| |
| |||||||
Log-Analyse und Auswertung: 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem InternetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
14.03.2012, 15:01
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.03.2012, 17:48
| #17 |
 | 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet Vielen Dank! Ich mache es dann gleich.
__________________Eine Frage noch: TDSS hat jetzt ja wohl keine Dateien gelöscht, weil ich, wie vorgeschlagen, überall skip ausgewählt hatte. Ist das in Ordnung? Kann das so bleiben. Weil er hatte ja schon ein paar Sachen gefunden... Viele Grüße! |
|
14.03.2012, 18:39
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem InternetZitat:
__________________ |
|
14.03.2012, 23:11
| #19 |
| | 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet Nein, ich meinte damit: können die draufbleiben? Skip heißt ja wohl behalten. Ist nicht so wichtig. Wichtiger: das logfile: Code:
ATTFilter ComboFix 12-03-14.01 - toff 14.03.2012 22:58:43.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.2038.1459 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\toff\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\INSTALL.LOG
c:\programme\Internet Explorer\dmlconf.dat
c:\windows\EventSystem.log
c:\windows\IsUn0407.exe
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-14 bis 2012-03-14 ))))))))))))))))))))))))))))))
.
.
2012-03-13 19:33 . 2012-03-13 19:33 -------- d--h--w- c:\windows\$hf_mig$
2012-03-13 19:26 . 2012-03-13 19:26 -------- d-----w- C:\_OTL
2012-03-10 17:22 . 2012-03-10 17:22 -------- d-----w- c:\programme\ESET
2012-03-10 16:43 . 2012-03-10 16:43 -------- d-----w- c:\dokumente und einstellungen\toff\Anwendungsdaten\Malwarebytes
2012-03-10 16:42 . 2012-03-10 16:42 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-03-10 16:42 . 2012-03-10 16:43 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-03-10 16:42 . 2011-12-10 14:24 20464 ------w- c:\windows\system32\drivers\mbam.sys
2012-03-04 19:44 . 2012-03-04 19:44 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype
2012-03-03 20:04 . 2012-03-07 09:41 -------- d-----r- c:\programme\Skype
2012-03-03 14:10 . 2012-03-03 14:11 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PCDr
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-11 07:15 . 2010-11-13 22:36 5427 ------w- c:\windows\system32\EGATHDRV.SYS
2011-03-18 17:56 . 2011-03-24 21:09 142296 ------w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2005-09-15 110592]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-09-15 512000]
"TPKMAPHELPER"="c:\programme\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 864256]
"TpShocks"="TpShocks.exe" [2005-11-07 106496]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 237568]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-12-15 94208]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-12-15 925696]
"suScheduler"="c:\programme\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-01 40960]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-01-25 106496]
"AMSG"="c:\programme\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"cssauth"="c:\programme\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-12-21 1996336]
"PDService.exe"="c:\programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152]
"Picasa Media Detector"="c:\programme\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872]
"DiskeeperSystray"="c:\programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-29 196696]
"ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2006-01-31 409600]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-01-31 98304]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-12-07 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-12-07 208896]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2011-7-26 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 22:45 28672 ------w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 19:16 24576 ------w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
"c:\\Programme\\ICQ7.5\\ICQ.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [15.02.2011 00:28 136360]
R2 PrivateDisk;PrivateDisk;c:\programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15.11.2005 13:11 46142]
R2 smi2;smi2;c:\programme\SMI2\smi2.sys [21.12.2005 16:45 3968]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [15.02.2012 13:30 158856]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-14 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-11-13 00:12]
.
2010-11-13 c:\windows\Tasks\Symantec NetDetect.job
- c:\programme\Symantec\LiveUpdate\NDETECT.EXE [2010-11-13 16:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/de/de
IE: Senden an &Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programme\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\toff\Anwendungsdaten\Mozilla\Firefox\Profiles\xpd9hs47.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.lemonde.fr/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-ACNotify - ACNotify.dll
Notify-NavLogon - (no file)
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-Presentation Director - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-14 23:07
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1312)
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\tphklock.dll
.
- - - - - - - > 'explorer.exe'(3168)
c:\windows\system32\PROCHLP.DLL
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programme\Cisco Systems\VPN Client\cvpnd.exe
c:\programme\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
c:\programme\ThinkVantage\SystemUpdate\UCLauncherService.exe
c:\windows\system32\wdfmgr.exe
c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\IBM ThinkVantage\Common\Logger\logmon.exe
c:\windows\system32\TpShocks.exe
c:\programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\programme\IBM ThinkVantage\Client Security Solution\pwmgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-14 23:10:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-14 22:10
.
Vor Suchlauf: 14 Verzeichnis(se), 17.100.849.152 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 17.008.627.712 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
.
- - End Of File - - 73B959B2F522F0BD34E1A655770C0B62
|
|
15.03.2012, 04:19
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet Ich hätte schon gepostet was weg muss, deswegen solltest du ja alles skippen => logisch oder nicht?  Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2012, 18:58
| #21 |
| | 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet Hallo! Ich habe die Scans gemacht bzw. es versucht, denn seltsamerweise ging der GMER-Scan, der OSAM dagegen nicht. Zudem hatte ich gestern eine Fundmeldung von Avira. Das Log habe ich auch noch angehängt. Vielen Dank für deine Mühe!!! Avast Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-16 18:28:55
-----------------------------
18:28:55.296 OS Version: Windows 5.1.2600 Service Pack 2
18:28:55.296 Number of processors: 2 586 0xE08
18:28:55.296 ComputerName: APFELMUS UserName: toff
18:28:55.828 Initialize success
18:39:17.906 AVAST engine defs: 12031600
18:40:09.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:40:09.234 Disk 0 Vendor: FUJITSU_ 0084 Size: 57231MB BusType: 3
18:40:09.265 Disk 0 MBR read successfully
18:40:09.265 Disk 0 MBR scan
18:40:09.312 Disk 0 unknown MBR code
18:40:09.312 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 53230 MB offset 63
18:40:09.359 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 4001 MB offset 109015200
18:40:09.359 Disk 0 scanning sectors +117210240
18:40:09.671 Disk 0 scanning C:\WINDOWS\system32\drivers
18:40:36.578 Service scanning
18:40:57.437 Modules scanning
18:41:36.265 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
18:41:44.781 Disk 0 trace - called modules:
18:41:44.828 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
18:41:44.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b76ab8]
18:41:44.843 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\00000096[0x89b5ca00]
18:41:44.843 5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x89b8a030]
18:41:45.343 AVAST engine scan C:\WINDOWS
18:42:24.843 AVAST engine scan C:\WINDOWS\system32
18:48:24.406 AVAST engine scan C:\WINDOWS\system32\drivers
18:49:21.062 AVAST engine scan C:\Dokumente und Einstellungen\toff
18:54:33.640 AVAST engine scan C:\Dokumente und Einstellungen\All Users
18:55:35.984 Scan finished successfully
18:55:48.875 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\toff\Desktop\MBR.dat"
18:55:48.875 The log file has been saved successfully to "C:\Dokumente und Einstellungen\toff\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-16 18:56:09
-----------------------------
18:56:09.531 OS Version: Windows 5.1.2600 Service Pack 2
18:56:09.531 Number of processors: 2 586 0xE08
18:56:09.531 ComputerName: APFELMUS UserName: toff
18:56:10.046 Initialize success
18:56:18.375 The log file has been saved successfully to "C:\Dokumente und Einstellungen\toff\Desktop\aswMBR.txt"
AVIRA-FUND Code:
ATTFilter Die Datei 'C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP124\A0030882.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d9bb7d3.qua' verschoben!
|
|
16.03.2012, 19:00
| #22 |
| | 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet GMER Teil 1 Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-16 10:37:00
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0084
Running: 1ibnls6o.exe; Driver: C:\DOKUME~1\toff\LOKALE~1\Temp\uwdyrpow.sys
---- System - GMER 1.0.15 ----
SSDT B8FE895C ZwClose
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0x962E4930]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0x962EFA80]
SSDT B8FE8966 ZwCreateSection
SSDT B8FE890C ZwCreateThread
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0x962E4F20]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0x962F06E0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0x962F0440]
SSDT B8FE8957 ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0x962F08B0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0x962E4D70]
SSDT B8FE88F8 ZwOpenProcess
SSDT B8FE88FD ZwOpenThread
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0x962F1250]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0x962F0CB0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0x962F1080]
SSDT B8FE896B ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0x962E5120]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0x962F0140]
SSDT B8FE8907 ZwTerminateProcess
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [962ECCA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [962ED1C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [962ED320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [962ECE10] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [962ECE10] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [962ECCA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [962ED1C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [962ED320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [962ECCA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [962ED320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [962ED1C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [962ECE10] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [962ED320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [962ED1C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [962ECCA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [962ECE10] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [962ECCA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [962ED1C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [962ED320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [962FA330] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [962ECCA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [962ECE10] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [962ED320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [962ED1C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [962E55C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [962E5770] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[904] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00D22BC8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[904] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!UnhandledExceptionFilter] [00D22CE9] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[904] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] [00D22CB8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Programme\Cisco Systems\VPN Client\vpngui.exe[2012] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [01502BC8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Programme\Cisco Systems\VPN Client\vpngui.exe[2012] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!UnhandledExceptionFilter] [01502CE9] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Programme\Cisco Systems\VPN Client\vpngui.exe[2012] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] [01502CB8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mausklassentreiber/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
|
|
16.03.2012, 19:03
| #23 |
| | 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet GMER TEIL 2 Code:
ATTFilter ---- Files - GMER 1.0.15 ----
File C:\RRbackups\bt0.dat 32256 bytes
File C:\RRbackups\bt1.dat 32256 bytes
File C:\RRbackups\bt2.dat 32256 bytes
File C:\RRbackups\bt3.dat 32256 bytes
File C:\RRbackups\bt4.dat 32256 bytes
File C:\RRbackups\bt5.dat 32256 bytes
File C:\RRbackups\C 0 bytes
File C:\RRbackups\C\0 0 bytes
File C:\RRbackups\C\0\Data27 50003968 bytes
File C:\RRbackups\C\0\Data46 50003968 bytes
File C:\RRbackups\C\0\Data65 50003968 bytes
File C:\RRbackups\C\0\Data84 50003968 bytes
File C:\RRbackups\C\0\Data0 50003968 bytes
File C:\RRbackups\C\0\Data1 50003968 bytes
File C:\RRbackups\C\0\Data10 50003968 bytes
File C:\RRbackups\C\0\Data100 42695953 bytes
File C:\RRbackups\C\0\Data11 50003968 bytes
File C:\RRbackups\C\0\Data12 50003968 bytes
File C:\RRbackups\C\0\Data13 50003968 bytes
File C:\RRbackups\C\0\Data14 50003968 bytes
File C:\RRbackups\C\0\Data15 50003968 bytes
File C:\RRbackups\C\0\Data16 50003968 bytes
File C:\RRbackups\C\0\Data17 50003968 bytes
File C:\RRbackups\C\0\Data18 50003968 bytes
File C:\RRbackups\C\0\Data19 50003968 bytes
File C:\RRbackups\C\0\Data2 50003968 bytes
File C:\RRbackups\C\0\Data20 50003968 bytes
File C:\RRbackups\C\0\Data21 50003968 bytes
File C:\RRbackups\C\0\Data22 50003968 bytes
File C:\RRbackups\C\0\Data23 50003968 bytes
File C:\RRbackups\C\0\Data24 50003968 bytes
File C:\RRbackups\C\0\Data25 50003968 bytes
File C:\RRbackups\C\0\Data26 50003968 bytes
File C:\RRbackups\C\0\Data28 50003968 bytes
File C:\RRbackups\C\0\Data29 50003968 bytes
File C:\RRbackups\C\0\Data3 50003968 bytes
File C:\RRbackups\C\0\Data30 50003968 bytes
File C:\RRbackups\C\0\Data31 50003968 bytes
File C:\RRbackups\C\0\Data32 50003968 bytes
File C:\RRbackups\C\0\Data33 50003968 bytes
File C:\RRbackups\C\0\Data34 50003968 bytes
File C:\RRbackups\C\0\Data35 50003968 bytes
File C:\RRbackups\C\0\Data36 50003968 bytes
File C:\RRbackups\C\0\Data37 50003968 bytes
File C:\RRbackups\C\0\Data38 50003968 bytes
File C:\RRbackups\C\0\Data39 50003968 bytes
File C:\RRbackups\C\0\Data4 50003968 bytes
File C:\RRbackups\C\0\Data40 50003968 bytes
File C:\RRbackups\C\0\Data41 50003968 bytes
File C:\RRbackups\C\0\Data42 50003968 bytes
File C:\RRbackups\C\0\Data43 50003968 bytes
File C:\RRbackups\C\0\Data44 50003968 bytes
File C:\RRbackups\C\0\Data45 50003968 bytes
File C:\RRbackups\C\0\Data47 50003968 bytes
File C:\RRbackups\C\0\Data48 50003968 bytes
File C:\RRbackups\C\0\Data49 50003968 bytes
File C:\RRbackups\C\0\Data5 50003968 bytes
File C:\RRbackups\C\0\Data50 50003968 bytes
File C:\RRbackups\C\0\Data51 50003968 bytes
File C:\RRbackups\C\0\Data52 50003968 bytes
File C:\RRbackups\C\0\Data53 50003968 bytes
File C:\RRbackups\C\0\Data54 50003968 bytes
File C:\RRbackups\C\0\Data55 50003968 bytes
File C:\RRbackups\C\0\Data56 50003968 bytes
File C:\RRbackups\C\0\Data57 50003968 bytes
File C:\RRbackups\C\0\Data58 50003968 bytes
File C:\RRbackups\C\0\Data59 50003968 bytes
File C:\RRbackups\C\0\Data6 50003968 bytes
File C:\RRbackups\C\0\Data60 50003968 bytes
File C:\RRbackups\C\0\Data61 50003968 bytes
File C:\RRbackups\C\0\Data62 50003968 bytes
File C:\RRbackups\C\0\Data63 50003968 bytes
File C:\RRbackups\C\0\Data64 50003968 bytes
File C:\RRbackups\C\0\Data66 50003968 bytes
File C:\RRbackups\C\0\Data67 50003968 bytes
File C:\RRbackups\C\0\Data68 50003968 bytes
File C:\RRbackups\C\0\Data69 50003968 bytes
File C:\RRbackups\C\0\Data7 50003968 bytes
File C:\RRbackups\C\0\Data70 50003968 bytes
File C:\RRbackups\C\0\Data71 50003968 bytes
File C:\RRbackups\C\0\Data72 50003968 bytes
File C:\RRbackups\C\0\Data73 50003968 bytes
File C:\RRbackups\C\0\Data74 50003968 bytes
File C:\RRbackups\C\0\Data75 50003968 bytes
File C:\RRbackups\C\0\Data76 50003968 bytes
File C:\RRbackups\C\0\Data77 50003968 bytes
File C:\RRbackups\C\0\Data78 50003968 bytes
File C:\RRbackups\C\0\Data79 50003968 bytes
File C:\RRbackups\C\0\Data8 50003968 bytes
File C:\RRbackups\C\0\Data80 50003968 bytes
File C:\RRbackups\C\0\Data81 50003968 bytes
File C:\RRbackups\C\0\Data82 50003968 bytes
File C:\RRbackups\C\0\Data83 50003968 bytes
File C:\RRbackups\C\0\Data85 50003968 bytes
File C:\RRbackups\C\0\Data86 50003968 bytes
File C:\RRbackups\C\0\Data87 50003968 bytes
File C:\RRbackups\C\0\Data88 50003968 bytes
File C:\RRbackups\C\0\Data89 50003968 bytes
File C:\RRbackups\C\0\Data9 50003968 bytes
File C:\RRbackups\C\0\Data90 50003968 bytes
File C:\RRbackups\C\0\Data91 50003968 bytes
File C:\RRbackups\C\0\Data92 50003968 bytes
File C:\RRbackups\C\0\Data93 50003968 bytes
File C:\RRbackups\C\0\Data94 50003968 bytes
File C:\RRbackups\C\0\Data95 50003968 bytes
File C:\RRbackups\C\0\Data96 50003968 bytes
File C:\RRbackups\C\0\Data97 50003968 bytes
File C:\RRbackups\C\0\Data98 50003968 bytes
File C:\RRbackups\C\0\Data99 50003968 bytes
File C:\RRbackups\C\0\dats 0 bytes
File C:\RRbackups\C\0\dats\encobject.dat 1608 bytes
File C:\RRbackups\C\0\dats\hwkeys.dat 4248 bytes
File C:\RRbackups\C\0\dats\symkeys.dat 656 bytes
File C:\RRbackups\C\0\EFSFile 0 bytes
File C:\RRbackups\C\0\HashFile 300480 bytes
File C:\RRbackups\C\0\Info 752 bytes
File C:\RRbackups\C\0\TOCFile 30548800 bytes
File C:\RRbackups\C\1 0 bytes
File C:\RRbackups\C\1\Data0 50003968 bytes
File C:\RRbackups\C\1\Data1 50003968 bytes
File C:\RRbackups\C\1\Data10 50003968 bytes
File C:\RRbackups\C\1\Data100 50003968 bytes
File C:\RRbackups\C\1\Data101 50003968 bytes
File C:\RRbackups\C\1\Data102 50003968 bytes
File C:\RRbackups\C\1\Data103 50003968 bytes
File C:\RRbackups\C\1\Data104 50003968 bytes
File C:\RRbackups\C\1\Data105 50003968 bytes
File C:\RRbackups\C\1\Data106 50003968 bytes
File C:\RRbackups\C\1\Data107 50003968 bytes
File C:\RRbackups\C\1\Data108 50003968 bytes
File C:\RRbackups\C\1\Data109 50003968 bytes
File C:\RRbackups\C\1\Data11 50003968 bytes
File C:\RRbackups\C\1\Data110 50003968 bytes
File C:\RRbackups\C\1\Data111 50003968 bytes
File C:\RRbackups\C\1\Data112 50003968 bytes
File C:\RRbackups\C\1\Data113 50003968 bytes
File C:\RRbackups\C\1\Data114 50003968 bytes
File C:\RRbackups\C\1\Data115 50003968 bytes
File C:\RRbackups\C\1\Data28 50003968 bytes
File C:\RRbackups\C\1\Data29 50003968 bytes
File C:\RRbackups\C\1\Data3 50003968 bytes
File C:\RRbackups\C\1\Data30 50003968 bytes
File C:\RRbackups\C\1\Data31 50003968 bytes
File C:\RRbackups\C\1\Data32 50003968 bytes
File C:\RRbackups\C\1\Data33 50003968 bytes
File C:\RRbackups\C\1\Data34 50003968 bytes
File C:\RRbackups\C\1\Data35 50003968 bytes
File C:\RRbackups\C\1\Data36 50003968 bytes
File C:\RRbackups\C\1\Data37 50003968 bytes
File C:\RRbackups\C\1\Data38 50003968 bytes
File C:\RRbackups\C\1\Data39 50003968 bytes
File C:\RRbackups\C\1\Data4 50003968 bytes
File C:\RRbackups\C\1\Data40 50003968 bytes
File C:\RRbackups\C\1\Data41 50003968 bytes
File C:\RRbackups\C\1\Data42 50003968 bytes
File C:\RRbackups\C\1\Data43 50003968 bytes
File C:\RRbackups\C\1\Data44 50003968 bytes
File C:\RRbackups\C\1\Data45 50003968 bytes
File C:\RRbackups\C\1\Data47 50003968 bytes
File C:\RRbackups\C\1\Data48 50003968 bytes
File C:\RRbackups\C\1\Data49 50003968 bytes
File C:\RRbackups\C\1\Data5 50003968 bytes
File C:\RRbackups\C\1\Data50 50003968 bytes
File C:\RRbackups\C\1\Data51 50003968 bytes
File C:\RRbackups\C\1\Data52 50003968 bytes
File C:\RRbackups\C\1\Data53 50003968 bytes
File C:\RRbackups\C\1\Data54 50003968 bytes
File C:\RRbackups\C\1\Data55 50003968 bytes
File C:\RRbackups\C\1\Data56 50003968 bytes
File C:\RRbackups\C\1\Data57 50003968 bytes
File C:\RRbackups\C\1\Data58 50003968 bytes
File C:\RRbackups\C\1\Data59 50003968 bytes
File C:\RRbackups\C\1\Data6 50003968 bytes
File C:\RRbackups\C\1\Data60 50003968 bytes
File C:\RRbackups\C\1\Data61 50003968 bytes
File C:\RRbackups\C\1\Data62 50003968 bytes
File C:\RRbackups\C\1\Data63 50003968 bytes
File C:\RRbackups\C\1\Data64 50003968 bytes
File C:\RRbackups\C\1\Data66 50003968 bytes
File C:\RRbackups\C\1\Data67 50003968 bytes
File C:\RRbackups\C\1\Data68 50003968 bytes
File C:\RRbackups\C\1\Data69 50003968 bytes
File C:\RRbackups\C\1\Data7 50003968 bytes
File C:\RRbackups\C\1\Data70 50003968 bytes
File C:\RRbackups\C\1\Data71 50003968 bytes
File C:\RRbackups\C\1\Data72 50003968 bytes
File C:\RRbackups\C\1\Data73 50003968 bytes
File C:\RRbackups\C\1\Data74 50003968 bytes
File C:\RRbackups\C\1\Data75 50003968 bytes
File C:\RRbackups\C\1\Data76 50003968 bytes
File C:\RRbackups\C\1\Data77 50003968 bytes
File C:\RRbackups\C\1\Data78 50003968 bytes
File C:\RRbackups\C\1\Data79 50003968 bytes
File C:\RRbackups\C\1\Data8 50003968 bytes
File C:\RRbackups\C\1\Data80 50003968 bytes
File C:\RRbackups\C\1\Data81 50003968 bytes
File C:\RRbackups\C\1\Data82 50003968 bytes
File C:\RRbackups\C\1\Data83 50003968 bytes
File C:\RRbackups\C\1\Data117 50003968 bytes
File C:\RRbackups\C\1\Data118 50003968 bytes
File C:\RRbackups\C\1\Data119 50003968 bytes
File C:\RRbackups\C\1\Data12 50003968 bytes
File C:\RRbackups\C\1\Data120 50003968 bytes
File C:\RRbackups\C\1\Data121 50003968 bytes
File C:\RRbackups\C\1\Data122 50003968 bytes
File C:\RRbackups\C\1\Data123 50003968 bytes
File C:\RRbackups\C\1\Data124 50003968 bytes
File C:\RRbackups\C\1\Data125 50003968 bytes
File C:\RRbackups\C\1\Data126 50003968 bytes
File C:\RRbackups\C\1\Data127 50003968 bytes
File C:\RRbackups\C\1\Data128 50003968 bytes
File C:\RRbackups\C\1\Data129 50003968 bytes
File C:\RRbackups\C\1\Data13 50003968 bytes
File C:\RRbackups\C\1\Data130 50003968 bytes
File C:\RRbackups\C\1\Data131 50003968 bytes
File C:\RRbackups\C\1\Data132 50003968 bytes
File C:\RRbackups\C\1\Data133 50003968 bytes
File C:\RRbackups\C\1\Data134 50003968 bytes
File C:\RRbackups\C\1\Data136 50003968 bytes
File C:\RRbackups\C\1\Data137 50003968 bytes
File C:\RRbackups\C\1\Data138 50003968 bytes
File C:\RRbackups\C\1\Data139 50003968 bytes
File C:\RRbackups\C\1\Data14 50003968 bytes
File C:\RRbackups\C\1\Data140 50003968 bytes
File C:\RRbackups\C\1\Data141 50003968 bytes
File C:\RRbackups\C\1\Data142 50003968 bytes
File C:\RRbackups\C\1\Data143 50003968 bytes
File C:\RRbackups\C\1\Data144 50003968 bytes
File C:\RRbackups\C\1\Data145 50003968 bytes
File C:\RRbackups\C\1\Data146 50003968 bytes
File C:\RRbackups\C\1\Data147 50003968 bytes
File C:\RRbackups\C\1\Data148 50003968 bytes
File C:\RRbackups\C\1\Data149 50003968 bytes
File C:\RRbackups\C\1\Data15 50003968 bytes
File C:\RRbackups\C\1\Data150 50003968 bytes
File C:\RRbackups\C\1\Data151 50003968 bytes
File C:\RRbackups\C\1\Data152 50003968 bytes
File C:\RRbackups\C\1\Data153 50003968 bytes
File C:\RRbackups\C\1\Data155 50003968 bytes
File C:\RRbackups\C\1\Data156 50003968 bytes
File C:\RRbackups\C\1\Data157 50003968 bytes
File C:\RRbackups\C\1\Data158 50003968 bytes
File C:\RRbackups\C\1\Data159 50003968 bytes
File C:\RRbackups\C\1\Data16 50003968 bytes
File C:\RRbackups\C\1\Data160 50003968 bytes
File C:\RRbackups\C\1\Data161 50003968 bytes
File C:\RRbackups\C\1\Data162 50003968 bytes
File C:\RRbackups\C\1\Data163 50003968 bytes
File C:\RRbackups\C\1\Data164 50003968 bytes
File C:\RRbackups\C\1\Data165 50003968 bytes
File C:\RRbackups\C\1\Data166 50003968 bytes
File C:\RRbackups\C\1\Data167 50003968 bytes
File C:\RRbackups\C\1\Data168 50003968 bytes
File C:\RRbackups\C\1\Data169 50003968 bytes
File C:\RRbackups\C\1\Data17 50003968 bytes
File C:\RRbackups\C\1\Data170 50003968 bytes
File C:\RRbackups\C\1\Data171 50003968 bytes
File C:\RRbackups\C\1\Data172 50003968 bytes
File C:\RRbackups\C\1\Data116 50003968 bytes
File C:\RRbackups\C\1\Data135 50003968 bytes
File C:\RRbackups\C\1\Data154 50003968 bytes
File C:\RRbackups\C\1\Data173 50003968 bytes
File C:\RRbackups\C\1\Data192 50003968 bytes
File C:\RRbackups\C\1\Data27 50003968 bytes
File C:\RRbackups\C\1\Data46 50003968 bytes
File C:\RRbackups\C\1\Data65 50003968 bytes
File C:\RRbackups\C\1\Data84 50003968 bytes
File C:\RRbackups\C\1\Data174 50003968 bytes
File C:\RRbackups\C\1\Data175 50003968 bytes
File C:\RRbackups\C\1\Data176 50003968 bytes
File C:\RRbackups\C\1\Data177 50003968 bytes
File C:\RRbackups\C\1\Data178 50003968 bytes
File C:\RRbackups\C\1\Data179 50003968 bytes
File C:\RRbackups\C\1\Data18 50003968 bytes
File C:\RRbackups\C\1\Data180 50003968 bytes
File C:\RRbackups\C\1\Data181 50003968 bytes
File C:\RRbackups\C\1\Data182 50003968 bytes
File C:\RRbackups\C\1\Data183 50003968 bytes
File C:\RRbackups\C\1\Data184 50003968 bytes
File C:\RRbackups\C\1\Data185 50003968 bytes
File C:\RRbackups\C\1\Data186 50003968 bytes
File C:\RRbackups\C\1\Data187 50003968 bytes
File C:\RRbackups\C\1\Data188 50003968 bytes
File C:\RRbackups\C\1\Data189 50003968 bytes
File C:\RRbackups\C\1\Data19 50003968 bytes
File C:\RRbackups\C\1\Data190 50003968 bytes
File C:\RRbackups\C\1\Data191 50003968 bytes
File C:\RRbackups\C\1\Data193 50003968 bytes
File C:\RRbackups\C\1\Data194 50003968 bytes
File C:\RRbackups\C\1\Data195 50003968 bytes
File C:\RRbackups\C\1\Data196 50003968 bytes
File C:\RRbackups\C\1\Data197 50003968 bytes
File C:\RRbackups\C\1\Data198 50003968 bytes
File C:\RRbackups\C\1\Data199 50003968 bytes
File C:\RRbackups\C\1\Data2 50003968 bytes
File C:\RRbackups\C\1\Data20 50003968 bytes
File C:\RRbackups\C\1\Data200 50003968 bytes
File C:\RRbackups\C\1\Data201 50003968 bytes
File C:\RRbackups\C\1\Data202 50003968 bytes
File C:\RRbackups\C\1\Data203 50003968 bytes
File C:\RRbackups\C\1\Data204 50003968 bytes
File C:\RRbackups\C\1\Data205 50003968 bytes
File C:\RRbackups\C\1\Data206 50003968 bytes
File C:\RRbackups\C\1\Data207 50003968 bytes
File C:\RRbackups\C\1\Data208 50003968 bytes
File C:\RRbackups\C\1\Data209 6514494 bytes
File C:\RRbackups\C\1\Data21 50003968 bytes
File C:\RRbackups\C\1\Data22 50003968 bytes
File C:\RRbackups\C\1\Data23 50003968 bytes
File C:\RRbackups\C\1\Data24 50003968 bytes
File C:\RRbackups\C\1\Data25 50003968 bytes
File C:\RRbackups\C\1\Data26 50003968 bytes
File C:\RRbackups\C\1\Data85 50003968 bytes
File C:\RRbackups\C\1\Data86 50003968 bytes
File C:\RRbackups\C\1\Data87 50003968 bytes
File C:\RRbackups\C\1\Data88 50003968 bytes
File C:\RRbackups\C\1\Data89 50003968 bytes
File C:\RRbackups\C\1\Data9 50003968 bytes
File C:\RRbackups\C\1\Data90 50003968 bytes
File C:\RRbackups\C\1\Data91 50003968 bytes
File C:\RRbackups\C\1\Data92 50003968 bytes
File C:\RRbackups\C\1\Data93 50003968 bytes
File C:\RRbackups\C\1\Data94 50003968 bytes
File C:\RRbackups\C\1\Data95 50003968 bytes
File C:\RRbackups\C\1\Data96 50003968 bytes
File C:\RRbackups\C\1\Data97 50003968 bytes
File C:\RRbackups\C\1\Data98 50003968 bytes
File C:\RRbackups\C\1\Data99 50003968 bytes
File C:\RRbackups\C\1\dats 0 bytes
File C:\RRbackups\C\1\dats\encobject.dat 1608 bytes
File C:\RRbackups\C\1\dats\hwkeys.dat 4248 bytes
File C:\RRbackups\C\1\dats\symkeys.dat 656 bytes
File C:\RRbackups\C\1\EFSFile 0 bytes
File C:\RRbackups\C\1\HashFile 344982 bytes
File C:\RRbackups\C\1\Info 752 bytes
File C:\RRbackups\C\1\TOCFile 35073170 bytes
File C:\RRbackups\C\2 0 bytes
File C:\RRbackups\C\2\Data0 50003968 bytes
File C:\RRbackups\C\2\Data1 50003968 bytes
File C:\RRbackups\C\2\Data10 50003968 bytes
File C:\RRbackups\C\2\Data11 50003968 bytes
File C:\RRbackups\C\2\Data12 50003968 bytes
File C:\RRbackups\C\2\Data13 50003968 bytes
File C:\RRbackups\C\2\Data14 50003968 bytes
File C:\RRbackups\C\2\Data15 32963962 bytes
File C:\RRbackups\C\2\Data2 50003968 bytes
File C:\RRbackups\C\2\Data3 50003968 bytes
File C:\RRbackups\C\2\Data4 50003968 bytes
File C:\RRbackups\C\2\Data5 50003968 bytes
File C:\RRbackups\C\2\Data6 50003968 bytes
File C:\RRbackups\C\2\Data7 50003968 bytes
File C:\RRbackups\C\2\Data8 50003968 bytes
File C:\RRbackups\C\2\Data9 50003968 bytes
File C:\RRbackups\C\2\dats 0 bytes
File C:\RRbackups\C\2\dats\encobject.dat 1608 bytes
File C:\RRbackups\C\2\dats\hwkeys.dat 4248 bytes
File C:\RRbackups\C\2\dats\symkeys.dat 656 bytes
File C:\RRbackups\C\2\EFSFile 0 bytes
File C:\RRbackups\C\2\HashFile 338334 bytes
File C:\RRbackups\C\2\Info 752 bytes
File C:\RRbackups\C\2\TOCFile 34397290 bytes
File C:\RRbackups\C\3 0 bytes
File C:\RRbackups\C\3\Data27 50003968 bytes
File C:\RRbackups\C\3\Data46 50003968 bytes
File C:\RRbackups\C\3\Data65 50003968 bytes
File C:\RRbackups\C\3\Data84 50003968 bytes
File C:\RRbackups\C\3\Data0 50003968 bytes
File C:\RRbackups\C\3\Data1 50003968 bytes
File C:\RRbackups\C\3\Data10 50003968 bytes
File C:\RRbackups\C\3\Data100 32718769 bytes
File C:\RRbackups\C\3\Data11 50003968 bytes
File C:\RRbackups\C\3\Data12 50003968 bytes
File C:\RRbackups\C\3\Data13 50003968 bytes
File C:\RRbackups\C\3\Data14 50003968 bytes
File C:\RRbackups\C\3\Data15 50003968 bytes
File C:\RRbackups\C\3\Data16 50003968 bytes
File C:\RRbackups\C\3\Data17 50003968 bytes
File C:\RRbackups\C\3\Data18 50003968 bytes
File C:\RRbackups\C\3\Data19 50003968 bytes
File C:\RRbackups\C\3\Data2
|
|
16.03.2012, 19:04
| #24 |
| | 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet GMER TEIL 3 (sorry, das ist wirklich viel) Code:
ATTFilter 50003968 bytes
File C:\RRbackups\C\3\Data20 50003968 bytes
File C:\RRbackups\C\3\Data21 50003968 bytes
File C:\RRbackups\C\3\Data22 50003968 bytes
File C:\RRbackups\C\3\Data23 50003968 bytes
File C:\RRbackups\C\3\Data24 50003968 bytes
File C:\RRbackups\C\3\Data25 50003968 bytes
File C:\RRbackups\C\3\Data26 50003968 bytes
File C:\RRbackups\C\3\Data28 50003968 bytes
File C:\RRbackups\C\3\Data29 50003968 bytes
File C:\RRbackups\C\3\Data3 50003968 bytes
File C:\RRbackups\C\3\Data30 50003968 bytes
File C:\RRbackups\C\3\Data31 50003968 bytes
File C:\RRbackups\C\3\Data32 50003968 bytes
File C:\RRbackups\C\3\Data33 50003968 bytes
File C:\RRbackups\C\3\Data34 50003968 bytes
File C:\RRbackups\C\3\Data35 50003968 bytes
File C:\RRbackups\C\3\Data36 50003968 bytes
File C:\RRbackups\C\3\Data37 50003968 bytes
File C:\RRbackups\C\3\Data38 50003968 bytes
File C:\RRbackups\C\3\Data39 50003968 bytes
File C:\RRbackups\C\3\Data4 50003968 bytes
File C:\RRbackups\C\3\Data40 50003968 bytes
File C:\RRbackups\C\3\Data41 50003968 bytes
File C:\RRbackups\C\3\Data42 50003968 bytes
File C:\RRbackups\C\3\Data43 50003968 bytes
File C:\RRbackups\C\3\Data44 50003968 bytes
File C:\RRbackups\C\3\Data45 50003968 bytes
File C:\RRbackups\C\3\Data47 50003968 bytes
File C:\RRbackups\C\3\Data48 50003968 bytes
File C:\RRbackups\C\3\Data49 50003968 bytes
File C:\RRbackups\C\3\Data5 50003968 bytes
File C:\RRbackups\C\3\Data50 50003968 bytes
File C:\RRbackups\C\3\Data51 50003968 bytes
File C:\RRbackups\C\3\Data52 50003968 bytes
File C:\RRbackups\C\3\Data53 50003968 bytes
File C:\RRbackups\C\3\Data54 50003968 bytes
File C:\RRbackups\C\3\Data55 50003968 bytes
File C:\RRbackups\C\3\Data56 50003968 bytes
File C:\RRbackups\C\3\Data57 50003968 bytes
File C:\RRbackups\C\3\Data58 50003968 bytes
File C:\RRbackups\C\3\Data59 50003968 bytes
File C:\RRbackups\C\3\Data6 50003968 bytes
File C:\RRbackups\C\3\Data60 50003968 bytes
File C:\RRbackups\C\3\Data61 50003968 bytes
File C:\RRbackups\C\3\Data62 50003968 bytes
File C:\RRbackups\C\3\Data63 50003968 bytes
File C:\RRbackups\C\3\Data64 50003968 bytes
File C:\RRbackups\C\3\Data66 50003968 bytes
File C:\RRbackups\C\3\Data67 50003968 bytes
File C:\RRbackups\C\3\Data68 50003968 bytes
File C:\RRbackups\C\3\Data69 50003968 bytes
File C:\RRbackups\C\3\Data7 50003968 bytes
File C:\RRbackups\C\3\Data70 50003968 bytes
File C:\RRbackups\C\3\Data71 50003968 bytes
File C:\RRbackups\C\3\Data72 50003968 bytes
File C:\RRbackups\C\3\Data73 50003968 bytes
File C:\RRbackups\C\3\Data74 50003968 bytes
File C:\RRbackups\C\3\Data75 50003968 bytes
File C:\RRbackups\C\3\Data76 50003968 bytes
File C:\RRbackups\C\3\Data77 50003968 bytes
File C:\RRbackups\C\3\Data78 50003968 bytes
File C:\RRbackups\C\3\Data79 50003968 bytes
File C:\RRbackups\C\3\Data8 50003968 bytes
File C:\RRbackups\C\3\Data80 50003968 bytes
File C:\RRbackups\C\3\Data81 50003968 bytes
File C:\RRbackups\C\3\Data82 50003968 bytes
File C:\RRbackups\C\3\Data83 50003968 bytes
File C:\RRbackups\C\3\Data85 50003968 bytes
File C:\RRbackups\C\3\Data86 50003968 bytes
File C:\RRbackups\C\3\Data87 50003968 bytes
File C:\RRbackups\C\3\Data88 50003968 bytes
File C:\RRbackups\C\3\Data89 50003968 bytes
File C:\RRbackups\C\3\Data9 50003968 bytes
File C:\RRbackups\C\3\Data90 50003968 bytes
File C:\RRbackups\C\3\Data91 50003968 bytes
File C:\RRbackups\C\3\Data92 50003968 bytes
File C:\RRbackups\C\3\Data93 50003968 bytes
File C:\RRbackups\C\3\Data94 50003968 bytes
File C:\RRbackups\C\3\Data95 50003968 bytes
File C:\RRbackups\C\3\Data96 50003968 bytes
File C:\RRbackups\C\3\Data97 50003968 bytes
File C:\RRbackups\C\3\Data98 50003968 bytes
File C:\RRbackups\C\3\Data99 50003968 bytes
File C:\RRbackups\C\3\dats 0 bytes
File C:\RRbackups\C\3\dats\encobject.dat 1608 bytes
File C:\RRbackups\C\3\dats\hwkeys.dat 4248 bytes
File C:\RRbackups\C\3\dats\symkeys.dat 656 bytes
File C:\RRbackups\C\3\EFSFile 0 bytes
File C:\RRbackups\C\3\HashFile 320268 bytes
File C:\RRbackups\C\3\Info 752 bytes
File C:\RRbackups\C\3\TOCFile 32560580 bytes
File C:\RRbackups\C\4 0 bytes
File C:\RRbackups\C\4\Data0 50003968 bytes
File C:\RRbackups\C\4\Data1 50003968 bytes
File C:\RRbackups\C\4\Data2 50003968 bytes
File C:\RRbackups\C\4\Data3 50003968 bytes
File C:\RRbackups\C\4\Data4 50003968 bytes
File C:\RRbackups\C\4\Data5 50003968 bytes
File C:\RRbackups\C\4\Data6 11975704 bytes
File C:\RRbackups\C\4\dats 0 bytes
File C:\RRbackups\C\4\dats\encobject.dat 1608 bytes
File C:\RRbackups\C\4\dats\hwkeys.dat 4248 bytes
File C:\RRbackups\C\4\dats\symkeys.dat 656 bytes
File C:\RRbackups\C\4\EFSFile 0 bytes
File C:\RRbackups\C\4\HashFile 319380 bytes
File C:\RRbackups\C\4\Info 752 bytes
File C:\RRbackups\C\4\TOCFile 32470300 bytes
File C:\RRbackups\C\5 0 bytes
File C:\RRbackups\C\5\Data27 50003968 bytes
File C:\RRbackups\C\5\Data0 50003968 bytes
File C:\RRbackups\C\5\Data1 50003968 bytes
File C:\RRbackups\C\5\Data10 50003968 bytes
File C:\RRbackups\C\5\Data11 50003968 bytes
File C:\RRbackups\C\5\Data12 50003968 bytes
File C:\RRbackups\C\5\Data13 50003968 bytes
File C:\RRbackups\C\5\Data14 50003968 bytes
File C:\RRbackups\C\5\Data15 50003968 bytes
File C:\RRbackups\C\5\Data16 50003968 bytes
File C:\RRbackups\C\5\Data17 50003968 bytes
File C:\RRbackups\C\5\Data18 50003968 bytes
File C:\RRbackups\C\5\Data19 50003968 bytes
File C:\RRbackups\C\5\Data2 50003968 bytes
File C:\RRbackups\C\5\Data20 50003968 bytes
File C:\RRbackups\C\5\Data21 50003968 bytes
File C:\RRbackups\C\5\Data22 50003968 bytes
File C:\RRbackups\C\5\Data23 50003968 bytes
File C:\RRbackups\C\5\Data24 50003968 bytes
File C:\RRbackups\C\5\Data25 50003968 bytes
File C:\RRbackups\C\5\Data26 50003968 bytes
File C:\RRbackups\C\5\Data28 50003968 bytes
File C:\RRbackups\C\5\Data29 50003968 bytes
File C:\RRbackups\C\5\Data3 50003968 bytes
File C:\RRbackups\C\5\Data30 50003968 bytes
File C:\RRbackups\C\5\Data31 50003968 bytes
File C:\RRbackups\C\5\Data32 50003968 bytes
File C:\RRbackups\C\5\Data33 50003968 bytes
File C:\RRbackups\C\5\Data34 50003968 bytes
File C:\RRbackups\C\5\Data35 50003968 bytes
File C:\RRbackups\C\5\Data36 50003968 bytes
File C:\RRbackups\C\5\Data37 50003968 bytes
File C:\RRbackups\C\5\Data38 50003968 bytes
File C:\RRbackups\C\5\Data39 50003968 bytes
File C:\RRbackups\C\5\Data4 50003968 bytes
File C:\RRbackups\C\5\Data40 50003968 bytes
File C:\RRbackups\C\5\Data41 50003968 bytes
File C:\RRbackups\C\5\Data42 50003968 bytes
File C:\RRbackups\C\5\Data43 50003968 bytes
File C:\RRbackups\C\5\Data44 50003968 bytes
File C:\RRbackups\C\5\Data45 50003968 bytes
File C:\RRbackups\C\5\Data46 50003968 bytes
File C:\RRbackups\C\5\Data47 3406073 bytes
File C:\RRbackups\C\5\Data5 50003968 bytes
File C:\RRbackups\C\5\Data6 50003968 bytes
File C:\RRbackups\C\5\Data7 50003968 bytes
File C:\RRbackups\C\5\Data8 50003968 bytes
File C:\RRbackups\C\5\Data9 50003968 bytes
File C:\RRbackups\C\5\dats 0 bytes
File C:\RRbackups\C\5\dats\encobject.dat 1608 bytes
File C:\RRbackups\C\5\dats\hwkeys.dat 4248 bytes
File C:\RRbackups\C\5\dats\symkeys.dat 656 bytes
File C:\RRbackups\C\5\EFSFile 0 bytes
File C:\RRbackups\C\5\HashFile 295308 bytes
File C:\RRbackups\C\5\Info 752 bytes
File C:\RRbackups\C\5\TOCFile 30022980 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3023003267-1114687700-4133344211-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3023003267-1114687700-4133344211-500\4bb0ae12-62c3-41d7-a6b0-6db264fa87a4 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3023003267-1114687700-4133344211-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-648370623-2588457295-3489940576-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-648370623-2588457295-3489940576-500\6994b57a-5196-4d04-a70e-bb9900c01546 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-648370623-2588457295-3489940576-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_3fdcb470-05de-44c7-8839-8674b11fc129 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_3fdcb470-05de-44c7-8839-8674b11fc129 917 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\ThinkVantage 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\ThinkVantage\Client Security 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\ThinkVantage\Client Security\encobject.dat 1608 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\ThinkVantage\Client Security\hwkeys.dat 4248 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\ThinkVantage\Client Security\symkeys.dat 656 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3023003267-1114687700-4133344211-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3023003267-1114687700-4133344211-500\4bb0ae12-62c3-41d7-a6b0-6db264fa87a4 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3023003267-1114687700-4133344211-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-648370623-2588457295-3489940576-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-648370623-2588457295-3489940576-500\6994b57a-5196-4d04-a70e-bb9900c01546 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-648370623-2588457295-3489940576-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\toff 0 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-625425684-1169080742-3091018802-1005 0 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-625425684-1169080742-3091018802-1005\500fcc51dd345514f69969d2384208fd_3fdcb470-05de-44c7-8839-8674b11fc129 45 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-625425684-1169080742-3091018802-1005\533145ef011ddf5ca3983e2545a902b4_3fdcb470-05de-44c7-8839-8674b11fc129 2099 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-625425684-1169080742-3091018802-1005\8f71098770f72c7a67cd8f1151619865_3fdcb470-05de-44c7-8839-8674b11fc129 54 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3023003267-1114687700-4133344211-500 0 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3023003267-1114687700-4133344211-500\4bb0ae12-62c3-41d7-a6b0-6db264fa87a4 388 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3023003267-1114687700-4133344211-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Protect\S-1-5-21-625425684-1169080742-3091018802-1005 0 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Protect\S-1-5-21-625425684-1169080742-3091018802-1005\2e196bc1-928f-49e2-9376-ef4a85724790 388 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Protect\S-1-5-21-625425684-1169080742-3091018802-1005\2e61bffa-1104-4933-ba25-0bfa2da82015 388 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Protect\S-1-5-21-625425684-1169080742-3091018802-1005\7c8bdbf8-db04-4a11-9c27-369bc321258d 388 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Protect\S-1-5-21-625425684-1169080742-3091018802-1005\ad37c180-acf6-49c4-a5be-b222f447528e 388 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Protect\S-1-5-21-625425684-1169080742-3091018802-1005\ce5ee5c8-5592-4bab-86c1-fa14152d4008 388 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Protect\S-1-5-21-625425684-1169080742-3091018802-1005\edd4acc1-9cd9-4111-8531-9b00bb5372bb 388 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Protect\S-1-5-21-625425684-1169080742-3091018802-1005\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Protect\S-1-5-21-648370623-2588457295-3489940576-500 0 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Protect\S-1-5-21-648370623-2588457295-3489940576-500\6994b57a-5196-4d04-a70e-bb9900c01546 388 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\Protect\S-1-5-21-648370623-2588457295-3489940576-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\ThinkVantage 0 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\ThinkVantage\Client Security 0 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\ThinkVantage\Client Security\encobject.dat 6432 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\ThinkVantage\Client Security\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\ThinkVantage\Client Security\hwkeys.dat 6372 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\ThinkVantage\Client Security\pwdrecovery.dat 1104 bytes
File C:\RRbackups\Documents and Settings\toff\Anwendungsdaten\ThinkVantage\Client Security\symkeys.dat 2296 bytes
File C:\RRbackups\hints.dat 8192 bytes
File C:\RRbackups\osfilter.txt 7563 bytes
File C:\RRbackups\regcerts.dat 8192 bytes
File C:\RRbackups\rr.log 14997 bytes
File C:\RRbackups\SAM 28672 bytes
File C:\RRbackups\system 4718592 bytes
File C:\RRbackups\system.dat 12288 bytes
File C:\RRbackups\tvt.txt 11480 bytes
File C:\RRbackups\usersids.dat 15600 bytes
---- EOF - GMER 1.0.15 ----
|
|
16.03.2012, 19:26
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2012, 12:02
| #26 |
| | 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet Es scheint alles geklappt zu haben; hier das Log: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-17 11:48:27
-----------------------------
11:48:27.078 OS Version: Windows 5.1.2600 Service Pack 2
11:48:27.078 Number of processors: 2 586 0xE08
11:48:27.078 ComputerName: APFELMUS UserName: toff
11:48:27.796 Initialize success
11:48:43.109 AVAST engine defs: 12031600
11:49:14.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:49:14.218 Disk 0 Vendor: FUJITSU_ 0084 Size: 57231MB BusType: 3
11:49:14.234 Disk 0 MBR read successfully
11:49:14.234 Disk 0 MBR scan
11:49:14.281 Disk 0 Windows XP default MBR code
11:49:14.281 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 53230 MB offset 63
11:49:14.312 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 4001 MB offset 109015200
11:49:14.390 Disk 0 scanning sectors +117210240
11:49:14.718 Disk 0 scanning C:\WINDOWS\system32\drivers
11:49:29.828 Service scanning
11:49:54.546 Modules scanning
11:49:57.515 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
11:50:00.078 Disk 0 trace - called modules:
11:50:00.109 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
11:50:00.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b8bab8]
11:50:00.109 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\00000096[0x89b5db58]
11:50:00.109 5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x89b90030]
11:50:00.515 AVAST engine scan C:\WINDOWS
11:50:16.578 AVAST engine scan C:\WINDOWS\system32
11:53:05.343 AVAST engine scan C:\WINDOWS\system32\drivers
11:53:22.593 AVAST engine scan C:\Dokumente und Einstellungen\toff
11:56:43.015 AVAST engine scan C:\Dokumente und Einstellungen\All Users
11:57:02.828 Scan finished successfully
11:57:58.968 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\toff\Desktop\MBR.dat"
11:57:58.968 The log file has been saved successfully to "C:\Dokumente und Einstellungen\toff\Desktop\log.txt"
|
|
17.03.2012, 15:11
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2012, 22:21
| #28 |
| | 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet Na, das klingt doch gut Merci Beaucoup!Hier die logs: Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.17.06 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 toff :: APFELMUS [Administrator] 17.03.2012 19:21:50 mbam-log-2012-03-17 (19-21-50).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 230857 Laufzeit: 19 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) SUPERAntiSpyware Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/17/2012 at 10:11 PM
Application Version : 5.0.1146
Core Rules Database Version : 8347
Trace Rules Database Version: 6159
Scan type : Complete Scan
Total Scan Time : 02:11:21
Operating System Information
Windows XP Professional 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator
Memory items scanned : 547
Memory threats detected : 0
Registry items scanned : 32646
Registry threats detected : 0
File items scanned : 102157
File threats detected : 12
Adware.Tracking Cookie
statse.webtrendslive.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOFF\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\XPD9HS47.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOFF\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\XPD9HS47.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOFF\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\XPD9HS47.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOFF\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\XPD9HS47.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOFF\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\XPD9HS47.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOFF\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\XPD9HS47.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOFF\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\XPD9HS47.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOFF\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\XPD9HS47.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOFF\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\XPD9HS47.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOFF\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\XPD9HS47.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOFF\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\XPD9HS47.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\DOKUMENTE UND EINSTELLUNGEN\TOFF\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\XPD9HS47.DEFAULT\COOKIES.SQLITE ]
Ich habe allerdings immer noch das Gefühl, dass mein Speicher viel voller angezeigt wird, als er ist. Hast du diesbezüglich eine Idee? Oder täusche ich mich? |
|
19.03.2012, 15:52
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2012, 16:04
| #30 |
| | 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet Ja, läuft eigentlich alles prima, würde ich sagen; vielen Dank nochmal! Über was ich mich noch wundere, ist wie gesagt, dass ich den Eindruck habe, dass mein Festplattenspeicher (ca. 53 Gigabyte) viel voller (nämlich 36 Gb) angezeigt wird, als er eigentlich sein dürfte; wenn ich im Laufwerk selbst all das markiere, was angezeigt wird, komme ich nur auf ungefähr 12 Gb Speicherbelegung, was mir realistischer erscheint. Fällt dir dazu irgendetwas ein? |
|
| Themen zu 50 Euro-Trojaner - PC gesperrt bei Verbindung mit dem Internet |
| 0x00000001, antivir, avira, bho, bildschirm, error, festplatte, firefox, flash player, format, google, internet, lenovo, logfile, maßnahme, mozilla, mozilla thunderbird, object, picasa, plug-in, problem, registry, rundll, schwarzer bildschirm, searchscopes, security, senden, software, tcp, tracker, udp, windows |
Linear-Darstellung
