So,der Sperrbildschirm taucht immer noch auf
Konnte aber noch die Logfile sichern.
Code:
Alles auswählen Aufklappen ATTFilter
HitmanPro 3.7.6.201
www.hitmanpro.com
Computer name . . . . : LUXSHAN-PC
Windows . . . . . . . : 6.1.1.7601.X86/2
User name . . . . . . : NT-AUTORITÄT\SYSTEM
UAC . . . . . . . . . : Disabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-06-11 23:14:25
Scan mode . . . . . . : Normal
Scan duration . . . . : 6m 38s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 8
Traces . . . . . . . : 314
Objects scanned . . . : 1.072.312
Files scanned . . . . : 32.369
Remnants scanned . . : 397.019 files / 642.924 keys
Malware _____________________________________________________________________
C:\FRST\Quarantine\Sony Smart Blaster0\safpdndnn.exe
Size . . . . . . . : 335.872 bytes
Age . . . . . . . : 2.0 days (2013-06-09 23:46:28)
Entropy . . . . . : 7.5
SHA-256 . . . . . : 13C4C0B92BA0F72F4210336E99EC6A49EAE9C55423A06AC70281CE038F1A33B4
Product . . . . . : Epigynum glycocho
Publisher . . . . : GreenMind Association ffff
Description . . . : Technico
Version . . . . . : 1.03.0002
Copyright . . . . : Overmerc oxynarco baronete 2001-1992
> G Data . . . . . . : Gen:Variant.Symmi.17957
Fuzzy . . . . . . : 106.0
Forensic Cluster
-5.0s C:\Users\Luxshan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5cb99338-345a62c3.idx
-4.9s C:\Users\Luxshan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5cb99338-345a62c3
-2.9s C:\Users\Luxshan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ad26001-4cbdbd4c
-2.7s C:\Users\Luxshan\AppData\Local\Temp\b34btbztdb0vavaw.exe
0.0s C:\FRST\Quarantine\Sony Smart Blaster0\safpdndnn.exe
2.7s C:\FRST\Quarantine\AtrosWiFi\
2.8s C:\FRST\Quarantine\AtrosWiFi\AtrosWiF.exe
5.2s C:\Users\Luxshan\AppData\Local\Temp\~DFABCA1F5BFCED1F5E.TMP
6.9s C:\Users\Luxshan\AppData\Local\Temp\GCXQW.bat
7.1s C:\FRST\Quarantine\b34btbztdb2vavaw.exe
10.2s C:\Users\Luxshan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ad26001-38549ace.idx
10.2s C:\Users\Luxshan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ad26001-38549ace
10.2s C:\Users\Luxshan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ad26001-38549ace
12.4s C:\Users\Luxshan\AppData\Local\Temp\b34btbztdb2vavaw.dll
15.1s C:\FRST\Quarantine\Sony Smart Blaster0\
29.8s C:\Users\Luxshan\AppData\Roaming\Microsoft\Windows\Templates\2433f433
29.9s C:\FRST\Quarantine\2433f433
29.9s C:\FRST\Quarantine\2433f433
Potential Unwanted Programs _________________________________________________
C:\ProgramData\Babylon\ (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\ (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\ (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\bab025.cbid20.dat (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\bab027.Ttype010611_def.dat (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\bab031.alrts.dat (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\bab065.engset.dat (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\bab091.norecovericon.dat (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\bab094.band.dat (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\Babylon.dat (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\ (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\cmbx.png (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\common.js (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\eula.html (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\lngs.png (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\page1.css (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\page1.html (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\page1.js (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\page1Lrg.css (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\page2.css (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\page2.html (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\page2.js (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\title1.png (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\title2.png (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\HtmlScreens\vIcn.png (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\Setup-client-x.zpb (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\Setup-tbmntr-9.0.3.5.zpb (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\Setup-tc-9.0.3.5.zpb (Babylon)
C:\Users\Luxshan\AppData\Local\Babylon\Setup\Setup.exe (Babylon)
Size . . . . . . . : 1.686.016 bytes
Age . . . . . . . : 719.9 days (2011-06-23 01:25:12)
Entropy . . . . . : 5.8
SHA-256 . . . . . : D60BB6464DC19E775A24EB3E3E93A4C4C39A4B707CAAD900E94B53DDC0A78BAD
Product . . . . . : Setup Module
Publisher . . . . : Babylon Ltd.
Description . . . : Setup Application
Version . . . . . : 9.0.3.5
Copyright . . . . : Copyright © Babylon Ltd. 1997-2011
Fuzzy . . . . . . : 0.0
C:\Users\Luxshan\AppData\Local\Babylon\Setup\SetupStrings.dat (Babylon)
C:\Users\Luxshan\AppData\Roaming\Babylon\ (Babylon)
C:\Users\Luxshan\AppData\Roaming\Babylon\log_file.txt (Babylon)
Hitman hat einiges gefunden,bin mir aber nicht sicher ob er auch alles gelöscht hat :/
11.06.2013, 20:43
Konnte aber noch die Logfile sichern.
Baum-Darstellung