Rootkit und Onlinebanking |
||
---|---|---|
#0
| ||
25.10.2008, 12:57
Member
Beiträge: 3716 |
#31
fehlt noch das gmer log
|
|
|
||
25.10.2008, 14:37
Member
Themenstarter Beiträge: 19 |
#32
Hier nun das gmer log. Hab es im abgesicherten Modus von Windows laufen lassen, weil es im Normalmodus hängenblieb.
GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-10-25 14:27:40 Windows 5.1.2600 Service Pack 3 ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.) AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.) ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x65 0xB4 0x27 0x96 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x75 0xAA 0x81 0x8D ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0F 0xA8 0x8B 0x51 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x65 0xB4 0x27 0x96 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x75 0xAA 0x81 0x8D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x87 0x72 0xFF 0xF6 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x65 0xB4 0x27 0x96 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x75 0xAA 0x81 0x8D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x87 0x72 0xFF 0xF6 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x65 0xB4 0x27 0x96 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x75 0xAA 0x81 0x8D ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x87 0x72 0xFF 0xF6 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 5AEABB9A37719F9243E7A429642CB843BA54FC0DC603DA923E3B95E23F1F28B6CF2C8C796EF4B69E125BDD97604FE6E4FC1903913E2BD10E1711A8B897E441994669728C3736BCE32C98C7C68B7F9F5396A7BEB51AE5C95A80AE845E0BC3D3CC99ABE77CB95BDDF76B27EAC6DEEEE91884A6DF884694C118B775A08895E678A36AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6A0AC4980AC79338EDD5E5BE2F6E667FEBC9E127BECC74C46DABD8F5C4DE9AC288C37517BEB070BFD66EEC0B085D483D7D45BD186B935348CBB9275A59840E67DB0ABDD0524D5632B387D526252FC471B1D241E8E2F947A8A4BDAFC8E8055A8754CA22680079F55E8403B67DF431D7426F76D410ED3349E9C9122A72DDCC1C82AAE4B4153863199ACB61B427C02D845EFA70FD0E12BA97A56F7C5FC8FAAB161698DA944D436EC2DA4B9E6AC7C5D65B51E53B766DDD921AB7CCFF786B507E5D13700934B54D0C74E2ECAB8729B458C878F04659F49ADD896074CBCD492B7B0BDC883337612B1CA025E5080640850AE40D3A9EE1EDE14A5DEA50370790E25FB8C887808E943D89211FB1181D8E23ABB282F95FB874D1F6D6FB9713F0B84D944E995A1E44C90ED5287023CD527C15E3B4C9B000B85B8872CF65676AAA3C60799C1C229F04A17384 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSAFEERASE02.00.00.01MSWINDOWS 05551BFC84D6188C10FE3ADC7853DADA3F27B10B90081B8855D85A85B498517F9A225AF39957C1D2AF9809F95BED6EF3EF37E94DA5651331DD7F2B25F1F2329231F94579CE19B87860F89BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6A0AC4980AC7933FEBC9E127BECC74CA31DD651D381022461DBB84AC2B0EFA0656FF047CE1FAA24D92B18DABE6E674DB254784A5B94E5666870312809F23C8F879CAA084876E7710979CFB473C9C00A04A52607D298A97D27C5284205621AFC05A57AFD2F5C79C1AFD8E9AA86E3450F29FD3A9C9F020B481C844B2B96FBAF1CE90A856080F7883886409D35B42E428DA6EE21625A2B9E2BB8755B3E53A37522356C82296E5592FA3ACC388E6AFB5C40F4ACDDF4CB504C1062063096031E38C7D914BB955DE3E93569BD9AB7CA8688618190843575944FE37447B497229798CB3F6B12296676B41629F6B671ACE992AF2E973EC50A7C3895BC71E3E4E19D0CEE408177A858C56CCE818017C41B2619F1CEE1C88EF170E91BFB5DD367A6A15AF7AA89F29FB46BDE966D86D77AD3218EEBAD3575BE48BF1D6CE888284D087B2130445BA15B30672DA8DED7A7A44921BAEC85F92A42DB9ADC072E959D87D2E5D064416FB1EDB41ECDC3B769CB94A2D4B6C00A3EDD513 ---- EOF - GMER 1.0.14 ---- |
|
|
||
26.10.2008, 17:57
Moderator
Beiträge: 5694 |
||
|
||
26.10.2008, 18:43
Member
Themenstarter Beiträge: 19 |
#34
Update! Die Phishingmaske erscheint sowohl bei einem völlig neu aufgesetzten System, als auch beim Einloggen von fremden Rechnern aus, unabhängig davon ob der IE oder Firefox verwendet wird.
|
|
|
||
26.10.2008, 18:49
Moderator
Beiträge: 7805 |
||
|
||
26.10.2008, 20:01
Moderator
Beiträge: 7805 |
#36
Tritt das Phaenomen auch auf, wenn du beim Einloggen die Daten des Demokontos eingibst?
Also Konto# 1234567890 Pin 12345 __________ MfG Ralf SEO-Spam Hunter |
|
|
||
26.10.2008, 21:08
Member
Themenstarter Beiträge: 19 |
#37
Zitat raman posteteNein. Hatte auch nichts anderes erwartet. Die Phishingmaske wird vermutlich nur generiert, wenn die Gauner im Hintergrund mit gültigen Logindaten bereits eine Überweisung vorbereitet haben. In die Phishingmaske wird dann vermutlich die TAN eingeblendet, welche die Bank für die Überweisung verlangt. Der ahnungslose Bankkunde kann das natürlich nicht sehen. |
|
|
||