|
Hi, nein, düse morgen um 04:00 uhr los, alles schon gepackt ... Bin dann erst wieder am freitag verfügbar... chris |
dann *daumen drück* PC hängt immer noch ... |
rattert die festplatte noch? das ist ungewöhnlich, oder du hast sehr viele temporäre files die beim löschen alle noch von trendmicro gescannt werden... chris |
temporäre gestern alle über CCleaner wegmachen lassen, also wenn is nur n bisschen von heute da .... festplatte is auch relativ still |
kann irgendwas dauerhaft schiefgehen, wenn ich ihn einfach resette, neu hochfahren lasse und dann nochmal versuche? würd dieses mal dann die firewall etc. abdrehen (vorher halt vom inet trennen), vllt is da was schiefgelaufen |
versuche mal den affengriff (ctrl+alt+del) und dann feststellen was 100% kapazität verbrät.. eigentlich sollte er beim löschen der temp. daten sein, bei einem ntfs-filesystem sollte das aber kein problem sein... vielleicht hängt er beim löschen der malwaredatei... chris |
hab ich eben schon versucht, keine Chance, tut sich nix mehr. |
hi, dann boote den rechner neu... hmm, gmer läuft nicht richtig und otl auch nicht... chris |
Alles klar ;) ich versuchs einfach nochmal, denke da is wirklich was mit TrendMicro daneben gegangen, der reagiert öfters mal etwas .. harsch wenn ihm einer in die Gefilde kommt^^ |
klappte auf anhieb, reboot läuft. |
Ich mach dann das TDSS Teil, hier der OTL log: All processes killed ========== OTL ========== C:\WINDOWS\tasks\At21.job moved successfully. C:\WINDOWS\tasks\At11.job moved successfully. C:\WINDOWS\tasks\At24.job moved successfully. C:\WINDOWS\tasks\At23.job moved successfully. C:\WINDOWS\tasks\At9.job moved successfully. C:\WINDOWS\tasks\At8.job moved successfully. C:\WINDOWS\tasks\At7.job moved successfully. C:\WINDOWS\tasks\At6.job moved successfully. C:\WINDOWS\tasks\At5.job moved successfully. C:\WINDOWS\tasks\At4.job moved successfully. C:\WINDOWS\tasks\At3.job moved successfully. C:\WINDOWS\tasks\At22.job moved successfully. C:\WINDOWS\tasks\At20.job moved successfully. C:\WINDOWS\tasks\At2.job moved successfully. C:\WINDOWS\tasks\At19.job moved successfully. C:\WINDOWS\tasks\At18.job moved successfully. C:\WINDOWS\tasks\At17.job moved successfully. C:\WINDOWS\tasks\At16.job moved successfully. C:\WINDOWS\tasks\At15.job moved successfully. C:\WINDOWS\tasks\At14.job moved successfully. C:\WINDOWS\tasks\At13.job moved successfully. C:\WINDOWS\tasks\At12.job moved successfully. C:\WINDOWS\tasks\At10.job moved successfully. C:\WINDOWS\tasks\At1.job moved successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0ed4tg7Y.exe moved successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\\"DisableMonitoring" | dword:0x00 /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Dominik! ->Temp folder emptied: 49929 bytes ->Temporary Internet Files folder emptied: 12269610 bytes ->Java cache emptied: 2416441 bytes ->FireFox cache emptied: 36361722 bytes ->Flash cache emptied: 5691 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 2513 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1139177 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 32768 bytes RecycleBin emptied: 428 bytes Total Files Cleaned = 50,00 mb OTL by OldTimer - Version 3.2.4.1 log created on 05032010_214309 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
TDSS log: 21:52:33:859 1200 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04 21:52:33:859 1200 ================================================================================ 21:52:33:859 1200 SystemInfo: 21:52:33:859 1200 OS Version: 5.1.2600 ServicePack: 3.0 21:52:33:859 1200 Product type: Workstation 21:52:33:859 1200 ComputerName: DOMINIK 21:52:33:859 1200 UserName: Dominik! 21:52:33:859 1200 Windows directory: C:\WINDOWS 21:52:33:859 1200 Processor architecture: Intel x86 21:52:33:859 1200 Number of processors: 2 21:52:33:859 1200 Page size: 0x1000 21:52:33:859 1200 Boot type: Normal boot 21:52:33:859 1200 ================================================================================ 21:52:33:875 1200 UnloadDriverW: NtUnloadDriver error 2 21:52:33:875 1200 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 21:52:33:937 1200 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system 21:52:33:937 1200 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 21:52:33:937 1200 wfopen_ex: Trying to KLMD file open 21:52:33:937 1200 wfopen_ex: File opened ok (Flags 2) 21:52:33:937 1200 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software 21:52:33:937 1200 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 21:52:33:937 1200 wfopen_ex: Trying to KLMD file open 21:52:33:937 1200 wfopen_ex: File opened ok (Flags 2) 21:52:33:937 1200 Initialize success 21:52:33:937 1200 21:52:33:937 1200 Scanning Services ... 21:52:34:390 1200 Raw services enum returned 307 services 21:52:34:390 1200 21:52:34:390 1200 Scanning Kernel memory ... 21:52:34:390 1200 Devices to scan: 2 21:52:34:390 1200 21:52:34:390 1200 Driver Name: Disk 21:52:34:390 1200 IRP_MJ_CREATE : B80FEBB0 21:52:34:390 1200 IRP_MJ_CREATE_NAMED_PIPE : 804F4562 21:52:34:390 1200 IRP_MJ_CLOSE : B80FEBB0 21:52:34:390 1200 IRP_MJ_READ : B80F8D1F 21:52:34:390 1200 IRP_MJ_WRITE : B80F8D1F 21:52:34:390 1200 IRP_MJ_QUERY_INFORMATION : 804F4562 21:52:34:390 1200 IRP_MJ_SET_INFORMATION : 804F4562 21:52:34:390 1200 IRP_MJ_QUERY_EA : 804F4562 21:52:34:390 1200 IRP_MJ_SET_EA : 804F4562 21:52:34:390 1200 IRP_MJ_FLUSH_BUFFERS : B80F92E2 21:52:34:390 1200 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 21:52:34:390 1200 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 21:52:34:390 1200 IRP_MJ_DIRECTORY_CONTROL : 804F4562 21:52:34:390 1200 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 21:52:34:390 1200 IRP_MJ_DEVICE_CONTROL : B80F93BB 21:52:34:390 1200 IRP_MJ_INTERNAL_DEVICE_CONTROL : B80FCF28 21:52:34:390 1200 IRP_MJ_SHUTDOWN : B80F92E2 21:52:34:390 1200 IRP_MJ_LOCK_CONTROL : 804F4562 21:52:34:390 1200 IRP_MJ_CLEANUP : 804F4562 21:52:34:390 1200 IRP_MJ_CREATE_MAILSLOT : 804F4562 21:52:34:390 1200 IRP_MJ_QUERY_SECURITY : 804F4562 21:52:34:390 1200 IRP_MJ_SET_SECURITY : 804F4562 21:52:34:390 1200 IRP_MJ_POWER : B80FAC82 21:52:34:390 1200 IRP_MJ_SYSTEM_CONTROL : B80FF99E 21:52:34:390 1200 IRP_MJ_DEVICE_CHANGE : 804F4562 21:52:34:390 1200 IRP_MJ_QUERY_QUOTA : 804F4562 21:52:34:390 1200 IRP_MJ_SET_QUOTA : 804F4562 21:52:34:453 1200 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1 21:52:34:453 1200 21:52:34:453 1200 Driver Name: atapi 21:52:34:453 1200 IRP_MJ_CREATE : B7F4C86C 21:52:34:453 1200 IRP_MJ_CREATE_NAMED_PIPE : 804F4562 21:52:34:453 1200 IRP_MJ_CLOSE : B7F4C86C 21:52:34:453 1200 IRP_MJ_READ : 804F4562 21:52:34:453 1200 IRP_MJ_WRITE : 804F4562 21:52:34:453 1200 IRP_MJ_QUERY_INFORMATION : 804F4562 21:52:34:453 1200 IRP_MJ_SET_INFORMATION : 804F4562 21:52:34:453 1200 IRP_MJ_QUERY_EA : 804F4562 21:52:34:453 1200 IRP_MJ_SET_EA : 804F4562 21:52:34:453 1200 IRP_MJ_FLUSH_BUFFERS : 804F4562 21:52:34:453 1200 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562 21:52:34:453 1200 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562 21:52:34:453 1200 IRP_MJ_DIRECTORY_CONTROL : 804F4562 21:52:34:453 1200 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562 21:52:34:453 1200 IRP_MJ_DEVICE_CONTROL : B7F4C882 21:52:34:453 1200 IRP_MJ_INTERNAL_DEVICE_CONTROL : B7F4903C 21:52:34:453 1200 IRP_MJ_SHUTDOWN : 804F4562 21:52:34:453 1200 IRP_MJ_LOCK_CONTROL : 804F4562 21:52:34:453 1200 IRP_MJ_CLEANUP : 804F4562 21:52:34:453 1200 IRP_MJ_CREATE_MAILSLOT : 804F4562 21:52:34:453 1200 IRP_MJ_QUERY_SECURITY : 804F4562 21:52:34:453 1200 IRP_MJ_SET_SECURITY : 804F4562 21:52:34:453 1200 IRP_MJ_POWER : B7F4C8A2 21:52:34:453 1200 IRP_MJ_SYSTEM_CONTROL : B7F52BE0 21:52:34:453 1200 IRP_MJ_DEVICE_CHANGE : 804F4562 21:52:34:453 1200 IRP_MJ_QUERY_QUOTA : 804F4562 21:52:34:453 1200 IRP_MJ_SET_QUOTA : 804F4562 21:52:34:500 1200 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1 21:52:34:500 1200 21:52:34:500 1200 Completed 21:52:34:500 1200 21:52:34:500 1200 Results: 21:52:34:500 1200 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 21:52:34:500 1200 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 21:52:34:500 1200 File objects infected / cured / cured on reboot: 0 / 0 / 0 21:52:34:500 1200 21:52:34:500 1200 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system 21:52:34:500 1200 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software 21:52:34:515 1200 KLMD(ARK) unloaded successfully |
hi, was macht das task-verzeichnis...? soweit so gut... MAM updaten und noch mal fullscan&bereinigen... chris |
nach dem neustart war Tasks wieder randvoll, hab einfach gelöscht und seitdem nix mehr neues dazu gekommen. Ich mach MBAM mal an ... das kann dauern^^ Ich möcht dich nu aber nicht um deinen schlaf bringen, wenn du weg musst sag bescheid ... is ja mein problem net deins, wär nur nett wenn du eventuell jmd anderem von kompetenzteam sagen würdest, dass es mich gibt ;) Grüße |
Hi, frage mal bei cosinus nach... chris |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 17:32 Uhr. |
Copyright ©2000-2025, Trojaner-Board