| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win 7 Security 2011 TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.04.2011, 20:05
| #5 | |||
 |  Win 7 Security 2011 TrojanerZitat:
Gmer Log Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-19 18:26:57
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.ST6O
Running: gmer.exe; Driver: C:\Users\My\AppData\Local\Temp\pxldypoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 82C7F339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB8D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 825A0000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 825A0123 629 Bytes [B5, 59, 82, FE, 05, 34, B5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 825A0399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 825A03FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B 825A04AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\Dwm.exe[2800] ntdll.dll!NtQueryDirectoryFile 771E5F98 5 Bytes JMP 2004FF3F
.text C:\Windows\system32\Dwm.exe[2800] ntdll.dll!NtResumeThread 771E64A8 5 Bytes JMP 20047A40
.text C:\Windows\system32\Dwm.exe[2800] ntdll.dll!LdrLoadDll 772022B8 5 Bytes JMP 2004FDBB
.text C:\Windows\system32\Dwm.exe[2800] USER32.dll!TranslateMessage 773164C7 5 Bytes JMP 2004C9AD
? C:\Windows\Explorer.EXE[2824] time/date stamp mismatch; unknown module: WINMM.dllunknown module: CFGMGR32.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: WINBRAND.dllunknown module: DUI70.dllunknown module: SndVolSSO.DLLunknown module: netutils.dllunknown module: wkscli.dllunknown module: PROPSYS.dllunknown module: gdiplus.dllunknown module: slc.dllunknown module: dwmapi.dllunknown module: POWRPROF.dllunknown module: UxTheme.dllunknown module: EXPLORERFRAME.dllunknown module: OLEAUT32.dll
.text C:\Windows\Explorer.EXE[2824] ntdll.dll!NtQueryDirectoryFile 771E5F98 5 Bytes JMP 2004FF3F
.text C:\Windows\Explorer.EXE[2824] ntdll.dll!NtResumeThread 771E64A8 5 Bytes JMP 20047A40
.text C:\Windows\Explorer.EXE[2824] ntdll.dll!LdrLoadDll 772022B8 5 Bytes JMP 2004FDBB
.text C:\Windows\Explorer.EXE[2824] USER32.dll!TranslateMessage 773164C7 5 Bytes JMP 2004C9AD
.text C:\Windows\Explorer.EXE[2824] WININET.dll!InternetCloseHandle 7591B7C4 5 Bytes JMP 2004E132
.text C:\Windows\Explorer.EXE[2824] WININET.dll!InternetReadFile 7591EA3A 5 Bytes JMP 2004EAD7
.text C:\Windows\Explorer.EXE[2824] WININET.dll!InternetQueryDataAvailable 759222E4 5 Bytes JMP 2004E7B8
.text C:\Windows\Explorer.EXE[2824] WININET.dll!InternetOpenUrlA 7593BFCE 5 Bytes JMP 2004EBEC
.text C:\Windows\Explorer.EXE[2824] WININET.dll!HttpOpenRequestA 75945539 5 Bytes JMP 2004EB92
.text C:\Windows\Explorer.EXE[2824] WININET.dll!HttpOpenRequestW 75945DCB 5 Bytes JMP 2004EBBF
.text C:\Windows\Explorer.EXE[2824] WININET.dll!HttpSendRequestW 75946109 5 Bytes JMP 2004E0D3
.text C:\Windows\Explorer.EXE[2824] WININET.dll!InternetReadFileExW 7594B5AB 5 Bytes JMP 2004E9BC
.text C:\Windows\Explorer.EXE[2824] WININET.dll!InternetReadFileExA 7594B606 5 Bytes JMP 2004E915
.text C:\Windows\Explorer.EXE[2824] WININET.dll!HttpSendRequestExW 7595AFE4 5 Bytes JMP 2004E012
.text C:\Windows\Explorer.EXE[2824] WININET.dll!InternetWriteFile 7595B146 5 Bytes JMP 2004E105
.text C:\Windows\Explorer.EXE[2824] WININET.dll!HttpSendRequestA 75975770 5 Bytes JMP 2004E09E
.text C:\Windows\Explorer.EXE[2824] WININET.dll!InternetOpenUrlW 7599D722 5 Bytes JMP 2004EC13
.text C:\Windows\Explorer.EXE[2824] WININET.dll!HttpSendRequestExA 759BE7E5 5 Bytes JMP 2004E058
.text C:\Windows\Explorer.EXE[2824] WS2_32.dll!sendto 75A334B5 5 Bytes JMP 2004D423
.text C:\Windows\Explorer.EXE[2824] WS2_32.dll!closesocket 75A33918 5 Bytes JMP 2004DA66
.text C:\Windows\Explorer.EXE[2824] WS2_32.dll!WSASend 75A34406 5 Bytes JMP 2004D7C2
.text C:\Windows\Explorer.EXE[2824] WS2_32.dll!recv 75A36B0E 5 Bytes JMP 2004D6DE
.text C:\Windows\Explorer.EXE[2824] WS2_32.dll!send 75A36F01 5 Bytes JMP 2004D3D5
.text C:\Windows\Explorer.EXE[2824] WS2_32.dll!WSARecv 75A37089 5 Bytes JMP 2004D8AA
.text C:\Windows\Explorer.EXE[2824] WS2_32.dll!recvfrom 75A3B6DC 5 Bytes JMP 2004D74D
.text C:\Windows\Explorer.EXE[2824] WS2_32.dll!WSARecvFrom 75A3CBA6 5 Bytes JMP 2004D985
.text C:\Windows\Explorer.EXE[2824] WS2_32.dll!WSASendTo 75A4B30C 5 Bytes JMP 2004D833
.text C:\Windows\system32\taskhost.exe[3008] ntdll.dll!NtQueryDirectoryFile 771E5F98 5 Bytes JMP 2004FF3F
.text C:\Windows\system32\taskhost.exe[3008] ntdll.dll!NtResumeThread 771E64A8 5 Bytes JMP 20047A40
.text C:\Windows\system32\taskhost.exe[3008] ntdll.dll!LdrLoadDll 772022B8 5 Bytes JMP 2004FDBB
.text C:\Windows\system32\taskhost.exe[3008] USER32.dll!TranslateMessage 773164C7 5 Bytes JMP 2004C9AD
.text C:\Program Files\Microsoft Security Client\msseces.exe[3276] ntdll.dll!NtQueryDirectoryFile 771E5F98 5 Bytes JMP 2004FF3F
.text C:\Program Files\Microsoft Security Client\msseces.exe[3276] ntdll.dll!NtResumeThread 771E64A8 5 Bytes JMP 20047A40
.text C:\Program Files\Microsoft Security Client\msseces.exe[3276] ntdll.dll!LdrLoadDll 772022B8 5 Bytes JMP 2004FDBB
.text C:\Program Files\Microsoft Security Client\msseces.exe[3276] WININET.dll!InternetCloseHandle 7591B7C4 5 Bytes JMP 2004E132
.text C:\Program Files\Microsoft Security Client\msseces.exe[3276] WININET.dll!InternetReadFile 7591EA3A 5 Bytes JMP 2004EAD7
.text C:\Program Files\Microsoft Security Client\msseces.exe[3276] WININET.dll!InternetQueryDataAvailable 759222E4 5 Bytes JMP 2004E7B8
.text C:\Program Files\Microsoft Security Client\msseces.exe[3276] WININET.dll!InternetOpenUrlA 7593BFCE 5 Bytes JMP 2004EBEC
.text C:\Program Files\Microsoft Security Client\msseces.exe[3276] WININET.dll!HttpOpenRequestA 75945539 5 Bytes JMP 2004EB92
.text C:\Program Files\Microsoft Security Client\msseces.exe[3276] WININET.dll!HttpOpenRequestW 75945DCB 5 Bytes JMP 2004EBBF
.text C:\Program Files\Microsoft Security Client\msseces.exe[3276] WININET.dll!HttpSendRequestW 75946109 5 Bytes JMP 2004E0D3
.text C:\Program Files\Microsoft Security Client\msseces.exe[3276] WININET.dll!InternetReadFileExW 7594B5AB 5 Bytes JMP 2004E9BC
.text C:\Program Files\Microsoft Security Client\msseces.exe[3276] WININET.dll!InternetReadFileExA 7594B606 5 Bytes JMP 2004E915
.text C:\Program Files\Microsoft Security Client\msseces.exe[3276] WININET.dll!HttpSendRequestExW 7595AFE4 5 Bytes JMP 2004E012
.text C:\Program Files\Microsoft Security Client\msseces.exe[3276] WININET.dll!InternetWriteFile 7595B146 5 Bytes JMP 2004E105
.text C:\Program Files\Microsoft Security Client\msseces.exe[3276] WININET.dll!HttpSendRequestA 75975770 5 Bytes JMP 2004E09E
.text C:\Program Files\Microsoft Security Client\msseces.exe[3276] WININET.dll!InternetOpenUrlW 7599D722 5 Bytes JMP 2004EC13
.text C:\Program Files\Microsoft Security Client\msseces.exe[3276] WININET.dll!HttpSendRequestExA 759BE7E5 5 Bytes JMP 2004E058
.text C:\Program Files\Microsoft Security Client\msseces.exe[3276] USER32.dll!TranslateMessage 773164C7 5 Bytes JMP 2004C9AD
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] ntdll.dll!NtQueryDirectoryFile 771E5F98 5 Bytes JMP 2004FF3F
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] ntdll.dll!NtResumeThread 771E64A8 5 Bytes JMP 20047A40
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] ntdll.dll!LdrLoadDll 772022B8 5 Bytes JMP 2004FDBB
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] USER32.dll!TranslateMessage 773164C7 5 Bytes JMP 2004C9AD
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WININET.dll!InternetCloseHandle 7591B7C4 5 Bytes JMP 2004E132
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WININET.dll!InternetReadFile 7591EA3A 5 Bytes JMP 2004EAD7
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WININET.dll!InternetQueryDataAvailable 759222E4 5 Bytes JMP 2004E7B8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WININET.dll!InternetOpenUrlA 7593BFCE 5 Bytes JMP 2004EBEC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WININET.dll!HttpOpenRequestA 75945539 5 Bytes JMP 2004EB92
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WININET.dll!HttpOpenRequestW 75945DCB 5 Bytes JMP 2004EBBF
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WININET.dll!HttpSendRequestW 75946109 5 Bytes JMP 2004E0D3
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WININET.dll!InternetReadFileExW 7594B5AB 5 Bytes JMP 2004E9BC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WININET.dll!InternetReadFileExA 7594B606 5 Bytes JMP 2004E915
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WININET.dll!HttpSendRequestExW 7595AFE4 5 Bytes JMP 2004E012
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WININET.dll!InternetWriteFile 7595B146 5 Bytes JMP 2004E105
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WININET.dll!HttpSendRequestA 75975770 5 Bytes JMP 2004E09E
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WININET.dll!InternetOpenUrlW 7599D722 5 Bytes JMP 2004EC13
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WININET.dll!HttpSendRequestExA 759BE7E5 5 Bytes JMP 2004E058
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WS2_32.dll!sendto 75A334B5 5 Bytes JMP 2004D423
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WS2_32.dll!closesocket 75A33918 5 Bytes JMP 2004DA66
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WS2_32.dll!WSASend 75A34406 5 Bytes JMP 2004D7C2
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WS2_32.dll!recv 75A36B0E 5 Bytes JMP 2004D6DE
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WS2_32.dll!send 75A36F01 5 Bytes JMP 2004D3D5
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WS2_32.dll!WSARecv 75A37089 5 Bytes JMP 2004D8AA
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WS2_32.dll!recvfrom 75A3B6DC 5 Bytes JMP 2004D74D
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WS2_32.dll!WSARecvFrom 75A3CBA6 5 Bytes JMP 2004D985
.text C:\Program Files\Windows Sidebar\sidebar.exe[3292] WS2_32.dll!WSASendTo 75A4B30C 5 Bytes JMP 2004D833
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2824] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B92437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2824] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73B75600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2824] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73B756BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2824] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B924B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2824] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B88514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2824] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B84CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2824] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B8506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2824] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B85144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2824] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73B86671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2824] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B8826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2824] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B887BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2824] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B8901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2824] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B8E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2824] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73B84BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000044 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:828] 825ADF2E
---- EOF - GMER 1.0.15 ----
Zitat:
SUPERAntiSpyware Free Edition Log Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 04/19/2011 at 07:12 PM
Application Version : 4.50.1002
Core Rules Database Version : 6870
Trace Rules Database Version: 4682
Scan type : Complete Scan
Total Scan Time : 00:24:21
Memory items scanned : 643
Memory threats detected : 0
Registry items scanned : 11244
Registry threats detected : 1
File items scanned : 29767
File threats detected : 20
System.BrokenFileAssociation
HKCR\.exe
Adware.Tracking Cookie
s0.2mdn.net [ C:\Users\Internet\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EF3DRM7F ]
C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Cookies\Low\internet@zanox[1].txt
C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Cookies\Low\internet@serving-sys[1].txt
C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Cookies\Low\internet@bs.serving-sys[2].txt
C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Cookies\Low\internet@mediaplex[1].txt
C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Cookies\Low\internet@ad.zanox[1].txt
C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Cookies\Low\internet@ad3.adfarm1.adition[1].txt
C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Cookies\Low\internet@2o7[2].txt
C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Cookies\Low\internet@adfarm1.adition[1].txt
C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Cookies\Low\internet@msnportal.112.2o7[2].txt
C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Cookies\Low\internet@zanox-affiliate[1].txt
C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Cookies\Low\internet@apmebf[1].txt
C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Cookies\Low\internet@tracking.quisma[1].txt
C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Cookies\Low\internet@atdmt[1].txt
C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Cookies\Low\internet@studivz.adfarm1.adition[2].txt
C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Cookies\Low\internet@traffictrack[1].txt
C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Cookies\Low\internet@unitymedia[2].txt
C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Cookies\Low\internet@tradedoubler[2].txt
C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Cookies\Low\internet@doubleclick[1].txt
Application.Agent/Gen-TempZ
C:\USERS\MY\DESKTOP\PROGRAMME\WII TOOLS\BOOTMII INI MAKER\BOOTMII INI MAKER 32BIT.EXE
Zitat:
Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
Eset Log Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=e13361259617f04c995d2b16360e8c28
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-19 07:34:15
# local_time=2011-04-19 09:34:15 (+0100, Mitteleuropäische Sommerzeit)
# country="xxxxxxx"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 8116082 8116082 0 0
# compatibility_mode=5893 16776574 66 94 433223 54869156 0 0
# compatibility_mode=8192 67108863 100 0 4273 4273 0 0
# scanned=235450
# found=0
# cleaned=0
# scan_time=3689
Geändert von PsychoMantis (19.04.2011 um 21:03 Uhr) |
| Themen zu Win 7 Security 2011 Trojaner |
| 100%, administrator, adobe, antivirus, bho, browser, computer, eraser, explorer, google, hijack, hijackthis, internet, internet explorer, logfile, performance, plug-in, programm, scan, security, senden, software, trojane, trojaner, trojaner board, trojaner eingefangen, virus/trojaner, warnung, windows |
Baum-Darstellung