Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TDSS Ja oder nein? (https://www.trojaner-board.de/69421-tdss.html)

cee 01.02.2009 07:52
TDSS Ja oder nein?
 
Hallo!

System ist win2k SP4

Eben meckert mein AntiVir eine schon lang gelöschte Datei im Papierkorb als 'DR/AutoTDSS.bab' Dropper an. Ich habe die Datei wiederhergestellt und bei jotti hochgeladen. Leider habe ich das Ergebnis nicht mehr. Es waren einige TDSS Einträge dabei aber auch anderslautende Worm / Trojan, und ca 50% keine Funde. Die Datei ist gelöscht, daher ist ein neuer Scan nicht mehr möglich.

Es ist möglich, daß die Datei nie ausgeführt wurde.
/edit: Außer daß mit Undelete Plus kaum gelöschte Dateien (incl. der angemeckerten) gefunden werden (Festplatte ist mit NTFS formatiert) gibt es kein auffälliges Verhalten des Systems.

Die Suche nach TDSS führte mich zu euch. Ich habe mit CCcleaner aufgeräumt, Blacklight findet nichts, gmer stürzt bei normaler Systemausführung bei der Suche in einem Device ab, im abgesicherten Modus (mit Netzwerktreibern) kommt folgendes Log zustande, von dem ich leider keine Ahnung habe.

Wenn man gmer nach einem Absturz neu startet meldet er ein Rootkit-Behaviuor auf C: (beim ersten Start nicht) und bietet einen komplettscan an, der aber wieder zum Absturz führt. Möglich, daß die Meldung durch den eigenen absturz provoziert wird, verunsichert hat es mich dennoch.

Hier das Logfile:
Code:
GMER 1.0.14.14116 - http://www.gmer.net
Rootkit scan 2009-02-01 07:33:45
Windows 5.0.2195 Service Pack 4


---- Kernel code sections - GMER 1.0.14 ----

PAGENDSM        NDIS.sys!NdisMIndicateStatus                                                              BFE9F84A 6 Bytes  JMP BFABB100 \SystemRoot\System32\Drivers\fwdrv.sys
.text          NTDLL.DLL!NtClose                                                                          778881F8 5 Bytes  JMP 72049770
.text          NTDLL.DLL!NtCreateFile                                                                    77888278 5 Bytes  JMP 7204A570
.text          NTDLL.DLL!NtCreateKey                                                                      778882A8 5 Bytes  JMP 7204ADA0
.text          NTDLL.DLL!NtCreateProcess                                                                  77888308 5 Bytes  JMP 7204AE30
.text          NTDLL.DLL!NtCreateSection                                                                  77888328 5 Bytes  JMP 72049A40
.text          NTDLL.DLL!NtLoadDriver                                                                    778885BC 5 Bytes  JMP 7204A1E0
.text          NTDLL.DLL!NtSetValueKey                                                                    77888DDC 5 Bytes  JMP 7204AD10
.text          NTDLL.DLL!NtWriteFile                                                                      77888F38 5 Bytes  JMP 7204A3D0

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT            \SystemRoot\System32\DRIVERS\tcpip.sys[ntoskrnl.exe!ZwLoadDriver]                          [BFABAF68] \SystemRoot\System32\Drivers\fwdrv.sys
IAT            \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]                      [BFABAF0B] \SystemRoot\System32\Drivers\fwdrv.sys
IAT            \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                          [BFABAE7B] \SystemRoot\System32\Drivers\fwdrv.sys
IAT            \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]                          [BFABAE60] \SystemRoot\System32\Drivers\fwdrv.sys

---- User IAT/EAT - GMER 1.0.14 ----

IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!CreateProcessW]          [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryW]            [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!GetProcAddress]          [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!FreeLibrary]              [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryA]            [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryExW]  [760B7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessA]  [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessW]  [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryW]    [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!FreeLibrary]    [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryA]    [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress]  [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]      [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]    [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]      [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryA]    [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!GetProcAddress]  [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryW]    [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryExW]    [760B7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryA]      [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!FreeLibrary]        [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!GetProcAddress]    [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryW]      [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]    [760B7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!CreateProcessW]    [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]      [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]      [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExA]  [760B78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExW]  [760B7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryW]    [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessA]  [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessW]  [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryA]    [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!GetProcAddress]  [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]  [760B7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW]  [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]    [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]  [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]    [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!GetProcAddress]    [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryA]      [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!FreeLibrary]        [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryW]      [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW]    [760B7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!CreateProcessW]    [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!LoadLibraryW]    [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!GetProcAddress]  [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!FreeLibrary]    [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!LoadLibraryA]      [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!GetProcAddress]    [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!LoadLibraryA]    [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!GetProcAddress]  [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryW]    [760B786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryExW]  [760B7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryA]    [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!CreateProcessW]  [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!GetProcAddress]  [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!GetProcAddress]  [760B771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!LoadLibraryA]    [760B7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT            C:\WINNT\Explorer.EXE[568] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!FreeLibrary]      [760B7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                    stcp2v30.sys (StorageCraft Volume Snapshot Driver/StorageCraft Technology Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                  fwdrv.sys
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                  ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                  fwdrv.sys
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                  ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                    stcp2v30.sys (StorageCraft Volume Snapshot Driver/StorageCraft Technology Corporation)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                    stcp2v30.sys (StorageCraft Volume Snapshot Driver/StorageCraft Technology Corporation)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                    stcp2v30.sys (StorageCraft Volume Snapshot Driver/StorageCraft Technology Corporation)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume4                                                    stcp2v30.sys (StorageCraft Volume Snapshot Driver/StorageCraft Technology Corporation)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume5                                                    stcp2v30.sys (StorageCraft Volume Snapshot Driver/StorageCraft Technology Corporation)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume6                                                    stcp2v30.sys (StorageCraft Volume Snapshot Driver/StorageCraft Technology Corporation)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                  fwdrv.sys
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                  ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                fwdrv.sys
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----
Vielen Dank schon mal für eure Hilfe, ich bin etwas schockiert, da ich bisher keine Probleme mit Viren oder ähnlichen hatte.

Chris...

cee 02.02.2009 17:18
Hallo noch mal.

Gibt es irgendwo eine Möglichkeit das Logfile auszuwerten? Oder meckert gmer, wenn er was gefunden hat, und das was er auflistet sind unkritische Einträge? Gemeckert hat er nämlich nicht, auch nix rot oder so, alles schwarz...

Grüße,
Chris...


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19