19:36
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Deutsche Bank 30 tan trojaner Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-LVINV.exe ()
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000002] C:\Windows\is-SVV6A.exe ()
O4 - HKLM..\Run: [] File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
[2010.12.27 08:39:27 | 000,709,456 | ---- | M] () -- C:\Windows\is-LVINV.exe
[2010.12.27 08:39:27 | 000,012,846 | ---- | M] () -- C:\Windows\is-LVINV.msg
[2010.12.27 08:39:27 | 000,000,343 | ---- | M] () -- C:\Windows\is-LVINV.lst
[2010.12.28 20:39:58 | 000,709,456 | ---- | C] () -- C:\Windows\is-SVV6A.exe
[2010.12.28 20:39:58 | 000,012,846 | ---- | C] () -- C:\Windows\is-SVV6A.msg
[2010.12.28 20:39:58 | 000,000,355 | ---- | C] () -- C:\Windows\is-SVV6A.lst
[2010.12.27 08:39:27 | 000,709,456 | ---- | C] () -- C:\Windows\is-LVINV.exe
[2010.12.27 08:39:27 | 000,012,846 | ---- | C] () -- C:\Windows\is-LVINV.msg
[2010.12.27 08:39:27 | 000,000,343 | ---- | C] () -- C:\Windows\is-LVINV.lst
[2010.12.21 17:26:14 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2010.12.21 17:25:35 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp
[2010.11.24 08:14:40 | 000,000,000 | ---- | C] () -- C:\Users\abi\AppData\Roaming\chrtmp
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:242231A9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:0B9D8E22
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.12.2010, 19:49
| #2 | |
 | Deutsche Bank 30 tan trojanerZitat:
So hab das gemacht und folgendes ist rausgekommen! All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\InnoSetupRegFile.0000000001 deleted successfully. C:\Windows\is-LVINV.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\InnoSetupRegFile.0000000002 deleted successfully. C:\Windows\is-SVV6A.exe moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. File C:\Windows\is-LVINV.exe not found. C:\Windows\is-LVINV.msg moved successfully. C:\Windows\is-LVINV.lst moved successfully. File C:\Windows\is-SVV6A.exe not found. C:\Windows\is-SVV6A.msg moved successfully. C:\Windows\is-SVV6A.lst moved successfully. File C:\Windows\is-LVINV.exe not found. File C:\Windows\is-LVINV.msg not found. File C:\Windows\is-LVINV.lst not found. C:\Windows\hpomdl28.dat moved successfully. C:\Windows\hpomdl28.dat.temp moved successfully. C:\Users\abi\AppData\Roaming\chrtmp moved successfully. ADS C:\ProgramData\Temp:242231A9 deleted successfully. ADS C:\ProgramData\Temp:0B9D8E22 deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: abi ->Temp folder emptied: 1399803664 bytes ->Temporary Internet Files folder emptied: 46661791 bytes ->Java cache emptied: 7094 bytes ->FireFox cache emptied: 101368182 bytes ->Flash cache emptied: 1083 bytes User: abi_2 ->Temp folder emptied: 31225058 bytes ->Temporary Internet Files folder emptied: 107792366 bytes ->Java cache emptied: 18759 bytes ->FireFox cache emptied: 78476460 bytes ->Flash cache emptied: 35363 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 58509 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 24613038 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 619869969 bytes Total Files Cleaned = 2.298,00 mb OTL by OldTimer - Version 3.2.18.0 log created on 12292010_194400 Files\Folders moved on Reboot... File move failed. C:\Users\abi_2\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... laptop wurde neugestartet, nur zur info. bin ich jetzt wieder trojaner frei? |
|
| Themen zu Deutsche Bank 30 tan trojaner |
| 64-bit, alternate, antivir, applaus, autorun, avg, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, converter, desktop, deutsche bank, error, excel, fehler, firefox, firefox.exe, flash player, format, frage, home, home premium, iastor.sys, ieframe.dll, install.exe, internet, launch, location, logfile, media center, microsoft office word, mozilla, office 2007, oldtimer, otl.exe, plug-in, problem, programdata, realtek, rundll, saver, scan, sched.exe, searchplugins, security, security update, shell32.dll, software, syswow64, trojane, trojaner, wallpapers, webcheck |
Hybrid-Darstellung
