| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Problem mit Trojaner/KeyloggerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.10.2009, 15:57
| #1 |
| Gast |  Problem mit Trojaner/Keylogger Hallo zusammen, ich bin neu hier! Ich habe mich angemeldet, weil ich ein Problem mit einem Trojaner/Keylogger habe (hatte?) und mir nicht sicher bin, ob ich das Ding losgeworden bin. Folgendes ist passiert: Meine Bank hat mir mein Online-Banking gesperrt, weil ich meine Online-Banking-Daten bereits auf einem ausländischen Server gefunden wurden. Ich habe daraufhin den PC mit Knoppicilin 7 (alle drei Scanner) komplett gescannt. Dabei wurden folgenden Viren/Trojaner gefunden: - TR/Crypt.XPACK.Gen - TR/Crypt.ZPACK.Gen - TR/Spy.Bebloh.A.14 - TR/Spy.Bebloh.A.15 und gelöscht. Ausserdem habe ich von der XP-Wiederherstellung-Console aus nochmal ein "fixmbr" gemacht (ohne das Windows zwischendurch zu booten). AntiVir findet nun bei einem Komplett-Scan nichts mehr. Im Hijack-Log kann ich auch nichts verdächtiges erkennen. Aber folgende Phänomene machen mich skeptisch: 1. Firefox stürzt ständig ab, auch im Save-Mode (aktuelle Version 3.5.3). Das macht er seit ich auf die 3.5.3 aktualisiert habe. Ich habe Firefox schon zweimal neu installiert und dabei auch alle Einstellungen löschen lassen - ohne Erfolg. 2. Windows meldet mir bei jedem Sysemstart für kurze Zeit, dass meine Firewall nicht aktiv wäre. Kurze Zeit später verschwindet die Meldung und die Firewall ist aktiv. Ich bräuchte nun eure Hilfe, um sicher zu gehen, dass der PC sauber ist bzw. welcher Trojaner sich da evtl. noch versteckt. Bitte keine Tipps, den Rechner komplett platt zu machen - das geht aus verschiedenen Gründen im Moment nicht. Ich poste in der nächsten Mail die gewünschten Listen. Ich hoffe, ich habe beim Erstellen der Listen alles richtig gemacht. Es wäre toll, wenn ihr mir irgendwie helfen könntet! Detlef Geändert von dgdg (08.10.2009 um 16:25 Uhr) |
|
08.10.2009, 16:09
| #2 |
| Gast |  Hijack-Log Ich kommen die Liste laut Anleitung. Wie gesagt, ich hoffe ich habe alles richtig gemacht
__________________Hijack 2.0.2 Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:01:16, on 08.10.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe C:\Programme\DVBViewer\DVBVservice.exe C:\Programme\FileZilla Server\FileZilla Server.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\Explorer.EXE C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\oodag.exe C:\Programme\CyberLink\Shared files\RichVideo.exe C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe C:\WINDOWS\system32\vmnat.exe C:\Programme\TightVNC1.3.9\WinVNC.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Programme\VMware\VMware Workstation\vmware-authd.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\vmnetdhcp.exe C:\Programme\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\WINDOWS\system32\xRaidSetup.exe C:\Programme\VMware\VMware Workstation\vmware-tray.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\etMon.exe C:\WINDOWS\system32\umonit.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Programme\DVBViewer\DVBVCtrl.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Programme\Biet-O-Matic\Biet-O-Matic.exe C:\Programme\EventGhost\EventGhost.exe C:\Programme\totalcmd\TOTALCMD.EXE C:\Programme\TaskbarPP12\TaskbarPP.exe C:\Programme\PC Connectivity Solution\ServiceLayer.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programme\PC Connectivity Solution\Transports\NclIVTBTSrv.exe C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\WINDOWS\system32\DllHost.exe C:\Programme\Mpeg2Schnitt\Mpeg2Schnitt.exe C:\Programme\ImagoMPEG-Muxer\ImagoMPEG-Muxer.exe C:\Programme\Adobe\Acrobat 7.0\Distillr\AcroTray.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\totalcmd\TOTALCMD.EXE C:\WINDOWS\system32\notepad.exe C:\Programme\CCleaner\CCleaner.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [vmware-tray] "C:\Programme\VMware\VMware Workstation\vmware-tray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe O4 - HKLM\..\Run: [WinVNC] "C:\Programme\TightVNC1.3.9\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Programme\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [DVBV Service Ctrl] C:\Programme\DVBViewer\DVBVCtrl.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: TaskbarPP.lnk = C:\Programme\TaskbarPP12\TaskbarPP.exe O4 - Global Startup: Biet-O-Matic.lnk = C:\Programme\Biet-O-Matic\Biet-O-Matic.exe O4 - Global Startup: EventGhost.lnk = C:\Programme\EventGhost\EventGhost.exe O4 - Global Startup: Total Commander.lnk = C:\Programme\totalcmd\TOTALCMD.EXE O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programme\vmware\vmware workstation\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\programme\vmware\vmware workstation\vsocklib.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O17 - HKLM\System\CCS\Services\Tcpip\..\{C09F605C-DF5C-41E7-A533-A32093A49C1C}: NameServer = 192.168.0.91 O17 - HKLM\System\CCS\Services\Tcpip\..\{F5796A22-B878-4834-B787-881E70E1C54E}: NameServer = 192.168.0.91 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: DVBViewer Recording Service (DVBVRecorder) - CM & V - C:\Programme\DVBViewer\DVBVservice.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme\FileZilla Server\FileZilla Server.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c8fd8a63939670) (gupdate1c8fd8a63939670) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Programme\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: Start BT in service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Programme\TightVNC1.3.9\WinVNC.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 13265 bytes |
|
08.10.2009, 16:12
| #3 |
| Gast | Filelist Teil 1 Filelist (die letzten 6 Monate) - Teil 1:
__________________Code:
ATTFilter ----- Root -----------------------------
Datentr„ger in Laufwerk C: ist dg2 c
Volumeseriennummer: F491-7E20
Verzeichnis von C:\
07.10.2009 16:07 43 filelist.txt
06.10.2009 08:33 2.145.386.496 pagefile.sys
16 Datei(en) 2.145.696.238 Bytes
0 Verzeichnis(se), 15.228.641.280 Bytes frei
----- Windows --------------------------
Datentr„ger in Laufwerk C: ist dg2 c
Volumeseriennummer: F491-7E20
Verzeichnis von C:\WINDOWS
07.10.2009 16:07 3.056.414 pfirewall.log
07.10.2009 15:19 7.085 wincmd.ini
07.10.2009 15:01 1.095.444 WindowsUpdate.log
07.10.2009 14:06 367 wiadebug.log
07.10.2009 13:26 32.424 SchedLgU.Txt
06.10.2009 08:35 908.757 setupapi.log
06.10.2009 08:33 0 wiaservc.log
06.10.2009 08:33 0 0.log
06.10.2009 08:33 2.048 bootstat.dat
05.10.2009 12:57 508 ODBC.INI
04.10.2009 13:22 957 wcx_ftp.ini
03.10.2009 17:20 8.519.693 pfirewall.log.old
16.09.2009 17:01 209.290 setupact.log
14.09.2009 14:34 1.318.461 iis6.log
14.09.2009 14:34 403.517 comsetup.log
14.09.2009 14:34 243.602 ntdtcsetup.log
14.09.2009 14:34 60.448 tabletoc.log
14.09.2009 14:34 1.374 imsins.log
14.09.2009 14:34 65.723 ocmsn.log
14.09.2009 14:34 544.966 tsoc.log
14.09.2009 14:34 7.137 KB968816.log
14.09.2009 14:34 83.959 medctroc.Log
14.09.2009 14:34 207.146 netfxocm.log
14.09.2009 14:34 578.684 ocgen.log
14.09.2009 14:34 59.374 msgsocm.log
14.09.2009 14:34 1.178.775 FaxSetup.log
14.09.2009 14:34 368.518 msmqinst.log
14.09.2009 14:34 1.374 imsins.BAK
14.09.2009 14:34 7.145 KB956844.log
14.09.2009 14:34 7.512 KB971961-IE8.log
12.09.2009 20:07 4.683 KB970653-v3.log
25.08.2009 23:59 39.424 zipinst.exe
23.08.2009 22:27 839 d.ini
19.08.2009 22:50 69 NeroDigital.ini
14.08.2009 15:36 153.213 spupdsvc.log
14.08.2009 00:55 21.815 KB960859.log
14.08.2009 00:55 21.755 KB971657.log
14.08.2009 00:55 21.565 KB971557.log
14.08.2009 00:55 185.083 updspapi.log
14.08.2009 00:55 12.515 KB956744.log
14.08.2009 00:55 12.125 KB973869.log
14.08.2009 00:55 21.380 KB973507.log
14.08.2009 00:55 11.877 KB973354.log
14.08.2009 00:55 12.255 KB973540.log
14.08.2009 00:55 42.458 wmsetup.log
14.08.2009 00:53 20.742 KB973815.log
03.08.2009 17:18 0 eDrawingOfficeAutomator.INI
29.07.2009 07:46 15.068 KB972260-IE8.log
28.07.2009 10:36 17.611 KB963093.log
28.07.2009 10:36 108.884 avmacc.log
27.07.2009 20:34 7.485 KB972636-IE8.log
27.07.2009 20:34 32.322 KB926140-v5.log
27.07.2009 20:33 24.180 KB940157.log
27.07.2009 20:33 4.052 KB915800-v4.log
23.07.2009 12:11 9.112 KB973346.log
23.07.2009 12:11 16.423 KB971633.log
23.07.2009 12:11 14.618 KB961371.log
06.07.2009 12:38 46.893 ie8_main.log
06.07.2009 12:38 39.009 KB971930-IE8.log
06.07.2009 12:38 47.644 KB969897-IE8.log
06.07.2009 12:37 50.515 ie8.log
02.07.2009 07:41 43 hpfccopy.INI
18.06.2009 13:23 1.469 win.ini
12.06.2009 12:29 27.619 KB961501.log
12.06.2009 12:29 28.764 KB969897.log
12.06.2009 12:29 13.843 KB969898.log
12.06.2009 12:26 25.735 KB970238.log
12.06.2009 12:26 25.216 KB968537.log
13.05.2009 10:39 59 vbaddin.ini
04.05.2009 09:28 51 CoDeSysOPC.ini
29.04.2009 17:42 86 WAGO-IO-PRO 32.ini
23.04.2009 12:27 517 spupdsvc.log.1.log
22.04.2009 11:50 31.482 WgaNotify.log
16.04.2009 09:32 25.747 KB959426.log
16.04.2009 09:32 24.732 KB961373.log
16.04.2009 09:30 20.668 KB956572.log
16.04.2009 09:30 20.875 KB952004.log
16.04.2009 09:30 18.469 KB960803.log
16.04.2009 09:30 19.186 KB963027.log
16.04.2009 09:30 10.748 KB923561.log
14.04.2009 17:47 274.272 DPINST.LOG
391 Datei(en) 80.904.682 Bytes
0 Verzeichnis(se), 15.228.600.320 Bytes frei
----- System ---
Datentr„ger in Laufwerk C: ist dg2 c
Volumeseriennummer: F491-7E20
Verzeichnis von C:\WINDOWS\system
23.08.2009 19:26 157.696 STORAGE.DLL
51 Datei(en) 4.834.479 Bytes
0 Verzeichnis(se), 15.228.608.512 Bytes frei
----- System 32 (Achtung: Zeitfenster beachten!) ---
Datentr„ger in Laufwerk C: ist dg2 c
Volumeseriennummer: F491-7E20
Verzeichnis von C:\WINDOWS\system32
06.10.2009 14:35 91.289 ryqhao
06.10.2009 08:38 102.950 perfc007.dat
06.10.2009 08:38 79.828 perfc009.dat
06.10.2009 08:38 503.814 perfh007.dat
06.10.2009 08:38 461.198 perfh009.dat
06.10.2009 08:38 1.165.368 PerfStringBackup.INI
06.10.2009 08:35 12.598 wpa.dbl
06.10.2009 08:33 111.099 oodbs.lor
12.09.2009 20:07 588.714 TZLog.log
28.08.2009 23:38 24.689.600 MRT.exe
26.08.2009 00:11 156.672 rmc_fixasf.exe
26.08.2009 00:11 237.568 rmc_rtspdl.dll
26.08.2009 00:11 323.584 AUDIOGENIE2.DLL
05.08.2009 10:59 206.336 mswebdvd.dll
19.07.2009 18:41 11.067.392 ieframe.dll
19.07.2009 15:11 5.937.152 mshtml.dll
17.07.2009 21:01 58.880 atl.dll
14.07.2009 13:03 46.080 tzchange.exe
13.07.2009 23:43 10.841.088 wmp.dll
13.07.2009 23:43 286.208 wmpdxm.dll
03.07.2009 18:55 206.848 occache.dll
03.07.2009 18:55 915.456 wininet.dll
03.07.2009 18:55 1.208.832 urlmon.dll
03.07.2009 18:55 594.432 msfeeds.dll
03.07.2009 18:55 55.296 msfeedsbs.dll
03.07.2009 18:55 25.600 jsproxy.dll
03.07.2009 18:55 1.469.440 inetcpl.cpl
03.07.2009 18:55 1.985.536 iertutil.dll
03.07.2009 18:55 184.320 iepeers.dll
03.07.2009 18:55 386.048 iedkcs32.dll
03.07.2009 13:01 173.056 ie4uinit.exe
29.06.2009 10:40 57.667 ieuinit.inf
22.06.2009 08:45 726.528 jscript.dll
16.06.2009 16:36 81.920 fontsub.dll
16.06.2009 16:36 119.808 t2embed.dll
15.06.2009 12:43 78.848 telnet.exe
15.06.2009 12:43 82.944 tlntsess.exe
12.06.2009 13:07 184.224 FNTCACHE.DAT
10.06.2009 16:13 85.504 avifil32.dll
10.06.2009 09:19 2.066.432 mstscax.dll
10.06.2009 08:14 132.096 wkssvc.dll
03.06.2009 21:09 1.296.896 quartz.dll
25.05.2009 00:24 350.208 mssph.dll
20.05.2009 04:56 2.458.112 WMVCore.dll
12.05.2009 15:12 16.928 spmsg.dll
12.05.2009 15:12 26.144 spupdsvc.exe
07.05.2009 17:32 348.160 localspl.dll
01.05.2009 23:02 811.008 divx_xx16.dll
01.05.2009 23:02 823.296 divx_xx0c.dll
01.05.2009 23:02 685.056 DivX.dll
01.05.2009 23:02 802.816 divx_xx11.dll
01.05.2009 23:02 815.104 divx_xx0a.dll
01.05.2009 23:02 823.296 divx_xx07.dll
29.04.2009 06:33 1.499.136 shdocvw.dll
26.04.2009 17:02 46 DonationCoder_processtamer_InstallInfo.dat
19.04.2009 21:46 1.847.296 win32k.sys
19.04.2009 19:34 30.704 FreeOTFEHashWhirlpool.sys
19.04.2009 19:34 22.128 FreeOTFEHashTiger.sys
19.04.2009 19:33 26.224 FreeOTFEHashSHA.sys
19.04.2009 19:33 32.112 FreeOTFEHashRIPEMD.sys
19.04.2009 19:33 16.880 FreeOTFEHashMD.sys
19.04.2009 19:33 31.600 FreeOTFECypherTwofish_ltc.sys
19.04.2009 19:33 28.528 FreeOTFECypherSerpent_Gladman.sys
19.04.2009 19:33 25.968 FreeOTFECypherRC6_ltc.sys
19.04.2009 19:33 24.944 FreeOTFECypherMARS_Gladman.sys
19.04.2009 19:33 56.816 FreeOTFECypherDES.sys
19.04.2009 19:33 30.576 FreeOTFECypherCAST6_Gladman.sys
19.04.2009 19:33 31.088 FreeOTFECypherCAST5.sys
19.04.2009 19:33 25.200 FreeOTFECypherBlowfish.sys
19.04.2009 19:32 47.088 FreeOTFECypherAES_ltc.sys
19.04.2009 19:32 31.856 FreeOTFE.sys
15.04.2009 16:51 585.216 rpcrt4.dll
04.04.2009 12:41 1.205 lvcoinst.log
04.04.2009 12:37 487 Installer.log
2735 Datei(en) 646.659.663 Bytes
0 Verzeichnis(se), 15.228.436.480 Bytes frei
----- Prefetch -------------------------
Datentr„ger in Laufwerk C: ist dg2 c
Volumeseriennummer: F491-7E20
Verzeichnis von C:\WINDOWS\Prefetch
07.10.2009 16:07 11.440 FIND.EXE-0F3A16B9.pf
07.10.2009 16:07 64.364 CMD.EXE-18AA480B.pf
07.10.2009 16:06 13.104 VERCLSID.EXE-11B4EDAB.pf
07.10.2009 16:06 14.938 7ZG.EXE-232A5FFD.pf
07.10.2009 16:06 19.668 SEARCHFILTERHOST.EXE-36BAE580.pf
07.10.2009 16:06 37.668 SEARCHPROTOCOLHOST.EXE-029776ED.pf
07.10.2009 16:05 17.448 EXPLORER.EXE-04FFEABC.pf
07.10.2009 16:03 35.204 AVWSC.EXE-148E32AF.pf
07.10.2009 16:02 75.988 THUNDERBIRD.EXE-0529A4C6.pf
07.10.2009 15:56 21.600 GUARDGUI.EXE-00E7569A.pf
07.10.2009 15:30 13.648 NET1.EXE-0312854F.pf
07.10.2009 15:30 12.198 NET.EXE-1C1A7E2A.pf
07.10.2009 15:30 23.610 WSCRIPT.EXE-0D18836C.pf
07.10.2009 15:30 12.628 WGET.EXE-2B594EC4.pf
07.10.2009 15:30 31.124 TVINFODVBV.EXE-1B29EEBA.pf
07.10.2009 15:26 34.684 GOOGLEUPDATE.EXE-03ABE250.pf
07.10.2009 15:24 24.100 WMIPRVSE.EXE-23177086.pf
07.10.2009 15:04 52.262 AVSCAN.EXE-2A474F12.pf
07.10.2009 15:01 58.134 WUAUCLT.EXE-141D0725.pf
07.10.2009 15:01 58.824 AVCONFIG.EXE-209E9690.pf
07.10.2009 14:57 55.652 AVCENTER.EXE-1C6B3E83.pf
07.10.2009 14:45 215.158 NOTEPAD.EXE-1D460EEF.pf
07.10.2009 14:27 15.058 JBWCIZ.EXE-157EE6E1.pf
07.10.2009 14:27 17.200 ROOTKITREVEALER.EXE-3160D16C.pf
07.10.2009 14:24 29.350 TQ197V08.EXE-1E823435.pf
07.10.2009 14:20 350.206 Layout.ini
07.10.2009 13:55 21.350 HIJACKTHIS.EXE-14CED3CD.pf
07.10.2009 13:53 92.278 FIREFOX.EXE-03F20888.pf
07.10.2009 13:50 112.450 CRASHREPORTER.EXE-378FD784.pf
07.10.2009 13:38 17.066 GOOGLEUPDATERSERVICE.EXE-04962E7F.pf
07.10.2009 13:34 7.872 JQSNOTIFY.EXE-03D4C663.pf
07.10.2009 12:29 14.604 ADOBELM_CLEANUP.0001-0BDC05D8.pf
07.10.2009 12:29 16.608 ADOBELMSVC.EXE-01052515.pf
07.10.2009 12:28 85.770 ACROBAT.EXE-2C4E2D80.pf
07.10.2009 09:44 166.856 ACDSEE.EXE-1EB44F4B.pf
07.10.2009 09:40 95.892 PSP.EXE-02F37582.pf
07.10.2009 09:33 27.796 ACROBATINFO.EXE-346F5F3C.pf
07.10.2009 09:30 55.842 ACRODIST.EXE-1D813A40.pf
07.10.2009 09:20 64.854 WINWORD.EXE-3A00FFE0.pf
07.10.2009 07:54 258.502 VLC.EXE-3ACE3305.pf
07.10.2009 06:10 100.214 DVBVIEWER.EXE-37AE3068.pf
07.10.2009 05:26 14.220 GOOGLECRASHHANDLER.EXE-0D3465C0.pf
07.10.2009 03:03 60.016 HELPSVC.EXE-1C72BC12.pf
07.10.2009 02:28 76.708 WINAMP.EXE-2B90D5BD.pf
07.10.2009 01:23 62.292 AMC3.EXE-2BEBF94A.pf
07.10.2009 00:21 94.662 TSPLAYER.EXE-1C160E62.pf
07.10.2009 00:09 100.014 GOOGLEUPDATER.EXE-030E6701.pf
06.10.2009 21:10 51.244 AVNOTIFY.EXE-07C18EBB.pf
06.10.2009 21:09 50.916 UPDATE.EXE-032CC98D.pf
06.10.2009 16:10 24.342 FREEOTFE.EXE-1EFCD76D.pf
06.10.2009 14:35 6.144 TEMP_8901245.EXE-07A7ADC4.pf
05.10.2009 21:10 15.032 RUNDLL32.EXE-6A480868.pf
05.10.2009 15:56 54.792 SEARCHFILTERHOST.EXE-2B53C1A9.pf
05.10.2009 15:56 130.196 SEARCHPROTOCOLHOST.EXE-2F7C9065.pf
05.10.2009 15:49 70.846 AVWSC.EXE-0770069F.pf
05.10.2009 15:44 91.138 WMIPRVSE.EXE-0E69CB0B.pf
05.10.2009 15:30 23.506 NET.EXE-1A501125.pf
05.10.2009 15:30 13.864 NET1.EXE-02EAE2C6.pf
05.10.2009 15:30 29.622 WSCRIPT.EXE-19DD6617.pf
05.10.2009 15:30 31.458 WGET.EXE-03CA705C.pf
05.10.2009 15:30 31.400 TVINFODVBV.EXE-008477A0.pf
05.10.2009 15:30 154.786 CMD.EXE-137A0D53.pf
05.10.2009 15:26 32.192 GOOGLEUPDATE.EXE-05B6617F.pf
05.10.2009 15:07 161.824 WUAUCLT.EXE-12D8E25E.pf
66 Datei(en) 5.116.054 Bytes
0 Verzeichnis(se), 15.228.469.248 Bytes frei
----- Tasks ----------------------------
Datentr„ger in Laufwerk C: ist dg2 c
Volumeseriennummer: F491-7E20
Verzeichnis von C:\WINDOWS\tasks
07.10.2009 16:00 276 dvbviewer.job
07.10.2009 15:30 278 dvb_tvinfo.job
07.10.2009 15:26 1.088 GoogleUpdateTaskMachineUA.job
07.10.2009 13:38 1.044 Google Software Updater.job
07.10.2009 07:00 278 dvb_epgupd.job
07.10.2009 06:10 284 dvb_datenbank.job
07.10.2009 05:26 1.084 GoogleUpdateTaskMachineCore.job
06.10.2009 08:33 6 SA.DAT
9 Datei(en) 4.403 Bytes
0 Verzeichnis(se), 15.228.469.248 Bytes frei
----- Windows/Temp -----------------------
Datentr„ger in Laufwerk C: ist dg2 c
Volumeseriennummer: F491-7E20
Verzeichnis von C:\WINDOWS\Temp
06.10.2009 08:35 13.930 hpqddsvc.log
06.10.2009 08:34 49.152 CompiledAdapter.dll
06.10.2009 08:34 16.384 Perflib_Perfdata_ed8.dat
06.10.2009 08:33 16.384 Perflib_Perfdata_9d0.dat
06.10.2009 08:33 0 sqlite_ZekOmbha8eolg5s
06.10.2009 08:33 483 WGAErrLog.txt
05.10.2009 21:08 16.384 Perflib_Perfdata_ccc.dat
29.09.2009 12:40 16.384 Perflib_Perfdata_7a4.dat
25.09.2009 08:26 0 is1171.tmp
22.09.2009 10:51 16.384 Perflib_Perfdata_844.dat
14.09.2009 14:38 16.384 Perflib_Perfdata_7f8.dat
12.09.2009 19:50 16.384 Perflib_Perfdata_3c8.dat
25.08.2009 12:33 16.384 Perflib_Perfdata_9f4.dat
17.08.2009 17:32 16.384 Perflib_Perfdata_914.dat
14.08.2009 15:36 16.384 Perflib_Perfdata_e10.dat
12.08.2009 19:57 16.384 Perflib_Perfdata_304.dat
12.08.2009 14:22 18.578 wudf_update.log
28.07.2009 12:52 16.384 Perflib_Perfdata_dbc.dat
17.07.2009 09:02 16.384 Perflib_Perfdata_854.dat
17.07.2009 08:52 16.384 Perflib_Perfdata_e04.dat
07.07.2009 17:25 16.384 Perflib_Perfdata_ff0.dat
15.06.2009 12:16 16.384 Perflib_Perfdata_53c.dat
12.06.2009 13:08 16.384 Perflib_Perfdata_d94.dat
17.05.2009 23:07 16.384 Perflib_Perfdata_ce0.dat
17.05.2009 23:01 616.448 wi04ey7d.TMP
17.05.2009 23:01 16.384 Perflib_Perfdata_250.dat
17.05.2009 23:00 16.384 Perflib_Perfdata_948.dat
17.05.2009 23:00 16.384 Perflib_Perfdata_8dc.dat
15.05.2009 03:02 0 is1062.tmp
15.05.2009 03:02 0 is105F.tmp
09.05.2009 11:56 16.384 Perflib_Perfdata_f04.dat
23.04.2009 12:28 16.384 Perflib_Perfdata_8fc.dat
23.04.2009 12:27 16.384 Perflib_Perfdata_85c.dat
23.04.2009 12:27 16.384 Perflib_Perfdata_7c0.dat
16.04.2009 12:42 16.384 Perflib_Perfdata_f94.dat
16.04.2009 12:27 16.384 Perflib_Perfdata_b34.dat
16.04.2009 11:16 16.384 Perflib_Perfdata_b00.dat
15.04.2009 20:51 16.384 Perflib_Perfdata_674.dat
15.04.2009 13:50 16.384 Perflib_Perfdata_ad0.dat
15.04.2009 13:40 16.384 Perflib_Perfdata_fe4.dat
04.04.2009 12:42 1.084 CamServr.log
04.04.2009 12:42 53.677 CamWizrd.log
04.04.2009 12:40 16.384 Perflib_Perfdata_d40.dat
04.04.2009 12:40 16.384 Perflib_Perfdata_a4c.dat
04.04.2009 12:39 16.384 Perflib_Perfdata_9f0.dat
04.04.2009 12:20 444 InstVid.log
04.04.2009 12:20 359 Instmed.log
192 Datei(en) 3.518.286 Bytes
0 Verzeichnis(se), 15.228.452.864 Bytes frei
|
|
08.10.2009, 16:14
| #4 |
| Gast | Problem mit Trojaner/Keylogger Filelist - Teil 2: Code:
ATTFilter ----- Temp ----------------------------- Datentr„ger in Laufwerk C: ist dg2 c Volumeseriennummer: F491-7E20 Verzeichnis von C:\DOKUME~1\detlef\LOKALE~1\Temp 07.10.2009 15:56 639.014.521 totalcmd.log 07.10.2009 15:55 0 etilqs_u4g3jgl95FBtrq2hlSLi 07.10.2009 14:46 91.712 Genotron GMER Logdatei (4August 2009)3von3.txt 07.10.2009 14:46 91.341 Genotron GMER Logdatei (4August 2009)2von3.txt 07.10.2009 14:46 54.776 Genotron GMER Logdatei (4August 2009)1von3.txt 07.10.2009 14:46 31.872 Genotron RSIT Logdatei (4 August2009).txt 07.10.2009 14:45 1.097 Genotron mbam-log-2009-08-04 (18-20-56).txt 07.10.2009 14:38 16.384 ~DFAA03.tmp 07.10.2009 14:27 498.560 JBWCIZ.exe 07.10.2009 12:29 59.964 Adobelm_Cleanup.0001 07.10.2009 09:40 3 Twain001.Mtx 07.10.2009 08:36 12.808 pcsuitecheck_new.xml 07.10.2009 07:57 957.876 WCESLog.log 06.10.2009 17:10 0 sqlite_Qy4rQLi8eW9auae 06.10.2009 17:10 2.048 sqlite_fOAIEQdCpl6cEGG 06.10.2009 17:10 0 sqlite_7cJqiCeYjhksImA 06.10.2009 17:10 0 sqlite_dM9sVCldm1Y9WBI 06.10.2009 17:10 0 sqlite_eLuBqDU6GjlfTE9 06.10.2009 13:14 8.948.756 nsmail.eml 06.10.2009 09:51 0 JET6B1F.tmp 06.10.2009 08:35 23.744 scratch.html 06.10.2009 08:34 15.353 NGLALog.txt 06.10.2009 08:34 16.384 ~DFDF3D.tmp 06.10.2009 08:34 375 WCESCOMM.LOG 06.10.2009 08:28 35.142 java_install_reg.log 05.10.2009 21:08 16.384 ~DF577F.tmp 05.10.2009 12:13 18.653 LVCOMSX.LOG 04.10.2009 14:08 21.504 Einladung Hessenpark.doc 04.10.2009 12:01 31.744 vjrko9xn.doc 04.10.2009 11:47 2 MMCULog2.txt 02.10.2009 16:14 0 sPotEFdl.htm.part 29.09.2009 12:39 16.384 ~DFCADE.tmp 23.09.2009 16:52 40.483 Art-400074363240-2-1.html 23.09.2009 16:52 30.227 Art-400074363240-2.html 23.09.2009 16:52 13.111 Art-400074363240-1.html 22.09.2009 10:51 16.384 ~DFFE03.tmp 21.09.2009 20:53 23.887 Halle_9.pdf 19.09.2009 11:01 0 rekq6OVI.wmv.part 17.09.2009 15:40 139.169 C200_T373.pdf 14.09.2009 14:51 16.384 ~DFB46C.tmp 14.09.2009 14:38 16.384 ~DFF8EC.tmp 12.09.2009 19:51 16.384 ~DF1BB7.tmp 11.09.2009 12:54 0 e.exe 03.09.2009 18:09 16.384 ~DF9C03.tmp 03.09.2009 17:44 29.454 Art-400070599249-2.html 03.09.2009 17:44 40.823 Art-400070599249-2-1.html 03.09.2009 17:43 13.045 Art-400070599249-1.html 02.09.2009 15:15 0 ew31998.tmp 02.09.2009 15:04 0 sz01980.tmp 31.08.2009 14:06 0 +ChiKg3E.pdf.part 31.08.2009 14:04 0 rY8XZiyk.pdf.part 28.08.2009 16:22 7.857 TWAIN.LOG 28.08.2009 16:20 0 hpp9BF.tmp 28.08.2009 16:20 156 Twunk001.MTX 28.08.2009 15:52 0 hpp8BF.tmp 28.08.2009 15:47 0 hpp8B8.tmp 27.08.2009 07:41 0 hpp4E0.tmp 24.08.2009 23:11 0 cIn_RiYz.wma.part 19.08.2009 22:49 0 ACD684.tmp.wav 17.08.2009 17:32 16.384 ~DFCE29.tmp 14.08.2009 15:36 16.384 ~DF97D7.tmp 13.08.2009 11:08 573.435 GZW2_Xww.zip.part 12.08.2009 19:58 16.384 ~DF1228.tmp 12.08.2009 19:51 1.302 NclRegPermissions(1).log 12.08.2009 19:38 27.648 Naturwissenschaftler_Siemens.doc 11.08.2009 00:02 1.058.167 4SrtE6kn.exe.part 10.08.2009 23:47 150.718 aj2oagkc.pdf 10.08.2009 22:31 429.931 OKUEXC55.pdf.part 10.08.2009 21:55 752 jar_cache4738335836214367725.tmp 08.08.2009 13:09 16.384 ~DFEBCB.tmp 06.08.2009 18:02 16.384 ~DF6475.tmp 05.08.2009 13:54 59.964 SolidWorksLicTemp.0001 02.08.2009 18:28 9.274.748 cqVyjDGB.zip.part 29.07.2009 13:56 0 Iv38OdAK.avi.part 28.07.2009 12:52 16.384 ~DFE17F.tmp 28.07.2009 10:36 2.322 _coInst.log 28.07.2009 10:36 2.364 vminst.log 27.07.2009 17:06 76.118 Microsoft .NET Framework 3.5-KB963707_20090727_150636578.html 27.07.2009 17:06 424.484 Microsoft .NET Framework 3.5-KB963707_20090727_150636578-Msi0.txt 27.07.2009 17:03 16.384 ~DFC7B.tmp 25.07.2009 15:57 0 hpp518.tmp 24.07.2009 20:58 4.109.612 4B8_BS4N.aspx.part 21.07.2009 14:00 0 G+dBWHNe.mpg.part 21.07.2009 13:58 0 Sdclzvje.wmv.part 17.07.2009 19:37 3.134.527 68fmwcQC.exe.part 17.07.2009 09:02 16.384 ~DFAB1C.tmp 17.07.2009 08:53 16.384 ~DF9914.tmp 16.07.2009 19:06 261.495 telefon.pdf 10.07.2009 20:43 4.761.088 n8aKSAbv.exe.part 10.07.2009 13:33 1.725.561 dSinfo1b.zip 10.07.2009 10:52 531.707 EVOdemux-0.627.zip 09.07.2009 22:02 27.455 support-1.zip 07.07.2009 17:27 16.384 ~DF6C7A.tmp 02.07.2009 14:41 0 90Uz+5w1.htm.part 02.07.2009 07:40 0 hpp2EF6.tmp 01.07.2009 19:05 0 ACD2D9E.tmp.wav 01.07.2009 19:05 0 ACD2D9D.tmp.wav 25.06.2009 15:39 0 hpp1C3A.tmp 24.06.2009 15:12 0 Twunk002.MTX 24.06.2009 09:22 58.196 9mko0rfp.pdf 18.06.2009 18:08 248.966 AtHjYyfR.zip.part 16.06.2009 23:39 558 jar_cache6019926857806319974.tmp 16.06.2009 22:59 906 jar_cache5803736771876292695.tmp 16.06.2009 22:59 217 jar_cache7223159316739195244.tmp 16.06.2009 22:59 58 jar_cache5931005199179569199.tmp 16.06.2009 22:59 43 jar_cache3971529711113456204.tmp 16.06.2009 22:58 639 jar_cache5841262206052608136.tmp 16.06.2009 22:58 1.007 jar_cache7248878198997233585.tmp 16.06.2009 22:58 603 jar_cache3676237488893072702.tmp 16.06.2009 22:58 645 jar_cache1945501006927102048.tmp 15.06.2009 12:16 16.384 ~DFD700.tmp 14.06.2009 08:33 577 +KALBBrE.osm.part 14.06.2009 08:33 577 9+mP8Efl.osm.part 14.06.2009 08:33 577 data.osm 12.06.2009 13:08 16.384 ~DFAFA5.tmp 11.06.2009 16:34 11.280 SCSILog0.txt 06.06.2009 19:26 1.023.444 WCESMgr.log 04.06.2009 10:11 315.488.185 ibu123.zip 03.06.2009 08:29 32.768 ~DF5B65.tmp 02.06.2009 12:15 41.938 OSR-1.pdf 02.06.2009 12:12 36.345 OSR.pdf 29.05.2009 14:02 1.360 wmplog02.sqm 29.05.2009 12:45 0 QrVJcGAK.mpg.part 29.05.2009 12:33 0 xRbiDgUD.wmv.part 29.05.2009 12:30 0 jWKGrrZ0.wmv.part 29.05.2009 12:30 0 ncjT_Vj4.wmv.part 29.05.2009 12:30 0 UFvmyxvC.wmv.part 29.05.2009 12:29 0 xMKQ14ZL.mpg.part 29.05.2009 11:53 0 oHGwJ9wU.mpg.part 29.05.2009 11:52 0 Pjl4hVsF.mpg.part 29.05.2009 11:52 0 NG6KzFhS.mpg.part 29.05.2009 11:50 0 lHZLsKsT.wmv.part 29.05.2009 11:28 0 VLv7nLfJ.wmv.part 28.05.2009 19:11 0 u0to9IU2.ts.part 28.05.2009 17:29 3.690.586 pnW_qkqN.exe.part 28.05.2009 12:58 2.891 clx.dro 28.05.2009 12:58 1.003 IDAPI32.CFG 28.05.2009 12:57 753 bdemerge.ini 28.05.2009 12:55 401.920 borlndlm.dll 28.05.2009 12:55 0 ~B41.tmp 27.05.2009 14:35 6.317.568 TOBITCLT.DLL 26.05.2009 10:23 0 cag3PIwv.mpg.part 25.05.2009 14:13 0 m4ssCNQF.wmv.part 25.05.2009 14:13 0 MTN_HNWR.wmv.part 25.05.2009 13:29 0 KEqQslS6.mpg.part 25.05.2009 13:24 0 L9XhHjC2.wmv.part 25.05.2009 12:47 0 c4n79.tmp 25.05.2009 12:46 0 pjl78.tmp 25.05.2009 12:45 0 lqa77.tmp 25.05.2009 12:44 0 yk976.tmp 25.05.2009 12:43 0 rqj75.tmp 25.05.2009 12:41 0 vct74.tmp 25.05.2009 12:40 0 ytf73.tmp 25.05.2009 10:47 16.384 ~DF7A25.tmp 24.05.2009 09:55 0 MEdAvY2U.mpg.part 23.05.2009 14:03 96.521 RE 098519.pdf 20.05.2009 22:34 0 NUiM6Pmd.mpg.part 20.05.2009 22:30 0 KrBY6yXr.wmv.part 20.05.2009 10:37 0 9dz6F0.tmp 20.05.2009 10:09 1.544.928 H+O3y3pS.wmv.part 20.05.2009 10:07 10.833.103 J7LE27+1.wmv.part 20.05.2009 10:03 8.262.272 y2skHwxj.wmv.part 20.05.2009 10:02 8.970.187 osIAf8mH.wmv.part 19.05.2009 14:37 7.753.411 zeTvwnN8.wmv.part 18.05.2009 14:46 0 sltzoJtm.wmv.part 18.05.2009 14:33 0 PxBvthPc.wmv.part 18.05.2009 14:27 0 neqhHOi_.wmv.part 18.05.2009 14:26 0 zjthSb8q.wmv.part 18.05.2009 14:18 0 8f2o4ctu.wmv.part 18.05.2009 14:15 0 ZOiT+5G1.wmv.part 18.05.2009 14:15 0 BqI4lHZh.wmv.part 18.05.2009 14:01 0 6i8201.tmp 18.05.2009 13:54 0 bl11FE.tmp 18.05.2009 13:52 0 qb71FD.tmp 18.05.2009 13:30 0 ws81F9.tmp 18.05.2009 13:29 0 g9m1F8.tmp 17.05.2009 23:08 16.384 ~DF9998.tmp 17.05.2009 23:01 0 sqlite_s66uZ7pwGi7dCqN 17.05.2009 23:01 0 sqlite_85ahvcbkKlkUodm 17.05.2009 23:01 0 sqlite_sCVxLk6bpKHBEh4 17.05.2009 23:01 0 sqlite_eb6f3dSTNfeujkK 17.05.2009 23:01 0 sqlite_WezgBf3Sh376KkX 17.05.2009 23:01 0 sqlite_acQPlrabMfdAa1O 17.05.2009 23:01 16.384 ~DF9D33.tmp 17.05.2009 20:31 16.384 ~DFF4FD.tmp 13.05.2009 21:30 0 ACDC6D.tmp 11.05.2009 17:39 0 ACD668.tmp.wav 11.05.2009 17:39 0 ACD667.tmp.wav 11.05.2009 17:18 1.416 wmplog01.sqm 11.05.2009 16:23 1.680 wmplog00.sqm 09.05.2009 11:52 8.200 etilqs_ijh4ZnZhQ0ZNAbtupSHk 08.05.2009 22:43 36.864 ~DFAE3D.tmp 07.05.2009 16:52 2.048 sqlite_s7Qx1nQCcQ54RG3 07.05.2009 15:23 0 sqlite_yhX1V9mIoIr3YAd 07.05.2009 15:23 2.048 sqlite_QgATWSrvoW1WyUw 07.05.2009 15:23 2.048 sqlite_dFmjPfV3bmTeusg 07.05.2009 15:23 0 sqlite_nVsWEXAWZsVl9V9 07.05.2009 15:23 0 sqlite_0UQoAPVy8xlQXoA 07.05.2009 15:23 0 sqlite_jgKsiUbozjjR4wT 06.05.2009 11:15 83.484 Art-160331672300-3.html 06.05.2009 11:14 14.481 Art-160331672300-1.html 05.05.2009 19:12 69.208 Art-170326458884-3.html 05.05.2009 19:10 14.503 Art-170326458884-1.html 04.05.2009 17:33 0 Rb3xUbiB.lnk 03.05.2009 20:13 0 JET3F20.tmp 26.04.2009 19:36 71.770 Art-170324758553-3.html 26.04.2009 19:36 29.906 Art-170324758553-2.html 26.04.2009 19:36 41.428 Art-170324758553-2-1.html 26.04.2009 19:35 12.993 Art-170324758553-1.html 26.04.2009 17:01 3.088.384 Zrlax2kA.exe.part 23.04.2009 12:29 16.384 ~DFB1F4.tmp 23.04.2009 12:24 65.536 mso2C7.mdb 22.04.2009 15:32 0 eel1274.tmp 22.04.2009 15:29 0 yqo1272.tmp 22.04.2009 15:29 0 w8n1271.tmp 22.04.2009 15:27 0 smr1270.tmp 22.04.2009 15:26 0 1dt126F.tmp 22.04.2009 15:26 0 fep126E.tmp 22.04.2009 15:26 0 e9y126D.tmp 22.04.2009 15:13 0 27m126C.tmp 21.04.2009 08:08 0 ACDE69.tmp.wav 20.04.2009 12:01 0 ACDC1A.tmp.wav 20.04.2009 11:51 0 ACDC00.tmp.wav 20.04.2009 11:51 0 ACDBFF.tmp.wav 20.04.2009 11:51 0 ACDBFE.tmp.wav 20.04.2009 11:51 0 ACDBFD.tmp.wav 20.04.2009 11:51 0 ACDBFC.tmp.wav 17.04.2009 19:19 2 nsi43C.tmp 17.04.2009 19:19 0 utt439.tmp 17.04.2009 19:19 667.848 utt439.tmp.exe 17.04.2009 17:13 0 utt403.tmp 17.04.2009 17:13 70 utt403.tmp.bat 17.04.2009 17:13 0 utt402.tmp 17.04.2009 15:38 0 CogILcCH.svg.part 17.04.2009 15:38 0 4_LFCliH.svg.part 17.04.2009 15:38 0 C_BLnyv1.svg.part 17.04.2009 15:38 0 DurAFZG6.svg.part 17.04.2009 15:38 0 NcOkeFD3.svg.part 17.04.2009 15:38 0 T4bnhCqg.svg.part 17.04.2009 15:38 0 cGhEWGNX.svg.part 17.04.2009 15:38 0 llaFWrHX.svg.part 17.04.2009 15:38 0 yTPHMnkf.svg.part 17.04.2009 15:38 0 zg2UO9Ue.svg.part 17.04.2009 15:38 0 aUwrOm7S.svg.part 17.04.2009 15:38 0 DDHzyhaY.svg.part 17.04.2009 15:38 0 b8Cc39w9.svg.part 17.04.2009 15:38 0 N0IRXI9J.svg.part 17.04.2009 15:38 0 ZzZyGLZq.svg.part 17.04.2009 15:38 0 3XKUMqsz.svg.part 17.04.2009 15:38 0 0HWHolmF.svg.part 17.04.2009 15:38 0 wy3MNs_A.svg.part 17.04.2009 15:38 0 SBB2p1t5.svg.part 17.04.2009 15:38 0 kr8aDXXo.svg.part 17.04.2009 15:38 0 drv8B7Eh.svg.part 17.04.2009 15:38 0 ZIrBmLTJ.svg.part 17.04.2009 15:38 0 xlwbki5Y.svg.part 17.04.2009 15:38 0 2sfm5Faf.svg.part 17.04.2009 15:38 0 CBv3H5TJ.svg.part 17.04.2009 15:38 0 Ya2lEogD.svg.part 17.04.2009 15:38 0 rMRgasRR.svg.part 17.04.2009 15:38 0 ZSND8rNc.svg.part 17.04.2009 15:38 0 wjYsNvYp.svg.part 16.04.2009 12:46 28.410 ColorProfile.log 16.04.2009 12:44 174 addonscheck.xml 16.04.2009 12:43 16.384 ~DFCC1F.tmp 16.04.2009 12:28 16.384 ~DF7673.tmp 16.04.2009 11:16 16.384 ~DF6B1F.tmp 15.04.2009 20:51 16.384 ~DF5F14.tmp 15.04.2009 13:51 16.384 ~DF752F.tmp 14.04.2009 09:19 0 hiiTOddk.wmv.part 14.04.2009 08:50 0 _kwvS8DR.mpg.part 14.04.2009 08:48 0 jkmzrGwv.wmv.part 10.04.2009 13:46 16.384 ~DFD5A9.tmp 09.04.2009 14:46 0 ACD149E.tmp.wav 09.04.2009 14:46 0 ACD149D.tmp.wav 09.04.2009 14:29 0 ACD149C.tmp.wav 09.04.2009 14:29 0 ACD149B.tmp.wav 09.04.2009 14:13 0 3G+DvwXk.mpg.part 09.04.2009 14:13 0 WAWPTN5M.wmv.part 09.04.2009 14:13 0 Ww2Sl+jp.wmv.part 09.04.2009 14:13 0 2HkNj_Ky.wmv.part 09.04.2009 14:12 0 WigHpvH9.wmv.part 09.04.2009 11:33 0 cnaouQKV.avi.part 09.04.2009 11:33 0 ZatAz824.avi.part 09.04.2009 11:32 0 12z6_gdu.avi.part 09.04.2009 10:56 0 5HkRmiRN.wmv.part 09.04.2009 10:44 0 DgzwLs9V.wmv.part 09.04.2009 10:08 0 fHxqr+Dd.mpg.part 09.04.2009 09:55 0 C0aGmiBs.wmv.part 08.04.2009 09:39 16.384 ~DF4460.tmp 07.04.2009 12:29 16.384 ~DFEB8D.tmp 04.04.2009 14:38 0 z50D6.tmp 04.04.2009 14:38 0 egoD5.tmp 04.04.2009 12:41 16.384 ~DF674A.tmp 02.04.2009 16:16 0 tpw351.tmp 02.04.2009 16:15 0 a4w350.tmp 02.04.2009 14:59 0 UPJn1wL9.htm.part 01.04.2009 21:00 0 ZMFG6GYL.mpg.part 01.04.2009 17:36 0 XV3Eelzf.avi.part 01.04.2009 14:07 0 TkHxAqmr.mpg.part 529 Datei(en) 1.139.826.248 Bytes 0 Verzeichnis(se), 15.228.420.096 Bytes frei |
|
08.10.2009, 16:18
| #5 |
| Gast | CCleaner-Log und Gmer-Log Teil 1 Installierte Programme (CCleaner): Code:
ATTFilter 7-Zip 4.57
AC3Filter (remove only)
ACDSee 4.0
ACDSee 4.0 Service Release 1
Acronis True Image Home
Adobe Acrobat 7.0 Professional
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 6.0
Adobe SVG Viewer 3.0
Advanced MP3 Catalog Pro 3.03
AGFEO TK-Suite Basic 3
AnyDVD
ATI - Dienstprogramm zur Deinstallation der Software
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
Autostart ok-s 2.0
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
AVRStudio4
Beck @CHIPTOOL V5.10.0.1
Beck Postmake 2 (Version 2.3.0.1)
Biet-O-Matic v2.6.2
BitTorrent
BJ Network Tool
Bluesoleil2.7.0.13 VoIP Release 071227
Borland Delphi 7
BT747 Desktop
CamStudio
Canon PIXMA iP4000R
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Catalyst Control Center - Branding
CCleaner (remove only)
CoDeSys for Automation Alliance
DataLogV2.5
DATAstreet Hessen 2000
Destinator Console
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DNA
Dr. Hardware 2009 9.9.0d
DVBViewer Pro
DVBViewer Recording Service
DVBViewer TE
eDrawings 2008
EventGhost 0.3.7.r1194
EveryWAN Remote Support Personal Edition
Exact Audio Copy 0.99pb4
FileZilla Server (remove only)
FreeOTFE
FreePDF XP (Remove only)
Freez Screen Video Capture v1.2
Garmin City Navigator Europe NT v9
Garmin Communicator Plugin
Garmin MapSource
Garmin WebUpdater
Generic color icon driver
GnuWin32: Wget-1.11.4-1
Google Earth
Google Earth Plug-in
Google Updater
GPL Ghostscript 8.62
GPL Ghostscript Fonts
GPS-Track-Analyse.NET
GX::Transcoder v5.0
Hama USB Mass Storage Device
Hex Wizard 1.22
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Kameras 9.0
HP Scanjet 3800 series 7.0
HP Solution Center 9.0
HP Update
HP USB Disk Storage Format Tool
Indeo® Software
Java(TM) 6 Update 11
JMB36X Raid Configurer
Logitech iTouch Software
Logitech QuickCam-Software
Logitech® Camera-Treiber
LogMeIn
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 SR-1 Premium
Microsoft SQL Server Desktop Engine (PINNACLESYS)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.3)
Mozilla Sunbird (0.9)
Mozilla Thunderbird (2.0.0.23)
MP3-Tag-Editor
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Nero 8
nLite 1.4.9.1
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
O&O Defrag Professional Edition
OCR Software by I.R.I.S 7.0
ODBC
OSMtracker 0.6.1
Paint Shop Pro 7
Paradigm C++ Beck IPC Edition
PC Connectivity Solution
Pinnacle Hollywood FX for Studio
Pinnacle MediaServer
Pinnacle ShowCenter
PowerDVD Ultra
Process Tamer 2.11.01
RAIDar 4.1.4
Realtek High Definition Audio Driver
RedMon - Redirection Port Monitor
RMVB Converter 1.8
Security Update for Windows Search 4 - KB963093
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Slotman
Sonic CinePlayer DVD Pack
Spb Backup
Spb Backup 2.0
Studio 9
Sun xVM VirtualBox
SUPER © Version 2008.bld.32 (July 8, 2008)
Target 3001! V14 discover
TechniSat DVB-PC TV Star
Tera Term Pro
TightVNC 1.3.9
Top50 Viewer
Total Commander (Remove or Repair)
Tux Paint 0.9.19
Tweak UI
Unlocker 1.8.7
VAD Laplace Webcam
VirtualCloneDrive
VLC media player 1.0.0
VMware Workstation
Winamp
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8)
Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1)
Windows-Treiberpaket - Nokia Modem (10/27/2008 3.9)
Windows-Treiberpaket - Nokia Modem (10/27/2008 7.01.0.1)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
WinPcap 4.0.2
WinRAR
WinZip
Wireshark 1.0.0
WsWin V2.93.13 - 2007-04-22
X10 Hardware(TM)
XNavigator
ZOC Terminal 5.1
Code:
ATTFilter GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-07 16:13:15
Windows 5.1.2600 Service Pack 3
Running: tq197v08.exe; Driver: C:\DOKUME~1\detlef\LOKALE~1\Temp\fxtdapow.sys
---- System - GMER 1.0.15 ----
SSDT F7A63CC6
ZwCreateKey
SSDT F7A63CBC
ZwCreateThread
SSDT F7A63CCB
ZwDeleteKey
SSDT F7A63CD5
ZwDeleteValueKey
SSDT F7A63CDA
ZwLoadKey
SSDT F7A63CA8
ZwOpenProcess
SSDT F7A63CAD
ZwOpenThread
SSDT F7A63CE4
ZwReplaceKey
SSDT F7A63CDF
ZwRestoreKey
SSDT F7A63CD0
ZwSetValueKey
SSDT F7A63CB7
ZwTerminateProcess
INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.)
B962D59A
INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.)
B962D655
INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems)
A9E1616D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems)
A9E15FC2
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetReadFile
408C654B 5 Bytes JMP 13159E5C
.text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetCloseHandle
408C9088 5 Bytes JMP 1315A05C
.text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetQueryDataAvailable
408CBF83 5 Bytes JMP 13159C7C
.text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!HttpOpenRequestA
408CD508 5 Bytes JMP 13158964
.text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetConnectA
408CDEAE 5 Bytes JMP 1315880C
.text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!HttpSendRequestW
408CFABE 5 Bytes JMP 13159688
.text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetOpenA
408DD688 5 Bytes JMP 131587C0
.text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!HttpSendRequestA
408DEE81 5 Bytes JMP 13159288
.text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetReadFileExW
408E3341 5 Bytes JMP 1315A00C
.text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetReadFileExA
408E3379 5 Bytes JMP 13159FBC
.text C:\WINDOWS\system32\SearchIndexer.exe[3556] kernel32.dll!WriteFile
7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetReadFile
408C654B 5 Bytes JMP 13159E5C
.text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetCloseHandle
408C9088 5 Bytes JMP 1315A05C
.text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetQueryDataAvailable
408CBF83 5 Bytes JMP 13159C7C
.text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!HttpOpenRequestA
408CD508 5 Bytes JMP 13158964
.text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetConnectA
408CDEAE 5 Bytes JMP 1315880C
.text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!HttpSendRequestW
408CFABE 5 Bytes JMP 13159688
.text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetOpenA
408DD688 5 Bytes JMP 131587C0
.text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!HttpSendRequestA
408DEE81 5 Bytes JMP 13159288
.text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetReadFileExW
408E3341 5 Bytes JMP 1315A00C
.text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetReadFileExA
408E3379 5 Bytes JMP 13159FBC
.text C:\Programme\VirtualDub\VirtualDub.exe[4676] kernel32.dll!SetUnhandledExceptionFilter
7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text c:\programme\virtualdub\VirtualDub.exe[5920] kernel32.dll!SetUnhandledExceptionFilter
7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\ADVAPI32.dll
[KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla
Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\ADVAPI32.dll
[KERNEL32.dll!LoadLibraryA] [019E7376] C:\Programme\Mozilla
Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]
[019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback
Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\RPCRT4.dll
[KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla
Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\Secur32.dll
[KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla
Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]
[019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback
Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]
[019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback
Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\WS2_32.dll
[KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla
Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\msvcrt.dll
[KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla
Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]
[019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback
Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\WS2HELP.dll
[KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla
Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA]
[019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback
Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\GDI32.dll
[KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla
Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]
[019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback
Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]
[019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback
Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\USER32.dll
[KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla
Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\SHELL32.dll
[KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla
Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]
[019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback
Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\SHLWAPI.dll
[KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla
Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]
[019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback
Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]
[019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback
Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\ole32.dll
[KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla
Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\iphlpapi.dll
[KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla
Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\iphlpapi.dll
[KERNEL32.dll!LoadLibraryA] [019E7376] C:\Programme\Mozilla
Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA]
[019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback
Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\USERENV.dll
[KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla
Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\NETAPI32.dll
[KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla
Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\NETAPI32.dll
[KERNEL32.dll!LoadLibraryA] [019E7376] C:\Programme\Mozilla
Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]
[019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback
Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\System32\CRYPT32.dll
[KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla
Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\WININET.dll
[KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla
Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA]
[019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback
Library/Full Circle Software, Inc.)
Detlef |
|
08.10.2009, 16:19
| #6 |
| Gast | Problem mit Trojaner/Keylogger Gmer - Teil 2: Code:
ATTFilter ---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs
bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0
VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1
tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1
timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2
tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2
timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3
tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3
timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4
tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4
timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5
tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5
timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6
tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6
timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7
tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7
timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8
tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8
timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
Device \Driver\usbhub \Device\USBPDO-20
hcmon.sys (VMware USB monitor/VMware, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume9
tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume9
timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
Device \Driver\usbhub \Device\USBPDO-14
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\USBPDO-15
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\USBPDO-16
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\USBPDO-17
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000e0
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000d3
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\USBPDO-18
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000d4
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000d5
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000e3
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-0
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000e4
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000d8
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-2
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000d9
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-3
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-4
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-5
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-6
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-7
hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbohci \Device\USBFDO-8
hcmon.sys (VMware USB monitor/VMware, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat
bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat
fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION
54701449ED860F14A0793E53A87358A14F16CB6D56395FB50376E0070FCE7C89B90BF1705CA1B1AC10B7AB206A93BE48D594AC857F7FFEBC9E127BECC74CFEBC9E12
7BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933FEBC9E127BECC74C5D575E7D6A3B
9808FA6E3A94FA97781E594676C9FD1C82F34281C4A348AA22FEF4ACB16856773536E00D317467C383A6B7EDB080B2B4B48352010378F2BAA3BDD8C889D6B9077931
CB1FC31C2090155ACE3A1B4E36B0CDA64CD10F0E5340FDC964C9A2382857DA2CACF3A4152C8BAB63C25BC52354CCB83EACA577DE1A4AA45B0601A52ED5E67F5A071D
BB4D6642B60E4CC5F1D4ACCA53D000F37A49CBEA8553430471C1CC3B7C14F3F4A113FDC89BCC3931191CB1EDEF08E8720F1042B5FD35312F965C6B57E0D41F14A51C
F53734B2EA1BE517AC7E53329DA1DBD8A8C66126FB1EDACFE2C82ABC48DACA7F2428CCF956C1B747BACA38C169C03EAE80397772E1B538CDB81C4E9045EAC63B33BC
A6FE85A92391C7A24C4B2954C6001FB07A083819DBEE47E43436FCAD842FA398F6C1149BEE401B5AB288CF27399F2DD119796435A6ADBDB9B7BB6CCB221F4662E568
B52417FECB4B8059E3468F4226C6F67FE236AFE91BB52A4FA3B67334C24611BBAD92C9E0C3D1BF3D7F81F483DBBD2C73420
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel
Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@
C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b
0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel
Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@
C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b
0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel
Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@
C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016
0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel
Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@
C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48
0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel
Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@
C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472
0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel
Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@
C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d
0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel
Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@
C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b
0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel
Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@
C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d
0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel
Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@
C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3
0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel
Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@
C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b
0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel
Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@
C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6
0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel
Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@
C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2
0x6C 0x43 0x2D 0x1E ...
---- EOF - GMER 1.0.15 ----
Detlef |
|
08.10.2009, 17:17
| #7 |
| Gast | Problem mit Trojaner/Keylogger Ich habe auch nochmal Anti-Malware laufen lassen. Der hat noch ein paar faule Registry-Einträge entdeckt. Code:
ATTFilter Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2925
Windows 5.1.2600 Service Pack 3
08.10.2009 18:14:45
mbam-log-2009-10-08 (18-14-45).txt
Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 229557
Laufzeit: 30 minute(s), 30 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
| Themen zu Problem mit Trojaner/Keylogger |
| aktiv, aktuelle, booten, bräuchte, e-banking, einstellungen, firefox, firewall, geht aus, gesperrt, hallo zusammen, löschen, mail, meldung, neu, nicht sicher, nichts, online-banking, problem, rechner, rojaner gefunden, scan, scanner, server, tipps, tr/crypt.xpack.ge, version, windows |
Linear-Darstellung
