| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner Postbank 40 TansWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.02.2011, 15:21
| #1 |
| |  Trojaner Postbank 40 Tans Hallo, ich habe das gleiche Problem wie hier: http://www.trojaner-board.de/89232-t...l-30-tans.html Beim Einloggen auf mein Postbankkonto erschien ein Pop-Up-Fenster, in das ich 40 Tans eingeben sollte. Habe ich nicht getan. Da ich jedoch bereits das Passwort eingegeben hatte, habe ich bei der Postbank angerufen, die vorsorglich das Konto gesperrt haben. Außerdem habe ich ebenfalls das Problem mit den doppelten Zirkumflexzeichen und Akzentzeichen. Ich habe mir nun (nach Lesen einiger ähnlicher Threads) Malwarebites heruntergeladen und einen Vollscan gemacht. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5740
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
11.02.2011 15:02:04
mbam-log-2011-02-11 (15-01-56).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 220025
Laufzeit: 42 Minute(n), 31 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{08622368-A3F6-B24C-7650-AB92130527AB} (Spyware.Passwords.XGen) -> Value: {08622368-A3F6-B24C-7650-AB92130527AB} -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\dokumente und einstellungen\Bebie\anwendungsdaten\Dukage\unak.exe (Spyware.Passwords.XGen) -> No action taken.
c:\dokumente und einstellungen\Bebie\lokale einstellungen\Temp\pdfupd.exe (Backdoor.Bot) -> No action taken.
c:\dokumente und einstellungen\Bebie\lokale einstellungen\temporary internet files\Content.IE5\592M1RAF\dojldpgwdmewjpindud[2].exe (Backdoor.Bot) -> No action taken.
c:\system volume information\_restore{5cab3290-8584-4f85-a167-5fbd4764c68d}\RP640\A0062689.exe (Backdoor.Bot) -> No action taken.
Außerdem habe ich mit OTL gescannt: Code:
ATTFilter OTL Extras logfile created on: 11.02.2011 15:08:08 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Dokumente und Einstellungen\Bebie\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.014,00 Mb Total Physical Memory | 317,00 Mb Available Physical Memory | 31,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 82,62 Gb Total Space | 53,25 Gb Free Space | 64,45% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: KLEINER | User Name: Bebie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Frontpage\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Frontpage\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\o2 Connection Manager\o2 Connection Manager.exe" = C:\Programme\o2 Connection Manager\o2 Connection Manager.exe:*:Enabled:o2 Connection Manager
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17283B95-21A8-4996-97DA-547A48DB266F}" = DisplayManager
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Magic Doctor
"{345CDDCB-8241-4E76-9D3B-155F2FD6F07E}" = Sony Ericsson PC Suite
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{507C870C-C27E-4F53-A32A-23500AC62A46}" = Adobe GoLive CS (DEU)
"{55A54D92-4D34-45F5-8061-9E9A4A702991}" = Flash Demo
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A48A8684-A104-44DA-B3DF-0178A125D8D9}" = WOW XT and TSXT Filter Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A999CE76-D054-4684-80C7-53FC9243E019}" = EasyBox
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA7AF70A-F81B-40EF-9268-741A7DE3D608}" = AVStation Premium 3.75
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{EF99C14B-17C2-4994-B5C1-EB204A343A6F}" = User's Guide
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"ACDSee" = ACDSee
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = SENS LT56ADW Modem
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressRip" = Express Rip
"FileZilla Client" = FileZilla Client 3.2.5
"InstallShield_{55A54D92-4D34-45F5-8061-9E9A4A702991}" = Q35 VR Showroom
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{BA7AF70A-F81B-40EF-9268-741A7DE3D608}" = AVStation Premium 3.75
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"LimeWire" = LimeWire 5.2.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft PhotoDraw 2000" = Microsoft PhotoDraw 2000
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"ProInst" = Intel(R) PROSet/Wireless Software
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"RestoreIT!" = Recover Pro
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WavePad" = WavePad Audiobearbeitungs-Software
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"XSManager" = XSManager
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 08.02.2011 12:41:29 | Computer Name = KLEINER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung AcroRd32.exe, Version 7.0.0.0, fehlgeschlagenes
Modul wininet.dll, Version 6.0.2900.3698, Fehleradresse 0x0007a568.
Error - 08.02.2011 12:42:16 | Computer Name = KLEINER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3725, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.02.2011 12:42:40 | Computer Name = KLEINER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.02.2011 12:44:02 | Computer Name = KLEINER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3725, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.02.2011 12:58:01 | Computer Name = KLEINER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.02.2011 12:58:41 | Computer Name = KLEINER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.02.2011 12:58:43 | Computer Name = KLEINER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.02.2011 12:59:59 | Computer Name = KLEINER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.02.2011 12:59:59 | Computer Name = KLEINER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.02.2011 12:59:59 | Computer Name = KLEINER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 01.02.2011 04:52:14 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 01.02.2011 04:52:34 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 02.02.2011 13:18:50 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 04.02.2011 08:23:40 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 04.02.2011 08:24:05 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 04.02.2011 18:03:12 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 08.02.2011 11:58:54 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 08.02.2011 11:59:26 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 08.02.2011 12:40:53 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 08.02.2011 12:41:10 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 11.02.2011 15:15:09 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Dokumente und Einstellungen\Bebie\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.014,00 Mb Total Physical Memory | 293,00 Mb Available Physical Memory | 29,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 82,62 Gb Total Space | 53,25 Gb Free Space | 64,45% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: KLEINER | User Name: Bebie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Frontpage\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Frontpage\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\o2 Connection Manager\o2 Connection Manager.exe" = C:\Programme\o2 Connection Manager\o2 Connection Manager.exe:*:Enabled:o2 Connection Manager
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17283B95-21A8-4996-97DA-547A48DB266F}" = DisplayManager
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Magic Doctor
"{345CDDCB-8241-4E76-9D3B-155F2FD6F07E}" = Sony Ericsson PC Suite
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{507C870C-C27E-4F53-A32A-23500AC62A46}" = Adobe GoLive CS (DEU)
"{55A54D92-4D34-45F5-8061-9E9A4A702991}" = Flash Demo
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A48A8684-A104-44DA-B3DF-0178A125D8D9}" = WOW XT and TSXT Filter Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A999CE76-D054-4684-80C7-53FC9243E019}" = EasyBox
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA7AF70A-F81B-40EF-9268-741A7DE3D608}" = AVStation Premium 3.75
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{EF99C14B-17C2-4994-B5C1-EB204A343A6F}" = User's Guide
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"ACDSee" = ACDSee
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = SENS LT56ADW Modem
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressRip" = Express Rip
"FileZilla Client" = FileZilla Client 3.2.5
"InstallShield_{55A54D92-4D34-45F5-8061-9E9A4A702991}" = Q35 VR Showroom
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{BA7AF70A-F81B-40EF-9268-741A7DE3D608}" = AVStation Premium 3.75
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"LimeWire" = LimeWire 5.2.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft PhotoDraw 2000" = Microsoft PhotoDraw 2000
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"ProInst" = Intel(R) PROSet/Wireless Software
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"RestoreIT!" = Recover Pro
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WavePad" = WavePad Audiobearbeitungs-Software
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"XSManager" = XSManager
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 08.02.2011 12:41:29 | Computer Name = KLEINER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung AcroRd32.exe, Version 7.0.0.0, fehlgeschlagenes
Modul wininet.dll, Version 6.0.2900.3698, Fehleradresse 0x0007a568.
Error - 08.02.2011 12:42:16 | Computer Name = KLEINER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3725, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.02.2011 12:42:40 | Computer Name = KLEINER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.02.2011 12:44:02 | Computer Name = KLEINER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.0.3725, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.02.2011 12:58:01 | Computer Name = KLEINER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.02.2011 12:58:41 | Computer Name = KLEINER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.02.2011 12:58:43 | Computer Name = KLEINER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.02.2011 12:59:59 | Computer Name = KLEINER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.02.2011 12:59:59 | Computer Name = KLEINER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.02.2011 12:59:59 | Computer Name = KLEINER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 01.02.2011 04:52:14 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 01.02.2011 04:52:34 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 02.02.2011 13:18:50 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 04.02.2011 08:23:40 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 04.02.2011 08:24:05 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 04.02.2011 18:03:12 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 08.02.2011 11:58:54 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 08.02.2011 11:59:26 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 08.02.2011 12:40:53 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 08.02.2011 12:41:10 | Computer Name = KLEINER | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
< End of report >
Und vorab: kann ich das Notebook im Augenblick bis auf das Onlinebanking nutzen, oder sind auch andere Passwörter in Gefahr? Für Hilfe wäre ich sehr dankbar! Die Postbank ist leider nicht in der Lage, mir weiterzuhelfen! LG, Sigrid |
|
11.02.2011, 22:03
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner Postbank 40 Tans Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________
__________________ |
|
12.02.2011, 09:23
| #3 |
| | Trojaner Postbank 40 Tans Hallo Arne,
__________________danke dass Du Dich meiner Sache annimmst. Ich konnte keine weiteren Logs finden. Habe Malwarebytes aktualisiert und nochmals durchlaufen lassen. Das aktuelle Log von eben stimmt mit dem gestrigen überein. Den Reiter "Logdateien" kann ich nach abgeschlossenem Scan nicht anklicken. Ein Anklicken ist nur möglich, wenn ich Malwarebytes neu gestartet habe, dann ist aber keine Logdatei zu finden: das Feld ist leer. Ich kann lediglich die abgespeicherte Datei (Textdokument) über meinen Explorer öffnen. Ist denn dieses eine Log nun ausreichend? LG, Sigrid |
|
12.02.2011, 10:24
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Postbank 40 Tans Ich seh grad, dass du 2x die Extras von OTL gepostest hast. POste auch noch das andere Log davon (OTL-Log)
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.02.2011, 13:07
| #5 |
| | Trojaner Postbank 40 Tans Oh, Entschuldigung, war ein Versehen. Nun hoffentlich das Richtige: Code:
ATTFilter OTL logfile created on: 11.02.2011 15:15:09 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Dokumente und Einstellungen\Bebie\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.014,00 Mb Total Physical Memory | 293,00 Mb Available Physical Memory | 29,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 82,62 Gb Total Space | 53,25 Gb Free Space | 64,45% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: KLEINER | User Name: Bebie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Bebie\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\XSManager\WTGService.exe () PRC - C:\WINDOWS\starter4g.exe (4G Systems GmbH & Co. KG) PRC - C:\WINDOWS\service4g.exe (4G Systems GmbH & Co. KG) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Java\jre1.6.0_02\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe (Teleca AB) PRC - C:\Programme\Samsung\DisplayManager\dmhkcore.exe (SAMSUNG) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\Samsung\DisplayManager\DisplayManager.exe (SAMSUNG ELECTRONICS) PRC - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation) PRC - C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe (SRS Labs, Inc.) PRC - C:\Programme\Samsung\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe () PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe () PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Bebie\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- File not found SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe () SRV - (XS Stick Service) -- C:\WINDOWS\service4g.exe (4G Systems GmbH & Co. KG) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (SRS_PostInstaller) -- C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe (SRS Labs, Inc.) SRV - (SNM WLAN Service) -- C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe () SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe () SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (cmnsusbser) -- C:\WINDOWS\system32\drivers\cmnsusbser.sys (Mobile Connector) DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc) DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\WINDOWS\system32\drivers\s116unic.sys (MCCI Corporation) DRV - (s116obex) -- C:\WINDOWS\system32\drivers\s116obex.sys (MCCI Corporation) DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\WINDOWS\system32\drivers\s116nd5.sys (MCCI Corporation) DRV - (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s116mgmt.sys (MCCI Corporation) DRV - (s116mdm) -- C:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation) DRV - (s116mdfl) -- C:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation) DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (wowfilter) -- C:\WINDOWS\system32\drivers\WOWFilter.sys () DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS () DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.) DRV - (BTSLBCSP) -- C:\WINDOWS\system32\drivers\btslbcsp.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.) DRV - (SUEPD) -- C:\WINDOWS\system32\drivers\SUE_PD.sys (Samsung) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (RITCPT) -- C:\WINDOWS\System32\drivers\RITCPT.SYS () DRV - (FBAPI) -- C:\WINDOWS\system32\drivers\FBAPI.sys () DRV - (Usblink) -- C:\WINDOWS\system32\drivers\ulink.sys () DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.4.2.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.03.31 20:13:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.06 20:18:56 | 000,000,000 | ---D | M] [2009.09.24 13:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Bebie\Anwendungsdaten\Mozilla\Extensions [2009.09.24 13:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Bebie\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org [2011.02.11 12:25:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Bebie\Anwendungsdaten\Mozilla\Firefox\Profiles\48eupamh.default\extensions [2009.09.02 08:39:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Bebie\Anwendungsdaten\Mozilla\Firefox\Profiles\48eupamh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.01.29 09:36:05 | 000,000,000 | ---D | M] (Favicon Picker 2 [de]) -- C:\Dokumente und Einstellungen\Bebie\Anwendungsdaten\Mozilla\Firefox\Profiles\48eupamh.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66} [2009.01.28 22:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.03.15 14:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2008.10.13 19:34:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2008.02.19 15:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2006.12.03 16:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2006.11.17 12:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () O4 - HKLM..\Run: [DisplayManager] C:\Programme\Samsung\DisplayManager\DisplayManager.exe (SAMSUNG ELECTRONICS) O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\DisplayManager\DMLoader.exe (SAMSUNG) O4 - HKLM..\Run: [farstone] File not found O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe () O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [starter4g] C:\WINDOWS\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKCU..\Run: [{08622368-A3F6-B24C-7650-AB92130527AB}] C:\Dokumente und Einstellungen\Bebie\Anwendungsdaten\Dukage\unak.exe (Aper1 Software) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Frontpage\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.92.82 213.191.74.11 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Bebie\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Bebie\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.04.05 12:49:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.11 15:07:29 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Bebie\Desktop\OTL.exe [2011.02.11 14:14:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Bebie\Anwendungsdaten\Malwarebytes [2011.02.11 14:13:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.02.11 14:13:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.02.11 14:13:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.02.11 14:13:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.02.11 14:13:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.02.11 14:12:57 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Bebie\Desktop\mbam-setup.exe [2011.02.08 12:08:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Bebie\Anwendungsdaten\NCH Swift Sound [2011.02.08 12:07:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\NCH Software Suite [2011.02.08 12:07:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Audio Related Programs [2011.02.08 12:06:34 | 000,609,432 | ---- | C] (NCH Software) -- C:\Dokumente und Einstellungen\Bebie\Desktop\wpsetup.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.02.11 15:07:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Bebie\Desktop\OTL.exe [2011.02.11 14:48:03 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.02.11 14:48:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.02.11 14:21:04 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job [2011.02.11 14:13:52 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.11 14:12:58 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Bebie\Desktop\mbam-setup.exe [2011.02.11 10:14:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.02.11 10:14:35 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys [2011.02.08 16:24:46 | 000,000,106 | ---- | M] () -- C:\WINDOWS\pd1util.INI [2011.02.08 13:48:08 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2011.02.08 12:28:58 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\expressripShakeIcon.job [2011.02.08 12:14:59 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\expressripDowngrade.job [2011.02.08 12:07:47 | 000,000,808 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WavePad Audiobearbeitungs-Software.lnk [2011.02.08 12:06:34 | 000,609,432 | ---- | M] (NCH Software) -- C:\Dokumente und Einstellungen\Bebie\Desktop\wpsetup.exe [2011.02.07 12:31:54 | 000,023,040 | ---- | M] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\Die 7 Tore.doc [2011.02.07 12:31:46 | 000,019,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\Tore.doc [2011.02.06 19:11:27 | 000,021,504 | ---- | M] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\Mr Rock n Roll.doc [2011.01.24 19:51:59 | 000,099,328 | ---- | M] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\Lebenslauf Sigrid Goldschmidt.doc [2011.01.24 18:19:38 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\~$Jobs.doc [2011.01.24 09:22:36 | 000,034,304 | ---- | M] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\Lebenslauf Bäcker.doc [2011.01.22 20:16:17 | 000,030,208 | ---- | M] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\Jobs.doc [2011.01.18 18:08:11 | 000,019,968 | ---- | M] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\wildpark schwarze berge 100.doc [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.02.11 14:13:52 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.08 14:21:58 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job [2011.02.08 12:28:57 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\expressripShakeIcon.job [2011.02.08 12:13:33 | 000,000,044 | R--- | C] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\Track06.cda [2011.02.08 12:13:33 | 000,000,044 | R--- | C] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\Track05.cda [2011.02.08 12:13:33 | 000,000,044 | R--- | C] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\Track04.cda [2011.02.08 12:13:33 | 000,000,044 | R--- | C] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\Track03.cda [2011.02.08 12:13:33 | 000,000,044 | R--- | C] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\Track02.cda [2011.02.08 12:13:33 | 000,000,044 | R--- | C] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\Track01.cda [2011.02.08 12:07:47 | 000,000,808 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WavePad Audiobearbeitungs-Software.lnk [2011.02.08 12:07:46 | 000,000,814 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WavePad Audiobearbeitungs-Software.lnk [2011.02.07 12:31:54 | 000,023,040 | ---- | C] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\Die 7 Tore.doc [2011.02.07 12:31:45 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\Tore.doc [2011.02.06 19:11:26 | 000,021,504 | ---- | C] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\Mr Rock n Roll.doc [2011.01.24 18:19:38 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\~$Jobs.doc [2011.01.24 13:08:46 | 000,099,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\Lebenslauf Sigrid Goldschmidt.doc [2011.01.24 09:22:36 | 000,034,304 | ---- | C] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\Lebenslauf Bäcker.doc [2011.01.22 19:45:25 | 000,030,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\Jobs.doc [2011.01.18 18:07:58 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\Bebie\Eigene Dateien\wildpark schwarze berge 100.doc [2009.03.23 20:27:49 | 000,000,106 | ---- | C] () -- C:\WINDOWS\pd1util.INI [2008.09.09 09:15:02 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys [2008.09.09 09:15:00 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll [2008.02.07 23:54:18 | 000,000,637 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.09.25 21:53:30 | 000,022,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Bebie\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.07.22 19:07:44 | 000,040,060 | ---- | C] () -- C:\WINDOWS\System32\drivers\ulink.sys [2007.07.20 19:00:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI [2007.02.15 23:34:15 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.01.13 02:34:07 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Bebie_KBD.ini [2006.11.20 13:57:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.10.24 02:38:58 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini [2006.10.24 02:38:58 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini [2006.10.24 02:36:22 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI [2006.10.24 02:36:20 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI [2006.10.24 02:36:20 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI [2006.10.24 02:36:20 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI [2006.10.24 02:36:20 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI [2006.10.24 02:36:20 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI [2006.10.24 02:36:20 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI [2006.10.24 02:36:20 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI [2006.10.24 02:36:20 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI [2006.10.24 02:36:20 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI [2006.10.24 02:36:20 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI [2006.10.24 02:36:20 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI [2006.10.24 02:36:20 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI [2006.10.24 02:36:20 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI [2006.10.24 02:36:20 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI [2006.10.24 02:29:16 | 000,043,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\RITCPT.SYS [2006.10.24 02:29:12 | 000,005,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\FBAPI.sys [2006.10.24 02:27:54 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2006.10.24 02:27:48 | 000,000,508 | ---- | C] () -- C:\WINDOWS\SamsungBluetooth.ini [2006.07.06 20:21:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioWideStereoDMO.dll [2006.07.06 20:21:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioAmp.dll [2006.04.05 21:32:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006.04.05 13:40:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.04.05 13:16:23 | 000,004,300 | R--- | C] () -- C:\WINDOWS\System32\MEMIO.SYS [2005.11.28 11:06:22 | 000,038,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys [2005.11.28 11:06:22 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys [2005.11.28 11:06:20 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2005.09.19 15:50:42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll < End of report > |
|
12.02.2011, 13:28
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Postbank 40 TansCode:
ATTFilter Drive C: | 54,83 Gb Total Space | 32,01 Gb Free Space | 58,38% Space Free | Partition Type: FAT32
Drive D: | 36,46 Gb Total Space | 25,21 Gb Free Space | 69,15% Space Free | Partition Type: NTFS
Drive H: | 279,39 Gb Total Space | 36,12 Gb Free Space | 12,93% Space Free | Partition Type: FAT32
Drive J: | 7,48 Gb Total Space | 7,41 Gb Free Space | 99,17% Space Free | Partition Type: NTFS
Code:
ATTFilter PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
nach der Deinstallation von ZoneAlarm kannst du diesen OTL-Fix machen: Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
[2010.12.27 03:59:01 | 000,001,404 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\48DA.471
[2011.02.09 19:02:44 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Stedupu.dat
[2011.02.09 19:02:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Msasexasuxomo.bin
[2011.02.11 01:21:28 | 000,000,194 | ---- | M] () -- C:\WINDOWS\System32\RBDELDRV.BAT
FF - prefs.js..network.proxy.backup.ftp: "71.41.204.228"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "71.41.204.228"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "71.41.204.228"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "71.41.204.228"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "207.62.217.252"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "207.62.217.252"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "207.62.217.252"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "207.62.217.252"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> Trojaner Postbank 40 Tans |
|
12.02.2011, 13:42
| #7 |
| | Trojaner Postbank 40 Tans Arne, bist Du sicher, dass die obige Anweisung MIR gelten sollte?? |
|
12.02.2011, 15:20
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Postbank 40 Tans Sry ich bin mit den Logs durcheinander gekommen   Ignorier meinen Beitrag davor, danke dass du sogut aufpasst! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2011, 15:23
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Postbank 40 Tans Jetzt passt es aber.  Nimm das hier: Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKLM..\Run: [farstone] File not found
O4 - HKCU..\Run: [{08622368-A3F6-B24C-7650-AB92130527AB}] C:\Dokumente und Einstellungen\Bebie\Anwendungsdaten\Dukage\unak.exe (Aper1 Software)
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2011, 15:51
| #10 |
| | Trojaner Postbank 40 Tans erledigt :-) Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\farstone deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{08622368-A3F6-B24C-7650-AB92130527AB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08622368-A3F6-B24C-7650-AB92130527AB}\ not found.
C:\Dokumente und Einstellungen\Bebie\Anwendungsdaten\Dukage\unak.exe moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Bebie
->Temp folder emptied: 4618541715 bytes
->Temporary Internet Files folder emptied: 1309010562 bytes
->Java cache emptied: 19300488 bytes
->FireFox cache emptied: 113369704 bytes
->Flash cache emptied: 105043 bytes
User: Default User
->Temp folder emptied: 344064 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Lichtschimmer
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 123086551 bytes
RecycleBin emptied: 385514815 bytes
Total Files Cleaned = 6.265,00 mb
OTL by OldTimer - Version 3.2.20.6 log created on 02122011_152847
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
12.02.2011, 18:57
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Postbank 40 Tans Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.02.2011, 00:50
| #12 |
| | Trojaner Postbank 40 Tans So, CCleaner und Combofix ausgeführt! Das waren ja tolle Anleitungen ... soagr für Frauen verständlich ;-) Ich hoffe, ich bin nun befreit von allem Übel. Hier das Log: Code:
ATTFilter ComboFix 11-02-12.01 - Bebie 13.02.2011 0:29.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.1014.657 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Bebie\Desktop\cofi.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokumente und einstellungen\Bebie\Anwendungsdaten\ACD Systems\ACDSee\ImageDB.ddf
c:\dokumente und einstellungen\Bebie\Anwendungsdaten\Dukage\unak.exe
c:\windows\Fonts\langinst.exe
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((( Dateien erstellt von 2011-01-12 bis 2011-02-12 ))))))))))))))))))))))))))))))
.
2011-02-12 23:14 . 2011-02-12 23:14 -------- d-----w- c:\programme\CCleaner
2011-02-12 14:28 . 2011-02-12 14:28 -------- d-----w- C:\_OTL
2011-02-11 13:14 . 2011-02-11 13:14 -------- d-----w- c:\dokumente und einstellungen\Bebie\Anwendungsdaten\Malwarebytes
2011-02-11 13:13 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 13:13 . 2011-02-11 13:13 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-02-11 13:13 . 2011-02-12 07:42 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-02-11 13:13 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-08 11:08 . 2011-02-08 11:08 -------- d-----w- c:\dokumente und einstellungen\Bebie\Anwendungsdaten\NCH Swift Sound
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programme\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-15 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-15 118784]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [2005-01-07 61952]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88204]
"MagicKeyboard"="c:\programme\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 151552]
"DMHotKey"="c:\programme\Samsung\DisplayManager\DMLoader.exe" [2005-11-23 356352]
"DisplayManager"="c:\programme\Samsung\DisplayManager\DisplayManager.exe" [2006-05-03 413696]
"BatteryManager"="c:\programme\Samsung\Samsung Battery Manager\BatteryManager.exe" [2006-04-25 2764800]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-02-15 98304]
"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2008-02-07 185896]
"starter4g"="c:\windows\starter4g.exe" [2009-05-14 157456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2005-9-19 581693]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\programme\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ----a-w- c:\programme\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestoreIT!]
2004-09-23 17:27 114688 ----a-w- c:\programme\Phoenix Technologies Ltd\RecoverPro_XP\vbptask.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Real\\RealPlayer\\realplay.exe"=
R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.SYS [24.10.2006 02:29 43512]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [05.04.2006 13:16 4300]
R2 FBAPI;FBAPI;c:\windows\system32\drivers\FBAPI.sys [24.10.2006 02:29 5088]
R2 SNM WLAN Service;SNM WLAN Service;c:\programme\Samsung\Samsung Network Manager\SNMWLANService.exe [28.05.2005 07:35 36864]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe [28.11.2005 11:06 31744]
R2 WTGService;WTGService;c:\programme\XSManager\WTGService.exe [26.10.2009 16:44 304592]
R2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [26.10.2009 16:44 125200]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [28.11.2005 11:06 19456]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [17.09.2009 15:16 133104]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [26.10.2009 16:44 103424]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [13.01.2007 10:00 19840]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [22.07.2007 19:07 40060]
.
Inhalt des "geplante Tasks" Ordners
2011-02-08 c:\windows\Tasks\expressripDowngrade.job
- c:\programme\NCH Swift Sound\ExpressRip\expressrip.exe [2010-08-08 21:07]
2011-02-08 c:\windows\Tasks\expressripShakeIcon.job
- c:\programme\NCH Swift Sound\ExpressRip\expressrip.exe [2010-08-08 21:07]
2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-09-17 14:16]
2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-09-17 14:16]
2011-02-12 c:\windows\Tasks\wavepadShakeIcon.job
- c:\programme\NCH Swift Sound\WavePad\wavepad.exe [2011-02-08 11:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Senden an &Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\dokumente und einstellungen\Bebie\Anwendungsdaten\Mozilla\Firefox\Profiles\48eupamh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Favicon Picker 2 [de]: {446c03e0-2c35-11db-a98b-0800200c9a66} - %profile%\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-{08622368-A3F6-B24C-7650-AB92130527AB} - c:\dokumente und einstellungen\Bebie\Anwendungsdaten\Dukage\unak.exe
MSConfigStartUp-AVStation Premium 3 - c:\programme\Samsung\AVStation Premium 3.75\AVSAgent.exe
MSConfigStartUp-ccApp - c:\programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
MSConfigStartUp-NAV CfgWiz - c:\programme\Norton AntiVirus\CfgWiz.exe
MSConfigStartUp-Starter - c:\windows\System32\Starter.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-13 00:35
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\WlNotify.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\igfxext.exe
c:\programme\SAMSUNG\MagicKBD\MagicKBD.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
c:\programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-13 00:37:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-02-12 23:37
Vor Suchlauf: 9 Verzeichnis(se), 64.107.769.856 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 64.078.426.112 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - F96925428CF5EA9F339AE942E3CEDEE0
|
|
13.02.2011, 20:30
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Postbank 40 Tans Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.02.2011, 21:15
| #14 |
| | Trojaner Postbank 40 Tans So, es hat alles geklappt, kein Absturz. GMER: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-14 10:23:52
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541010G9AT00 rev.MBZOA60A
Running: mlswfgk9.exe; Driver: C:\DOKUME~1\Bebie\LOKALE~1\Temp\awrdqpod.sys
---- System - GMER 1.0.15 ----
SSDT F7D05B96 ZwCreateKey
SSDT F7D05B8C ZwCreateThread
SSDT F7D05B9B ZwDeleteKey
SSDT F7D05BA5 ZwDeleteValueKey
SSDT F7D05BAA ZwLoadKey
SSDT F7D05B78 ZwOpenProcess
SSDT F7D05B7D ZwOpenThread
SSDT F7D05BB4 ZwReplaceKey
SSDT F7D05BAF ZwRestoreKey
SSDT F7D05BA0 ZwSetValueKey
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:09:12 on 14.02.2011 OS: Windows XP Home Edition Service Pack 2 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.0.19 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "expressripDowngrade.job" - "NCH Software" - C:\Programme\NCH Swift Sound\ExpressRip\expressrip.exe "expressripShakeIcon.job" - "NCH Software" - C:\Programme\NCH Swift Sound\ExpressRip\expressrip.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "wavepadShakeIcon.job" - "NCH Software" - C:\Programme\NCH Swift Sound\WavePad\wavepad.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl "cttune.cpl" - ? - C:\WINDOWS\system32\cttune.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "MagicKBD.cpl" - "SAMSUNG Electronics Co., Ltd." - C:\WINDOWS\system32\MagicKBD.cpl "QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl "SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl "SRSCpl" - "SRS Labs, Inc." - C:\Programme\SRS Labs\WOWXT and TSXT Driver\srscpl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "Bluetooth Port Client Driver" (BTSLBCSP) - "Broadcom Corporation." - C:\WINDOWS\system32\drivers\btslbcsp.sys "Bluetooth Serial Driver" (BTSERIAL) - "Broadcom Corporation." - C:\WINDOWS\system32\drivers\btserial.sys "Bluetooth-Audiogerät" (btaudio) - "Broadcom Corporation." - C:\WINDOWS\System32\drivers\btaudio.sys "Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys "Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwdndis.sys "btwhid" (btwhid) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwhid.sys "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "FBAPI" (FBAPI) - ? - C:\WINDOWS\system32\drivers\FBAPI.sys (File found, but it contains no detailed information) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MEMIO" (DOSMEMIO) - ? - C:\WINDOWS\system32\MEMIO.SYS (File found, but it contains no detailed information) "PCASp50 NDIS Protocol Driver" (PCASp50) - ? - C:\WINDOWS\System32\Drivers\PCASp50.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "RITCPT" (RITCPT) - ? - C:\WINDOWS\system32\drivers\RITCPT.sys (File found, but it contains no detailed information) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "SUE NDIS Protocol Driver" (SUEPD) - "Samsung" - C:\WINDOWS\System32\DRIVERS\SUE_PD.sys "Usblink Driver" (Usblink) - ? - C:\WINDOWS\System32\Drivers\ulink.sys "Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btport.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys "WOW XT Filter Driver" (wowfilter) - ? - C:\WINDOWS\System32\drivers\wowfilter.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {03DAACC5-10BA-4E3E-9D54-2A569F6B4B87} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll {738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll / hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx / hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\FRONTP~1\OFFICE11\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "BTTray.lnk" - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Bebie\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "BatteryManager" - ? - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe "DisplayManager" - "SAMSUNG ELECTRONICS" - C:\Programme\Samsung\DisplayManager\DisplayManager.exe "DMHotKey" - "SAMSUNG" - C:\Programme\Samsung\DisplayManager\DMLoader.exe "MagicKeyboard" - ? - C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe "QuickTime Task" - "Apple Computer, Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "Sony Ericsson PC Suite" - ? - "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions "starter4g" - "4G Systems GmbH & Co. KG" - C:\WINDOWS\starter4g.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Samsung Update Plus" (Samsung Update Plus) - ? - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe (File found, but it contains no detailed information) "SNM WLAN Service" (SNM WLAN Service) - ? - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe (File found, but it contains no detailed information) "SRS PostInstaller Service" (SRS_PostInstaller) - "SRS Labs, Inc." - C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "WTGService" (WTGService) - ? - C:\Programme\XSManager\WTGService.exe (File found, but it contains no detailed information) "XS Stick Service" (XS Stick Service) - "4G Systems GmbH & Co. KG" - C:\WINDOWS\service4g.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 143):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7B0C000 \WINDOWS\system32\KDCOM.DLL
0xF7A1C000 \WINDOWS\system32\BOOTVID.dll
0xF75BC000 ACPI.sys
0xF7B0E000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF75AB000 pci.sys
0xF760C000 isapnp.sys
0xF761C000 ohci1394.sys
0xF762C000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A20000 compbatt.sys
0xF7A24000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BD4000 pciide.sys
0xF788C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF758D000 pcmcia.sys
0xF763C000 MountMgr.sys
0xF756E000 ftdisk.sys
0xF7A28000 ACPIEC.sys
0xF7BD5000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7894000 PartMgr.sys
0xF764C000 VolSnap.sys
0xF7556000 atapi.sys
0xF765C000 disk.sys
0xF766C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7536000 fltMgr.sys
0xF7524000 sr.sys
0xF750D000 KSecDD.sys
0xF7480000 Ntfs.sys
0xF7453000 NDIS.sys
0xF767C000 sbp2port.sys
0xF768C000 RITCPT.sys
0xF7438000 Mup.sys
0xF76CC000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF6C1E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7AE0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6AA3000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF6A8F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6A6A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF690D000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xF792C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF68EA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7934000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6C0E000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF68D9000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF793C000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF6BFE000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF688D000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF6BEE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7944000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF685E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7B38000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF794C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF76DC000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF76EC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76FC000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF683B000 \SystemRoot\system32\DRIVERS\ks.sys
0xF66CF000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF7C74000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF770C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AF8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF66B8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF771C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF772C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7954000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF66A7000 \SystemRoot\system32\DRIVERS\psched.sys
0xF773C000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF795C000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7964000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF774C000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B3A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF664E000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B04000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF661A000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0xF775C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA79A000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xAA778000 \SystemRoot\system32\drivers\portcls.sys
0xF777C000 \SystemRoot\system32\drivers\drmk.sys
0xF796C000 \SystemRoot\system32\drivers\wowfilter.sys
0xF778C000 \SystemRoot\system32\drivers\wowxt_kern_i386.sys
0xF7974000 \SystemRoot\system32\drivers\tsxt_kern_i386.sys
0xAA752000 \SystemRoot\system32\drivers\AEAudio.sys
0xAA63F000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF797C000 \SystemRoot\System32\Drivers\Modem.SYS
0xF77AC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B44000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF77BC000 \SystemRoot\System32\Drivers\btwusb.sys
0xF799C000 \SystemRoot\system32\DRIVERS\btport.sys
0xAA5FA000 \SystemRoot\system32\DRIVERS\btwdndis.sys
0xAA597000 \SystemRoot\system32\drivers\btaudio.sys
0xF77CC000 \SystemRoot\system32\DRIVERS\btwhid.sys
0xF77DC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF79A4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7ADC000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF6837000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7B48000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C39000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B4A000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79B4000 \SystemRoot\System32\drivers\vga.sys
0xF7B4C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B4E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79BC000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79C4000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6833000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA4C4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA46C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA444000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA422000 \SystemRoot\System32\drivers\afd.sys
0xF77EC000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF79CC000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xAA3F7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA360000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77FC000 \SystemRoot\System32\Drivers\Fips.SYS
0xAA33F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF780C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF781C000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAA319000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7B5A000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF787C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA301000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B5C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA623000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79F4000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CC2000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAA1AC000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF7BF5000 \??\C:\WINDOWS\system32\MEMIO.SYS
0xAA1D1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9F50000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9E4B000 \SystemRoot\system32\drivers\wdmaud.sys
0xAA537000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7904000 \??\C:\WINDOWS\system32\drivers\btserial.sys
0xA9DCB000 \??\C:\WINDOWS\system32\drivers\btslbcsp.sys
0xF7B76000 \??\C:\WINDOWS\system32\drivers\FBAPI.sys
0xA9AEC000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9083000 \SystemRoot\System32\Drivers\HTTP.sys
0xA8D11000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 55):
0 System Idle Process
4 System
824 C:\WINDOWS\system32\smss.exe
888 csrss.exe
912 C:\WINDOWS\system32\winlogon.exe
956 C:\WINDOWS\system32\services.exe
968 C:\WINDOWS\system32\lsass.exe
1144 C:\WINDOWS\system32\svchost.exe
1208 svchost.exe
1248 C:\WINDOWS\system32\svchost.exe
1384 svchost.exe
1412 svchost.exe
1908 C:\WINDOWS\system32\spoolsv.exe
1396 C:\Programme\Avira\AntiVir Desktop\sched.exe
1476 svchost.exe
1596 C:\Programme\Avira\AntiVir Desktop\avguard.exe
1752 C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
1840 C:\WINDOWS\explorer.exe
1980 C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
252 C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe
400 C:\Programme\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
412 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
460 C:\WINDOWS\system32\svchost.exe
588 C:\Programme\XSManager\WTGService.exe
728 C:\WINDOWS\service4g.exe
1608 C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
1616 C:\WINDOWS\system32\igfxtray.exe
1668 C:\WINDOWS\system32\hkcmd.exe
1680 C:\WINDOWS\system32\igfxpers.exe
1768 C:\WINDOWS\system32\igfxsrvc.exe
2100 C:\Programme\Analog Devices\Core\smax4pnp.exe
2124 C:\Programme\Synaptics\SynTP\SynTPLpr.exe
2132 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
2140 C:\WINDOWS\AGRSMMSG.exe
2176 C:\Programme\Samsung\DisplayManager\DisplayManager.exe
2188 C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
2196 C:\Programme\QuickTime\qttask.exe
2204 C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
2212 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
2232 C:\WINDOWS\starter4g.exe
2240 C:\Programme\Samsung\DisplayManager\dmhkcore.exe
2244 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
2308 C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
2316 C:\WINDOWS\system32\igfxext.exe
2552 C:\Programme\Samsung\MagicKBD\MagicKBD.exe
2808 C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
3092 C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
3320 C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
3956 C:\WINDOWS\system32\wscntfy.exe
492 alg.exe
168 C:\Programme\Java\jre1.6.0_02\bin\jucheck.exe
3692 C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
1084 C:\Programme\Mozilla Firefox\firefox.exe
640 C:\Dokumente und Einstellungen\Bebie\Desktop\osam_autorun_manager_5_0_portable\osam.exe
656 C:\Dokumente und Einstellungen\Bebie\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`db25fe00 (NTFS)
PhysicalDrive0 Model Number: HTS541010G9AT00, Rev: MBZOA60A
Size Device Name MBR Status
--------------------------------------------
86 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 61EB192C7F71BD66D2BE49CB9ECF6B9D7E483E82
Done!
|
|
14.02.2011, 21:34
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Postbank 40 Tans Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner Postbank 40 Tans |
| .dll, 40 tans, adobe, adobe flash player, dll, ebanking, einstellungen, error, explorer, flash player, gesperrt, google, google earth, home, konto gesperrt, limewire, location, logfile, mozilla, oldtimer, pop-up-fenster, problem, recover, registry, rundll, saver, security, shell32.dll, shortcut, software, system, system restore, tcp, temp, trojaner, udp |
Linear-Darstellung
