| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win32.Agent.bbWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.01.2012, 17:51
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Win32.Agent.bb Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.01.2012, 21:51
| #17 |
 | Win32.Agent.bb OSAM Logfile:
__________________Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 06:44:27 on 16.01.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 9.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskUserS-1-5-21-1285189494-1214931641-1441595476-1005Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-1285189494-1214931641-1441595476-1008Core.job" - "Google Inc." - C:\Dokumente und Einstellungen\Internet\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineCore1cccbad9a56400a.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "PMTask.job" - ? - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE (File found, but it contains no detailed information) "MP Scheduled Scan.job" - "Microsoft Corporation" - c:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "IBMJavaPlugin142.cpl" - "IBM" - C:\WINDOWS\system32\IBMJavaPlugin142.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl "tp4ex.cpl" - "IBM Corporation" - C:\WINDOWS\system32\tp4ex.cpl "TP98.CPL" - "Lenovo Group Limited" - C:\WINDOWS\system32\TP98.CPL "TpShCPL.cpl" - "Lenovo, Ltd. and IBM Corporation." - C:\WINDOWS\system32\TpShCPL.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v3.4.9.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "ANC" (ANC) - "IBM Corp." - C:\WINDOWS\System32\drivers\ANC.SYS "ANCSQ" (ANCSQ) - "IBM Corp." - C:\WINDOWS\System32\drivers\ANCSQ.sys "Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "DAEMON Tools Virtual Bus Driver" (dtsoftbus01) - "DT Soft Ltd" - C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys "fxpiifod" (fxpiifod) - ? - C:\DOKUME~1\***\LOKALE~1\Temp\fxpiifod.sys (Hidden registry entry, rootkit activity | File not found) "giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys (File found, but it contains no detailed information) "IBM eGatherer" (EGATHDRV) - "IBM Corporation" - C:\WINDOWS\SYSTEM32\EGATHDRV.SYS "IBM PSA Access Driver" (psadd) - "Lenovo" - C:\WINDOWS\system32\Drivers\psadd.sys "ibmfilter" (ibmfilter) - "IBM" - C:\WINDOWS\system32\drivers\ibmfilter.sys "IBMPMDRV" (IBMPMDRV) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys "IBMTPCHK" (IBMTPCHK) - ? - C:\WINDOWS\system32\Drivers\IBMBLDID.sys (File found, but it contains no detailed information) "IPS-Helper-Treiber" (PROCDD) - "Lenovo Group Limited" - C:\WINDOWS\System32\DRIVERS\PROCDD.SYS "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MpKsl066d7c49" (MpKsl066d7c49) - ? - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{D5BAF62F-5904-457A-BE06-859DDD662EDC}\MpKsl066d7c49.sys (File not found) "MpKsld725ecc3" (MpKsld725ecc3) - "Microsoft Corporation" - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{3F89BDAC-A9BD-4A28-A59B-3DBD155B13CE}\MpKsld725ecc3.sys "NTIDrvr" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\system32\drivers\NTIDrvr.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "pmem" (pmem) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\pmemnt.sys "PrivateDisk" (PrivateDisk) - "Utimaco Safeware AG" - C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys "PSI" (PSI) - "Secunia" - C:\WINDOWS\System32\DRIVERS\psi_mf.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "ShockMgr" (ShockMgr) - "Lenovo." - C:\WINDOWS\system32\drivers\ShockMgr.sys "Shockprf" (Shockprf) - "Lenovo" - C:\WINDOWS\system32\drivers\Shockprf.sys "Smapint" (Smapint) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\Smapint.sys "smi2" (smi2) - "IBM Corp." - C:\Programme\SMI2\smi2.sys "speedfan" (speedfan) - "Almico Software" - C:\WINDOWS\System32\speedfan.sys "TDSMAPI" (TDSMAPI) - ? - C:\WINDOWS\System32\drivers\TDSMAPI.SYS (File found, but it contains no detailed information) "TPHKDRV" (TPHKDRV) - "IBM Corporation" - C:\WINDOWS\system32\drivers\TPHKDRV.sys "TPPWRIF" (TPPWRIF) - ? - C:\WINDOWS\System32\drivers\Tppwrif.sys (File found, but it contains no detailed information) "TSMAPIP" (TSMAPIP) - ? - C:\WINDOWS\System32\drivers\TSMAPIP.SYS (File found, but it contains no detailed information) "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\WINDOWS\system32\drivers\UBHelper.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys "WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MI239C~1\shellext.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {F6A51CCC-6AA6-46ad-B726-97466F0A38BF} "SafeGuard® PrivateDisk extension" - "Utimaco Safeware AG" - C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\pdshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {4D2D3A17-9B46-483C-A5F4-1DC471080009} "Cisco NAC Web Agent Control" - "Cisco Systems, Inc." - C:\WINDOWS\system32\taweb.ocx / https://cas.sc.loc/auth/taweb.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_22\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170_02.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170_02.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} "{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "OneNote Table Of Contents.onetoc2" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OneNote Table Of Contents.onetoc2 -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "MSC" - "Microsoft Corporation" - "c:\Programme\Microsoft Security Client\msseces.exe" -hide -runkey [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Ac Profile Manager Service" (AcPrfMgrSvc) - ? - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (File found, but it contains no detailed information) "Access Connections Main Service" (AcSvc) - "Lenovo" - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Bonjour Service" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "FileZilla Server FTP server" (FileZilla Server) - "FileZilla Project" - C:\Programme\FileZilla Server\FileZilla Server.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update Service (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "IBM KCU Service" (TpKmpSVC) - ? - C:\WINDOWS\system32\TpKmpSVC.exe (File found, but it contains no detailed information) "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe "Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe "iPod Service" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "IPS-Basisservice" (IPSSVC) - "Lenovo Group Limited" - C:\WINDOWS\system32\IPSSVC.EXE "Java Quick Starter" (JavaQuickStarterService) - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jqs.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "NTI BackupNowEZSvr" (NTI BackupNowEZSvr) - "NewTech Infosystems, Inc." - C:\Programme\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Programme\Secunia\PSI\PSIA.exe "Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Programme\Secunia\PSI\sua.exe "ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\WINDOWS\System32\TPHDEXLG.EXE "ThinkPad PM Service" (IBMPMSVC) - "Lenovo" - C:\WINDOWS\system32\ibmpmsvc.exe "ThinkVantage System Update" (UCLauncherService) - ? - C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe (File found, but it contains no detailed information) "TSS Core Service" (TSSCoreService) - "IBM" - C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe "TVT Backup Service" (TVT Backup Service) - ? - C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe "TVT Scheduler" (TVT Scheduler) - ? - C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Programme\Windows Live\Family Safety\fsssvc.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "tpfnf2" - ? - C:\WINDOWS\system32\notifyf2.dll (File found, but it contains no detailed information) "tphotkey" - ? - C:\WINDOWS\system32\tphklock.dll (File found, but it contains no detailed information) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== --- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru asw LOG: Code:
ATTFilter aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-16 06:45:06
-----------------------------
06:45:06.421 OS Version: Windows 5.1.2600 Service Pack 3
06:45:06.421 Number of processors: 2 586 0xE08
06:45:06.421 ComputerName: LENOVO-B00D28A3 UserName: ***
06:45:07.515 Initialize success
06:48:32.515 AVAST engine defs: 12011501
07:01:56.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
07:01:56.937 Disk 0 Vendor: TOSHIBA_ AH30 Size: 76319MB BusType: 3
07:01:57.015 Disk 0 MBR read successfully
07:01:57.015 Disk 0 MBR scan
07:01:57.046 Disk 0 unknown MBR code
07:01:57.062 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 71325 MB offset 63
07:01:57.125 Disk 0 Partition 2 00 12 Compaq diag MSWIN4.1 4990 MB offset 146074320
07:01:57.156 Disk 0 scanning sectors +156295440
07:01:57.421 Disk 0 scanning C:\WINDOWS\system32\drivers
07:03:05.218 Service scanning
07:03:05.968 Service MpKsld725ecc3 c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{3F89BDAC-A9BD-4A28-A59B-3DBD155B13CE}\MpKsld725ecc3.sys **LOCKED** 32
07:03:06.640 Modules scanning
07:04:24.640 Disk 0 trace - called modules:
07:04:24.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
07:04:24.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a815ab8]
07:04:24.687 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000095[0x8a7ebf18]
07:04:24.687 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a83b030]
07:04:25.531 AVAST engine scan C:\WINDOWS
07:05:04.046 AVAST engine scan C:\WINDOWS\system32
07:13:49.640 AVAST engine scan C:\WINDOWS\system32\drivers
07:15:18.375 AVAST engine scan C:\Dokumente und Einstellungen\***
07:20:32.468 AVAST engine scan C:\Dokumente und Einstellungen\All Users
07:35:42.640 Scan finished successfully
21:32:59.531 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\MBR.dat"
21:32:59.546 The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR.txt"
|
|
16.01.2012, 21:54
| #18 |
| | Win32.Agent.bb GMER Log: (in zwei Teilen)
__________________Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-16 06:36:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.AH30
Running: u1lwy5lk.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\fxpiifod.sys
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[3920] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A7AC5D20
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1285189494-1214931641-1441595476-1005\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 234103434
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1285189494-1214931641-1441595476-1005\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30200746
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1285189494-1214931641-1441595476-1005\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 234103434
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1285189494-1214931641-1441595476-1005\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30200746
---- Files - GMER 1.0.15 ----
File C:\RRbackups\bt0.dat 32256 bytes
File C:\RRbackups\bt1.dat 32256 bytes
File C:\RRbackups\bt2.dat 32256 bytes
File C:\RRbackups\C 0 bytes
File C:\RRbackups\C\0 0 bytes
File C:\RRbackups\C\0\Data0 50003968 bytes
File C:\RRbackups\C\0\Data1 50003968 bytes
File C:\RRbackups\C\0\Data10 50003968 bytes
File C:\RRbackups\C\0\Data100 50003968 bytes
File C:\RRbackups\C\0\Data101 50003968 bytes
File C:\RRbackups\C\0\Data102 50003968 bytes
File C:\RRbackups\C\0\Data103 50003968 bytes
File C:\RRbackups\C\0\Data104 50003968 bytes
File C:\RRbackups\C\0\Data105 50003968 bytes
File C:\RRbackups\C\0\Data106 50003968 bytes
File C:\RRbackups\C\0\Data107 50003968 bytes
File C:\RRbackups\C\0\Data108 50003968 bytes
File C:\RRbackups\C\0\Data109 50003968 bytes
File C:\RRbackups\C\0\Data11 50003968 bytes
File C:\RRbackups\C\0\Data110 50003968 bytes
File C:\RRbackups\C\0\Data111 50003968 bytes
File C:\RRbackups\C\0\Data112 50003968 bytes
File C:\RRbackups\C\0\Data113 50003968 bytes
File C:\RRbackups\C\0\Data114 50003968 bytes
File C:\RRbackups\C\0\Data115 50003968 bytes
File C:\RRbackups\C\0\Data270 50003968 bytes
File C:\RRbackups\C\0\Data271 50003968 bytes
File C:\RRbackups\C\0\Data272 50003968 bytes
File C:\RRbackups\C\0\Data273 50003968 bytes
File C:\RRbackups\C\0\Data274 50003968 bytes
File C:\RRbackups\C\0\Data275 50003968 bytes
File C:\RRbackups\C\0\Data276 50003968 bytes
File C:\RRbackups\C\0\Data277 50003968 bytes
File C:\RRbackups\C\0\Data278 50003968 bytes
File C:\RRbackups\C\0\Data279 50003968 bytes
File C:\RRbackups\C\0\Data28 50003968 bytes
File C:\RRbackups\C\0\Data280 50003968 bytes
File C:\RRbackups\C\0\Data281 50003968 bytes
File C:\RRbackups\C\0\Data282 50003968 bytes
File C:\RRbackups\C\0\Data283 50003968 bytes
File C:\RRbackups\C\0\Data284 50003968 bytes
File C:\RRbackups\C\0\Data285 50003968 bytes
File C:\RRbackups\C\0\Data286 50003968 bytes
File C:\RRbackups\C\0\Data287 50003968 bytes
File C:\RRbackups\C\0\Data288 50003968 bytes
File C:\RRbackups\C\0\Data47 50003968 bytes
File C:\RRbackups\C\0\Data48 50003968 bytes
File C:\RRbackups\C\0\Data49 50003968 bytes
File C:\RRbackups\C\0\Data5 50003968 bytes
File C:\RRbackups\C\0\Data50 50003968 bytes
File C:\RRbackups\C\0\Data51 50003968 bytes
File C:\RRbackups\C\0\Data52 50003968 bytes
File C:\RRbackups\C\0\Data53 50003968 bytes
File C:\RRbackups\C\0\Data54 50003968 bytes
File C:\RRbackups\C\0\Data55 50003968 bytes
File C:\RRbackups\C\0\Data56 50003968 bytes
File C:\RRbackups\C\0\Data57 50003968 bytes
File C:\RRbackups\C\0\Data58 50003968 bytes
File C:\RRbackups\C\0\Data59 50003968 bytes
File C:\RRbackups\C\0\Data6 50003968 bytes
File C:\RRbackups\C\0\Data60 50003968 bytes
File C:\RRbackups\C\0\Data61 50003968 bytes
File C:\RRbackups\C\0\Data62 50003968 bytes
File C:\RRbackups\C\0\Data63 50003968 bytes
File C:\RRbackups\C\0\Data64 50003968 bytes
File C:\RRbackups\C\0\Data66 50003968 bytes
File C:\RRbackups\C\0\Data67 50003968 bytes
File C:\RRbackups\C\0\Data68 50003968 bytes
File C:\RRbackups\C\0\Data69 50003968 bytes
File C:\RRbackups\C\0\Data7 50003968 bytes
File C:\RRbackups\C\0\Data70 50003968 bytes
File C:\RRbackups\C\0\Data71 50003968 bytes
File C:\RRbackups\C\0\Data72 50003968 bytes
File C:\RRbackups\C\0\Data73 50003968 bytes
File C:\RRbackups\C\0\Data74 50003968 bytes
File C:\RRbackups\C\0\Data75 50003968 bytes
File C:\RRbackups\C\0\Data76 50003968 bytes
File C:\RRbackups\C\0\Data77 50003968 bytes
File C:\RRbackups\C\0\Data78 50003968 bytes
File C:\RRbackups\C\0\Data79 50003968 bytes
File C:\RRbackups\C\0\Data8 50003968 bytes
File C:\RRbackups\C\0\Data80 50003968 bytes
File C:\RRbackups\C\0\Data81 50003968 bytes
File C:\RRbackups\C\0\Data82 50003968 bytes
File C:\RRbackups\C\0\Data83 50003968 bytes
File C:\RRbackups\C\0\Data117 50003968 bytes
File C:\RRbackups\C\0\Data118 50003968 bytes
File C:\RRbackups\C\0\Data119 50003968 bytes
File C:\RRbackups\C\0\Data12 50003968 bytes
File C:\RRbackups\C\0\Data120 50003968 bytes
File C:\RRbackups\C\0\Data121 50003968 bytes
File C:\RRbackups\C\0\Data122 50003968 bytes
File C:\RRbackups\C\0\Data123 50003968 bytes
File C:\RRbackups\C\0\Data124 50003968 bytes
File C:\RRbackups\C\0\Data125 50003968 bytes
File C:\RRbackups\C\0\Data126 50003968 bytes
File C:\RRbackups\C\0\Data127 50003968 bytes
File C:\RRbackups\C\0\Data128 50003968 bytes
File C:\RRbackups\C\0\Data129 50003968 bytes
File C:\RRbackups\C\0\Data13 50003968 bytes
File C:\RRbackups\C\0\Data130 50003968 bytes
File C:\RRbackups\C\0\Data131 50003968 bytes
File C:\RRbackups\C\0\Data132 50003968 bytes
File C:\RRbackups\C\0\Data133 50003968 bytes
File C:\RRbackups\C\0\Data134 50003968 bytes
File C:\RRbackups\C\0\Data136 50003968 bytes
File C:\RRbackups\C\0\Data137 50003968 bytes
File C:\RRbackups\C\0\Data138 50003968 bytes
File C:\RRbackups\C\0\Data139 50003968 bytes
File C:\RRbackups\C\0\Data14 50003968 bytes
File C:\RRbackups\C\0\Data140 50003968 bytes
File C:\RRbackups\C\0\Data141 50003968 bytes
File C:\RRbackups\C\0\Data142 50003968 bytes
File C:\RRbackups\C\0\Data143 50003968 bytes
File C:\RRbackups\C\0\Data144 50003968 bytes
File C:\RRbackups\C\0\Data145 50003968 bytes
File C:\RRbackups\C\0\Data146 50003968 bytes
File C:\RRbackups\C\0\Data147 50003968 bytes
File C:\RRbackups\C\0\Data148 50003968 bytes
File C:\RRbackups\C\0\Data149 50003968 bytes
File C:\RRbackups\C\0\Data15 50003968 bytes
File C:\RRbackups\C\0\Data150 50003968 bytes
File C:\RRbackups\C\0\Data151 50003968 bytes
File C:\RRbackups\C\0\Data152 50003968 bytes
File C:\RRbackups\C\0\Data153 50003968 bytes
File C:\RRbackups\C\0\Data155 50003968 bytes
File C:\RRbackups\C\0\Data156 50003968 bytes
File C:\RRbackups\C\0\Data157 50003968 bytes
File C:\RRbackups\C\0\Data158 50003968 bytes
File C:\RRbackups\C\0\Data159 50003968 bytes
File C:\RRbackups\C\0\Data16 50003968 bytes
File C:\RRbackups\C\0\Data160 50003968 bytes
File C:\RRbackups\C\0\Data161 50003968 bytes
File C:\RRbackups\C\0\Data162 50003968 bytes
File C:\RRbackups\C\0\Data163 50003968 bytes
File C:\RRbackups\C\0\Data164 50003968 bytes
File C:\RRbackups\C\0\Data165 50003968 bytes
File C:\RRbackups\C\0\Data166 50003968 bytes
File C:\RRbackups\C\0\Data167 50003968 bytes
File C:\RRbackups\C\0\Data168 50003968 bytes
File C:\RRbackups\C\0\Data169 50003968 bytes
File C:\RRbackups\C\0\Data17 50003968 bytes
File C:\RRbackups\C\0\Data170 50003968 bytes
File C:\RRbackups\C\0\Data171 50003968 bytes
File C:\RRbackups\C\0\Data172 50003968 bytes
File C:\RRbackups\C\0\Data116 50003968 bytes
File C:\RRbackups\C\0\Data135 50003968 bytes
File C:\RRbackups\C\0\Data154 50003968 bytes
File C:\RRbackups\C\0\Data173 50003968 bytes
File C:\RRbackups\C\0\Data192 50003968 bytes
File C:\RRbackups\C\0\Data210 50003968 bytes
File C:\RRbackups\C\0\Data23 50003968 bytes
File C:\RRbackups\C\0\Data249 50003968 bytes
File C:\RRbackups\C\0\Data27 50003968 bytes
File C:\RRbackups\C\0\Data289 50003968 bytes
File C:\RRbackups\C\0\Data307 50003968 bytes
File C:\RRbackups\C\0\Data326 50003968 bytes
File C:\RRbackups\C\0\Data345 50003968 bytes
File C:\RRbackups\C\0\Data46 50003968 bytes
File C:\RRbackups\C\0\Data65 50003968 bytes
File C:\RRbackups\C\0\Data84 50003968 bytes
File C:\RRbackups\C\0\Data174 50003968 bytes
File C:\RRbackups\C\0\Data175 50003968 bytes
File C:\RRbackups\C\0\Data176 50003968 bytes
File C:\RRbackups\C\0\Data177 50003968 bytes
File C:\RRbackups\C\0\Data178 50003968 bytes
File C:\RRbackups\C\0\Data179 50003968 bytes
File C:\RRbackups\C\0\Data18 50003968 bytes
File C:\RRbackups\C\0\Data180 50003968 bytes
File C:\RRbackups\C\0\Data181 50003968 bytes
File C:\RRbackups\C\0\Data182 50003968 bytes
File C:\RRbackups\C\0\Data183 50003968 bytes
File C:\RRbackups\C\0\Data184 50003968 bytes
File C:\RRbackups\C\0\Data185 50003968 bytes
File C:\RRbackups\C\0\Data186 50003968 bytes
File C:\RRbackups\C\0\Data187 50003968 bytes
File C:\RRbackups\C\0\Data188 50003968 bytes
File C:\RRbackups\C\0\Data189 50003968 bytes
File C:\RRbackups\C\0\Data19 50003968 bytes
File C:\RRbackups\C\0\Data190 50003968 bytes
File C:\RRbackups\C\0\Data191 50003968 bytes
File C:\RRbackups\C\0\Data193 50003968 bytes
File C:\RRbackups\C\0\Data194 50003968 bytes
File C:\RRbackups\C\0\Data195 50003968 bytes
File C:\RRbackups\C\0\Data196 50003968 bytes
File C:\RRbackups\C\0\Data197 50003968 bytes
File C:\RRbackups\C\0\Data198 50003968 bytes
File C:\RRbackups\C\0\Data199 50003968 bytes
File C:\RRbackups\C\0\Data2 50003968 bytes
File C:\RRbackups\C\0\Data20 50003968 bytes
File C:\RRbackups\C\0\Data200 50003968 bytes
File C:\RRbackups\C\0\Data201 50003968 bytes
File C:\RRbackups\C\0\Data202 50003968 bytes
File C:\RRbackups\C\0\Data203 50003968 bytes
File C:\RRbackups\C\0\Data204 50003968 bytes
File C:\RRbackups\C\0\Data205 50003968 bytes
File C:\RRbackups\C\0\Data206 50003968 bytes
File C:\RRbackups\C\0\Data207 50003968 bytes
File C:\RRbackups\C\0\Data208 50003968 bytes
File C:\RRbackups\C\0\Data209 50003968 bytes
File C:\RRbackups\C\0\Data21 50003968 bytes
File C:\RRbackups\C\0\Data211 50003968 bytes
File C:\RRbackups\C\0\Data212 50003968 bytes
File C:\RRbackups\C\0\Data213 50003968 bytes
File C:\RRbackups\C\0\Data214 50003968 bytes
File C:\RRbackups\C\0\Data215 50003968 bytes
File C:\RRbackups\C\0\Data216 50003968 bytes
File C:\RRbackups\C\0\Data217 50003968 bytes
File C:\RRbackups\C\0\Data218 50003968 bytes
File C:\RRbackups\C\0\Data219 50003968 bytes
File C:\RRbackups\C\0\Data22 50003968 bytes
File C:\RRbackups\C\0\Data220 50003968 bytes
File C:\RRbackups\C\0\Data221 50003968 bytes
File C:\RRbackups\C\0\Data222 50003968 bytes
File C:\RRbackups\C\0\Data223 50003968 bytes
File C:\RRbackups\C\0\Data224 50003968 bytes
File C:\RRbackups\C\0\Data225 50003968 bytes
File C:\RRbackups\C\0\Data226 50003968 bytes
File C:\RRbackups\C\0\Data227 50003968 bytes
File C:\RRbackups\C\0\Data228 50003968 bytes
File C:\RRbackups\C\0\Data229 50003968 bytes
File C:\RRbackups\C\0\Data230 50003968 bytes
File C:\RRbackups\C\0\Data231 50003968 bytes
File C:\RRbackups\C\0\Data232 50003968 bytes
File C:\RRbackups\C\0\Data233 50003968 bytes
File C:\RRbackups\C\0\Data234 50003968 bytes
File C:\RRbackups\C\0\Data235 50003968 bytes
File C:\RRbackups\C\0\Data236 50003968 bytes
File C:\RRbackups\C\0\Data237 50003968 bytes
File C:\RRbackups\C\0\Data238 50003968 bytes
File C:\RRbackups\C\0\Data239 50003968 bytes
File C:\RRbackups\C\0\Data24 50003968 bytes
File C:\RRbackups\C\0\Data240 50003968 bytes
File C:\RRbackups\C\0\Data241 50003968 bytes
File C:\RRbackups\C\0\Data242 50003968 bytes
File C:\RRbackups\C\0\Data243 50003968 bytes
File C:\RRbackups\C\0\Data244 50003968 bytes
File C:\RRbackups\C\0\Data245 50003968 bytes
File C:\RRbackups\C\0\Data246 50003968 bytes
File C:\RRbackups\C\0\Data247 50003968 bytes
File C:\RRbackups\C\0\Data248 50003968 bytes
File C:\RRbackups\C\0\Data25 50003968 bytes
File C:\RRbackups\C\0\Data250 50003968 bytes
File C:\RRbackups\C\0\Data251 50003968 bytes
File C:\RRbackups\C\0\Data252 50003968 bytes
File C:\RRbackups\C\0\Data253 50003968 bytes
File C:\RRbackups\C\0\Data254 50003968 bytes
File C:\RRbackups\C\0\Data255 50003968 bytes
File C:\RRbackups\C\0\Data256 50003968 bytes
File C:\RRbackups\C\0\Data257 50003968 bytes
File C:\RRbackups\C\0\Data258 50003968 bytes
File C:\RRbackups\C\0\Data259 50003968 bytes
File C:\RRbackups\C\0\Data26 50003968 bytes
File C:\RRbackups\C\0\Data260 50003968 bytes
File C:\RRbackups\C\0\Data261 50003968 bytes
File C:\RRbackups\C\0\Data262 50003968 bytes
File C:\RRbackups\C\0\Data263 50003968 bytes
File C:\RRbackups\C\0\Data264 50003968 bytes
File C:\RRbackups\C\0\Data265 50003968 bytes
File C:\RRbackups\C\0\Data266 50003968 bytes
File C:\RRbackups\C\0\Data267 50003968 bytes
File C:\RRbackups\C\0\Data268 50003968 bytes
File C:\RRbackups\C\0\Data269 50003968 bytes
File C:\RRbackups\C\0\Data29 50003968 bytes
File C:\RRbackups\C\0\Data290 50003968 bytes
File C:\RRbackups\C\0\Data291 50003968 bytes
File C:\RRbackups\C\0\Data292 50003968 bytes
File C:\RRbackups\C\0\Data293 50003968 bytes
File C:\RRbackups\C\0\Data294 50003968 bytes
File C:\RRbackups\C\0\Data295 50003968 bytes
File C:\RRbackups\C\0\Data296 50003968 bytes
File C:\RRbackups\C\0\Data297 50003968 bytes
File C:\RRbackups\C\0\Data298 50003968 bytes
File C:\RRbackups\C\0\Data299 50003968 bytes
File C:\RRbackups\C\0\Data3 50003968 bytes
File C:\RRbackups\C\0\Data30 50003968 bytes
File C:\RRbackups\C\0\Data300 50003968 bytes
File C:\RRbackups\C\0\Data301 50003968 bytes
File C:\RRbackups\C\0\Data302 50003968 bytes
File C:\RRbackups\C\0\Data303 50003968 bytes
File C:\RRbackups\C\0\Data304 50003968 bytes
File C:\RRbackups\C\0\Data305 50003968 bytes
File C:\RRbackups\C\0\Data306 50003968 bytes
File C:\RRbackups\C\0\Data308 50003968 bytes
File C:\RRbackups\C\0\Data309 50003968 bytes
File C:\RRbackups\C\0\Data31 50003968 bytes
File C:\RRbackups\C\0\Data310 50003968 bytes
File C:\RRbackups\C\0\Data311 50003968 bytes
File C:\RRbackups\C\0\Data312 50003968 bytes
File C:\RRbackups\C\0\Data313 50003968 bytes
File C:\RRbackups\C\0\Data314 50003968 bytes
File C:\RRbackups\C\0\Data315 50003968 bytes
File C:\RRbackups\C\0\Data316 50003968 bytes
File C:\RRbackups\C\0\Data317 50003968 bytes
File C:\RRbackups\C\0\Data318 50003968 bytes
File C:\RRbackups\C\0\Data319 50003968 bytes
File C:\RRbackups\C\0\Data32 50003968 bytes
File C:\RRbackups\C\0\Data320 50003968 bytes
File C:\RRbackups\C\0\Data321 50003968 bytes
File C:\RRbackups\C\0\Data322 50003968 bytes
File C:\RRbackups\C\0\Data323 50003968 bytes
File C:\RRbackups\C\0\Data324 50003968 bytes
File C:\RRbackups\C\0\Data325 50003968 bytes
File C:\RRbackups\C\0\Data327 50003968 bytes
File C:\RRbackups\C\0\Data328 50003968 bytes
File C:\RRbackups\C\0\Data329 50003968 bytes
File C:\RRbackups\C\0\Data33 50003968 bytes
File C:\RRbackups\C\0\Data330 50003968 bytes
File C:\RRbackups\C\0\Data331 50003968 bytes
File C:\RRbackups\C\0\Data332 50003968 bytes
File C:\RRbackups\C\0\Data333 50003968 bytes
File C:\RRbackups\C\0\Data334 50003968 bytes
File C:\RRbackups\C\0\Data335 50003968 bytes
File C:\RRbackups\C\0\Data336 50003968 bytes
File C:\RRbackups\C\0\Data337 50003968 bytes
File C:\RRbackups\C\0\Data338 50003968 bytes
File C:\RRbackups\C\0\Data339 50003968 bytes
File C:\RRbackups\C\0\Data34 50003968 bytes
File C:\RRbackups\C\0\Data340 50003968 bytes
File C:\RRbackups\C\0\Data341 50003968 bytes
File C:\RRbackups\C\0\Data342 50003968 bytes
File C:\RRbackups\C\0\Data343 50003968 bytes
File C:\RRbackups\C\0\Data344 50003968 bytes
File C:\RRbackups\C\0\Data346 50003968 bytes
File C:\RRbackups\C\0\Data347 50003968 bytes
File C:\RRbackups\C\0\Data348 50003968 bytes
File C:\RRbackups\C\0\Data349 50003968 bytes
File C:\RRbackups\C\0\Data35 50003968 bytes
File C:\RRbackups\C\0\Data350 50003968 bytes
File C:\RRbackups\C\0\Data351 50003968 bytes
File C:\RRbackups\C\0\Data352 50003968 bytes
File C:\RRbackups\C\0\Data353 50003968 bytes
File C:\RRbackups\C\0\Data354 50003968 bytes
File C:\RRbackups\C\0\Data355 50003968 bytes
File C:\RRbackups\C\0\Data356 50003968 bytes
File C:\RRbackups\C\0\Data357 50003968 bytes
File C:\RRbackups\C\0\Data358 50003968 bytes
File C:\RRbackups\C\0\Data359 50003968 bytes
File C:\RRbackups\C\0\Data36 50003968 bytes
File C:\RRbackups\C\0\Data360 50003968 bytes
File C:\RRbackups\C\0\Data361 50003968 bytes
File C:\RRbackups\C\0\Data362 4778807 bytes
File C:\RRbackups\C\0\Data37 50003968 bytes
File C:\RRbackups\C\0\Data38 50003968 bytes
File C:\RRbackups\C\0\Data39 50003968 bytes
File C:\RRbackups\C\0\Data4 50003968 bytes
File C:\RRbackups\C\0\Data40 50003968 bytes
File C:\RRbackups\C\0\Data41 50003968 bytes
File C:\RRbackups\C\0\Data42 50003968 bytes
File C:\RRbackups\C\0\Data43 50003968 bytes
File C:\RRbackups\C\0\Data44 50003968 bytes
File C:\RRbackups\C\0\Data45 50003968 bytes
File C:\RRbackups\C\0\Data85 50003968 bytes
File C:\RRbackups\C\0\Data86 50003968 bytes
File C:\RRbackups\C\0\Data87 50003968 bytes
File C:\RRbackups\C\0\Data88 50003968 bytes
File C:\RRbackups\C\0\Data89 50003968 bytes
File C:\RRbackups\C\0\Data9 50003968 bytes
File C:\RRbackups\C\0\Data90 50003968 bytes
File C:\RRbackups\C\0\Data91 50003968 bytes
File C:\RRbackups\C\0\Data92 50003968 bytes
File C:\RRbackups\C\0\Data93 50003968 bytes
File C:\RRbackups\C\0\Data94 50003968 bytes
File C:\RRbackups\C\0\Data95 50003968 bytes
File C:\RRbackups\C\0\Data96 50003968 bytes
File C:\RRbackups\C\0\Data97 50003968 bytes
File C:\RRbackups\C\0\Data98 50003968 bytes
File C:\RRbackups\C\0\Data99 50003968 bytes
|
|
16.01.2012, 21:55
| #19 |
| | Win32.Agent.bb GMER LOG Teil 2: Code:
ATTFilter File C:\RRbackups\C\0\dats 0 bytes
File C:\RRbackups\C\0\EFSFile 0 bytes
File C:\RRbackups\C\0\HashFile 1094280 bytes
File C:\RRbackups\C\0\Info 752 bytes
File C:\RRbackups\C\0\TOCFile 111251800 bytes
File C:\RRbackups\C\1 0 bytes
File C:\RRbackups\C\1\Data27 50003968 bytes
File C:\RRbackups\C\1\Data46 50003968 bytes
File C:\RRbackups\C\1\Data0 50003968 bytes
File C:\RRbackups\C\1\Data1 50003968 bytes
File C:\RRbackups\C\1\Data10 50003968 bytes
File C:\RRbackups\C\1\Data11 50003968 bytes
File C:\RRbackups\C\1\Data12 50003968 bytes
File C:\RRbackups\C\1\Data13 50003968 bytes
File C:\RRbackups\C\1\Data14 50003968 bytes
File C:\RRbackups\C\1\Data15 50003968 bytes
File C:\RRbackups\C\1\Data16 50003968 bytes
File C:\RRbackups\C\1\Data17 50003968 bytes
File C:\RRbackups\C\1\Data18 50003968 bytes
File C:\RRbackups\C\1\Data19 50003968 bytes
File C:\RRbackups\C\1\Data2 50003968 bytes
File C:\RRbackups\C\1\Data20 50003968 bytes
File C:\RRbackups\C\1\Data21 50003968 bytes
File C:\RRbackups\C\1\Data22 50003968 bytes
File C:\RRbackups\C\1\Data23 50003968 bytes
File C:\RRbackups\C\1\Data24 50003968 bytes
File C:\RRbackups\C\1\Data25 50003968 bytes
File C:\RRbackups\C\1\Data26 50003968 bytes
File C:\RRbackups\C\1\Data28 50003968 bytes
File C:\RRbackups\C\1\Data29 50003968 bytes
File C:\RRbackups\C\1\Data3 50003968 bytes
File C:\RRbackups\C\1\Data30 50003968 bytes
File C:\RRbackups\C\1\Data31 50003968 bytes
File C:\RRbackups\C\1\Data32 50003968 bytes
File C:\RRbackups\C\1\Data33 50003968 bytes
File C:\RRbackups\C\1\Data34 50003968 bytes
File C:\RRbackups\C\1\Data35 50003968 bytes
File C:\RRbackups\C\1\Data36 50003968 bytes
File C:\RRbackups\C\1\Data37 50003968 bytes
File C:\RRbackups\C\1\Data38 50003968 bytes
File C:\RRbackups\C\1\Data39 50003968 bytes
File C:\RRbackups\C\1\Data4 50003968 bytes
File C:\RRbackups\C\1\Data40 50003968 bytes
File C:\RRbackups\C\1\Data41 50003968 bytes
File C:\RRbackups\C\1\Data42 50003968 bytes
File C:\RRbackups\C\1\Data43 50003968 bytes
File C:\RRbackups\C\1\Data44 50003968 bytes
File C:\RRbackups\C\1\Data45 50003968 bytes
File C:\RRbackups\C\1\Data47 50003968 bytes
File C:\RRbackups\C\1\Data48 50003968 bytes
File C:\RRbackups\C\1\Data49 50003968 bytes
File C:\RRbackups\C\1\Data5 50003968 bytes
File C:\RRbackups\C\1\Data50 50003968 bytes
File C:\RRbackups\C\1\Data51 50003968 bytes
File C:\RRbackups\C\1\Data52 50003968 bytes
File C:\RRbackups\C\1\Data53 50003968 bytes
File C:\RRbackups\C\1\Data54 50003968 bytes
File C:\RRbackups\C\1\Data55 50003968 bytes
File C:\RRbackups\C\1\Data56 50003968 bytes
File C:\RRbackups\C\1\Data57 50003968 bytes
File C:\RRbackups\C\1\Data58 50003968 bytes
File C:\RRbackups\C\1\Data59 50003968 bytes
File C:\RRbackups\C\1\Data6 50003968 bytes
File C:\RRbackups\C\1\Data60 50003968 bytes
File C:\RRbackups\C\1\Data61 50003968 bytes
File C:\RRbackups\C\1\Data62 50003968 bytes
File C:\RRbackups\C\1\Data63 50003968 bytes
File C:\RRbackups\C\1\Data64 50003968 bytes
File C:\RRbackups\C\1\Data65 50003968 bytes
File C:\RRbackups\C\1\Data66 50003968 bytes
File C:\RRbackups\C\1\Data67 50003968 bytes
File C:\RRbackups\C\1\Data68 34351172 bytes
File C:\RRbackups\C\1\Data7 50003968 bytes
File C:\RRbackups\C\1\Data8 50003968 bytes
File C:\RRbackups\C\1\Data9 50003968 bytes
File C:\RRbackups\C\1\dats 0 bytes
File C:\RRbackups\C\1\EFSFile 0 bytes
File C:\RRbackups\C\1\HashFile 1056918 bytes
File C:\RRbackups\C\1\Info 752 bytes
File C:\RRbackups\C\1\TOCFile 107453330 bytes
File C:\RRbackups\C\2 0 bytes
File C:\RRbackups\C\2\Data27 50003968 bytes
File C:\RRbackups\C\2\Data0 50003968 bytes
File C:\RRbackups\C\2\Data1 50003968 bytes
File C:\RRbackups\C\2\Data10 50003968 bytes
File C:\RRbackups\C\2\Data11 50003968 bytes
File C:\RRbackups\C\2\Data12 50003968 bytes
File C:\RRbackups\C\2\Data13 50003968 bytes
File C:\RRbackups\C\2\Data14 50003968 bytes
File C:\RRbackups\C\2\Data15 50003968 bytes
File C:\RRbackups\C\2\Data16 50003968 bytes
File C:\RRbackups\C\2\Data17 50003968 bytes
File C:\RRbackups\C\2\Data18 50003968 bytes
File C:\RRbackups\C\2\Data19 50003968 bytes
File C:\RRbackups\C\2\Data2 50003968 bytes
File C:\RRbackups\C\2\Data20 50003968 bytes
File C:\RRbackups\C\2\Data21 50003968 bytes
File C:\RRbackups\C\2\Data22 50003968 bytes
File C:\RRbackups\C\2\Data23 50003968 bytes
File C:\RRbackups\C\2\Data24 50003968 bytes
File C:\RRbackups\C\2\Data25 50003968 bytes
File C:\RRbackups\C\2\Data26 50003968 bytes
File C:\RRbackups\C\2\Data28 50003968 bytes
File C:\RRbackups\C\2\Data29 50003968 bytes
File C:\RRbackups\C\2\Data3 50003968 bytes
File C:\RRbackups\C\2\Data30 50003968 bytes
File C:\RRbackups\C\2\Data31 50003968 bytes
File C:\RRbackups\C\2\Data32 50003968 bytes
File C:\RRbackups\C\2\Data33 50003968 bytes
File C:\RRbackups\C\2\Data34 50003968 bytes
File C:\RRbackups\C\2\Data35 50003968 bytes
File C:\RRbackups\C\2\Data36 50003968 bytes
File C:\RRbackups\C\2\Data37 50003968 bytes
File C:\RRbackups\C\2\Data38 50003968 bytes
File C:\RRbackups\C\2\Data39 50003968 bytes
File C:\RRbackups\C\2\Data4 50003968 bytes
File C:\RRbackups\C\2\Data40 50003968 bytes
File C:\RRbackups\C\2\Data41 50003968 bytes
File C:\RRbackups\C\2\Data42 50003968 bytes
File C:\RRbackups\C\2\Data43 50003968 bytes
File C:\RRbackups\C\2\Data44 50003968 bytes
File C:\RRbackups\C\2\Data45 50003968 bytes
File C:\RRbackups\C\2\Data46 50003968 bytes
File C:\RRbackups\C\2\Data47 50003968 bytes
File C:\RRbackups\C\2\Data48 50003968 bytes
File C:\RRbackups\C\2\Data49 50003968 bytes
File C:\RRbackups\C\2\Data5 50003968 bytes
File C:\RRbackups\C\2\Data50 50003968 bytes
File C:\RRbackups\C\2\Data51 50003968 bytes
File C:\RRbackups\C\2\Data52 50003968 bytes
File C:\RRbackups\C\2\Data53 50003968 bytes
File C:\RRbackups\C\2\Data54 50003968 bytes
File C:\RRbackups\C\2\Data55 50003968 bytes
File C:\RRbackups\C\2\Data56 42983757 bytes
File C:\RRbackups\C\2\Data6 50003968 bytes
File C:\RRbackups\C\2\Data7 50003968 bytes
File C:\RRbackups\C\2\Data8 50003968 bytes
File C:\RRbackups\C\2\Data9 50003968 bytes
File C:\RRbackups\C\2\dats 0 bytes
File C:\RRbackups\C\2\EFSFile 0 bytes
File C:\RRbackups\C\2\HashFile 1212258 bytes
File C:\RRbackups\C\2\Info 752 bytes
File C:\RRbackups\C\2\TOCFile 123246230 bytes
File C:\RRbackups\C\3 0 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1435300001-3187613417-1345667845-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1435300001-3187613417-1345667845-500\3deb8a2b-3aa1-4cb5-89f2-16db564bd9d7 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1435300001-3187613417-1345667845-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4103482617-2645324067-2406482105-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4103482617-2645324067-2406482105-500\be120d6e-b5ec-4727-a2cc-77dca3eb0e9a 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4103482617-2645324067-2406482105-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\MachineKeys\7a436fe806e483969f48a894af2fe9a1_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 1775 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\MachineKeys\c2319c42033a5ca7f44e731bfd3fa2b5_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 1794 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 52 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\83aa4cc77f591dfc2374580bbd95f6ba_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 45 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 917 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1435300001-3187613417-1345667845-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1435300001-3187613417-1345667845-500\3deb8a2b-3aa1-4cb5-89f2-16db564bd9d7 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1435300001-3187613417-1345667845-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4103482617-2645324067-2406482105-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4103482617-2645324067-2406482105-500\be120d6e-b5ec-4727-a2cc-77dca3eb0e9a 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4103482617-2645324067-2406482105-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Internet 0 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1008 0 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1008\43e3a4a9826996aba5d7727553958fbf_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 1303 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1008\6b29ae44e85efac3c72ff4d1865d73f1_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 53 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1008\7d8a3b80d5a6774c6a1f2ce49be345e7_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 49 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1008\7eda1fbd401e0f0f60863bc099877706_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 58 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1008\83aa4cc77f591dfc2374580bbd95f6ba_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 45 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1008\c566e256c9c83c93d039b46dd5977a82_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 51 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1285189494-1214931641-1441595476-1008 0 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1285189494-1214931641-1441595476-1008\107bd12a-08b9-4755-9930-f080454e0313 388 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1285189494-1214931641-1441595476-1008\13edffa0-7a83-45ca-a622-9c3b1e61ee94 388 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1285189494-1214931641-1441595476-1008\5d227a81-7e39-4fe6-869f-5829140bcc66 388 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1285189494-1214931641-1441595476-1008\9778b0a7-9378-462c-be3d-1d496d9832c2 388 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1285189494-1214931641-1441595476-1008\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1435300001-3187613417-1345667845-500 0 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1435300001-3187613417-1345667845-500\3deb8a2b-3aa1-4cb5-89f2-16db564bd9d7 388 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1435300001-3187613417-1345667845-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4103482617-2645324067-2406482105-500 0 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4103482617-2645324067-2406482105-500\be120d6e-b5ec-4727-a2cc-77dca3eb0e9a 388 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4103482617-2645324067-2406482105-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates\F71420754E1811BFF91CC0117B7C43BD35B3B2D3 823 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\ThinkVantage 0 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\ThinkVantage\Client Security 0 bytes
File C:\RRbackups\Documents and Settings\Internet\Anwendungsdaten\ThinkVantage\Client Security\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\*** 0 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1005 0 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1005\1554188a4ae68fff3efc7f8bf4cb87ac_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 79 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1005\5550e7cb640347345a345c63aa7a6848_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 59 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1005\66bc228e2779902d14bca7eb91bf3400_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 79 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1005\6b29ae44e85efac3c72ff4d1865d73f1_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 53 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1005\79a554fa7402eabed78f171a99eff0d6_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 44 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1005\7eda1fbd401e0f0f60863bc099877706_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 58 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1005\83aa4cc77f591dfc2374580bbd95f6ba_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 45 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1005\8f71098770f72c7a67cd8f1151619865_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 54 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1005\c566e256c9c83c93d039b46dd5977a82_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 51 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1005\c884d50cb9c5c436e6821316d57a3612_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 79 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1005\e4047df50c657e4bea1ad1fa7a767115_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 79 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1285189494-1214931641-1441595476-1005\f87e26db85ab04461d0f241563b72a42_f1f7c6b7-f13c-475d-a424-5e01ee1b7288 56 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1285189494-1214931641-1441595476-1005 0 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1285189494-1214931641-1441595476-1005\2bfcf296-39aa-47bd-8feb-951c66de3aa7 388 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1285189494-1214931641-1441595476-1005\367c97bb-5b0b-4cd3-bd33-92975fc09db6 388 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1285189494-1214931641-1441595476-1005\4db22f53-f359-4788-9ecb-9fe8b6105fe5 388 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1285189494-1214931641-1441595476-1005\81484949-a45d-465c-89d2-904c43bd516a 388 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1285189494-1214931641-1441595476-1005\aea7052e-b2d1-450d-bdde-9e5285f87631 388 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1285189494-1214931641-1441595476-1005\ba2f3b1f-d160-4a92-927b-f7d9e714a124 388 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1285189494-1214931641-1441595476-1005\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1435300001-3187613417-1345667845-500 0 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1435300001-3187613417-1345667845-500\3deb8a2b-3aa1-4cb5-89f2-16db564bd9d7 388 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1435300001-3187613417-1345667845-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4103482617-2645324067-2406482105-500 0 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4103482617-2645324067-2406482105-500\be120d6e-b5ec-4727-a2cc-77dca3eb0e9a 388 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4103482617-2645324067-2406482105-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\ThinkVantage 0 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\ThinkVantage\Client Security 0 bytes
File C:\RRbackups\Documents and Settings\***\Anwendungsdaten\ThinkVantage\Client Security\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\hints.dat 8192 bytes
File C:\RRbackups\osfilter.txt 7563 bytes
File C:\RRbackups\regcerts.dat 8192 bytes
File C:\RRbackups\rr.log 3502 bytes
File C:\RRbackups\SAM 32768 bytes
File C:\RRbackups\system 8912896 bytes
File C:\RRbackups\system.dat 12288 bytes
File C:\RRbackups\tvt.txt 8090 bytes
File C:\RRbackups\usersids.dat 19760 bytes
---- EOF - GMER 1.0.15 ----
|
|
16.01.2012, 22:00
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32.Agent.bb Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.01.2012, 16:38
| #21 |
| | Win32.Agent.bb Gefixt! Code:
ATTFilter
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-19 06:35:44
-----------------------------
06:35:44.000 OS Version: Windows 5.1.2600 Service Pack 3
06:35:44.000 Number of processors: 2 586 0xE08
06:35:44.000 ComputerName: LENOVO-B00D28A3 UserName: ***
06:35:45.718 Initialize success
06:36:17.000 AVAST engine defs: 12011801
06:36:35.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
06:36:35.281 Disk 0 Vendor: TOSHIBA_ AH30 Size: 76319MB BusType: 3
06:36:35.296 Disk 0 MBR read successfully
06:36:35.312 Disk 0 MBR scan
06:36:35.343 Disk 0 Windows XP default MBR code
06:36:35.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 71325 MB offset 63
06:36:35.390 Disk 0 Partition 2 00 12 Compaq diag MSWIN4.1 4990 MB offset 146074320
06:36:35.687 Disk 0 scanning sectors +156295440
06:36:35.750 Disk 0 scanning C:\WINDOWS\system32\drivers
06:37:07.062 Service scanning
06:37:08.000 Service MpKsldbffbb38 c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{5B309DAF-51BB-4F91-A964-342C47649B40}\MpKsldbffbb38.sys **LOCKED** 32
06:37:08.828 Modules scanning
06:37:18.734 Disk 0 trace - called modules:
06:37:18.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
06:37:18.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a806ab8]
06:37:18.750 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000095[0x8a85ea00]
06:37:18.750 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a82a030]
06:37:19.562 AVAST engine scan C:\WINDOWS
06:37:31.218 AVAST engine scan C:\WINDOWS\system32
06:42:34.156 AVAST engine scan C:\WINDOWS\system32\drivers
06:43:09.531 AVAST engine scan C:\Dokumente und Einstellungen\***
06:48:25.812 AVAST engine scan C:\Dokumente und Einstellungen\All Users
06:55:30.437 Scan finished successfully
16:36:14.812 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\MBR.dat"
16:36:14.812 The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR_afterfix.txt"
|
|
19.01.2012, 16:46
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32.Agent.bb Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.01.2012, 07:48
| #23 |
| | Win32.Agent.bb So langsam sieht es besser aus. Spybot hat keine Bedrohung mehr gefunden. Die LOGs: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.19.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 ***:: LENOVO-B00D28A3 [Administrator] 1/19/2012 8:31:59 PM mbam-log-2012-01-19 (20-31-59).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 554098 Laufzeit: 5 Stunde(n), 14 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 01/20/2012 at 10:59 AM
Application Version : 5.0.1142
Core Rules Database Version : 8149
Trace Rules Database Version: 5961
Scan type : Complete Scan
Total Scan Time : 03:23:08
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 619
Memory threats detected : 0
Registry items scanned : 39969
Registry threats detected : 0
File items scanned : 184866
File threats detected : 0
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7aafad8a82e3f54a95fa0f02b1c7d26a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-31 09:11:43
# local_time=2011-12-31 10:11:43 (+0100, Westeuropäische Normalzeit)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 2412364 2412364 0 0
# compatibility_mode=8192 67108863 100 0 3803 3803 0 0
# scanned=195573
# found=16
# cleaned=16
# scan_time=16964
C:\Programme\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Programme\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Programme\StartNow Toolbar\Toolbar32.dll a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Programme\StartNow Toolbar\ToolbarUpdaterService.exe a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP21\A0009080.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP21\A0009113.exe a variant of Win32/Toolbar.Babylon application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010675.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010676.exe Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010677.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010678.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010679.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010680.dll a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010681.exe a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7aafad8a82e3f54a95fa0f02b1c7d26a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-08 11:16:35
# local_time=2012-01-09 12:16:35 (+0100, Westeuropäische Normalzeit)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 704625 704625 0 0
# compatibility_mode=5891 16776869 42 87 26852 22921594 0 0
# compatibility_mode=8192 67108863 100 0 705589 705589 0 0
# compatibility_mode=9217 16777214 75 66 105516 48324354 0 0
# scanned=199052
# found=0
# cleaned=0
# scan_time=13870
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7aafad8a82e3f54a95fa0f02b1c7d26a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-20 11:11:24
# local_time=2012-01-21 12:11:24 (+0100, Westeuropäische Normalzeit)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1734923 1734923 0 0
# compatibility_mode=5891 16776869 42 87 570 23951892 0 0
# compatibility_mode=8192 67108863 100 0 1735887 1735887 0 0
# scanned=327656
# found=2
# cleaned=0
# scan_time=20062
F:\00019-957640157 10-26-10 JB\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\I98QW9XF\index-functions[1].js Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
F:\00019-957640157 10-26-10 JB\RECYCLER\S-1-5-21-458783436-3535655916-1577846512-1005\Dc13.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
|
|
23.01.2012, 11:14
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32.Agent.bb Nur ein paar nicht weiter relevante Überreste. Rechner soweit wieder in Ordnung?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.01.2012, 20:35
| #25 |
| | Win32.Agent.bb Hallo Cosinus, der Rechner ist soweit wieder i.O. Fall hat sich erledigt. Danke! |
|
24.01.2012, 20:59
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32.Agent.bb Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.01.2012, 00:00
| #27 |
| | Win32.Agent.bb Jup, den Trojaner sind wir los! Ich bin den Anweisungen so weit gefolgt. Nur das combofix bekomme ich auf diese Weise nicht los. Weitere Ideen? |
|
29.01.2012, 18:53
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32.Agent.bb Downloade dir bitte CF_UNINST.exe und speichere diese auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Win32.Agent.bb |
| 0x00000001, adware.sogou, amerika, antivirus, avg, avira, bho, bonjour, dateisystem, einstellungen, entfernen, error, firefox, format, ftp, google, google earth, heuristiks/extra, heuristiks/shuriken, hijack, internet, logfile, microsoft, opera, plug-in, problem, registry, scan, security, senden, skybot, software, superfish, superfish.com, trojaner, trojaner-board, version=1.0, version=2.0, wallpaper, win32.agent, win32.agent.bb, winlogon |
Linear-Darstellung
