|
Plagegeister aller Art und deren Bekämpfung: Problem mit Trojaner/KeyloggerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.10.2009, 15:57 | #1 |
Gast | Problem mit Trojaner/Keylogger Hallo zusammen, ich bin neu hier! Ich habe mich angemeldet, weil ich ein Problem mit einem Trojaner/Keylogger habe (hatte?) und mir nicht sicher bin, ob ich das Ding losgeworden bin. Folgendes ist passiert: Meine Bank hat mir mein Online-Banking gesperrt, weil ich meine Online-Banking-Daten bereits auf einem ausländischen Server gefunden wurden. Ich habe daraufhin den PC mit Knoppicilin 7 (alle drei Scanner) komplett gescannt. Dabei wurden folgenden Viren/Trojaner gefunden: - TR/Crypt.XPACK.Gen - TR/Crypt.ZPACK.Gen - TR/Spy.Bebloh.A.14 - TR/Spy.Bebloh.A.15 und gelöscht. Ausserdem habe ich von der XP-Wiederherstellung-Console aus nochmal ein "fixmbr" gemacht (ohne das Windows zwischendurch zu booten). AntiVir findet nun bei einem Komplett-Scan nichts mehr. Im Hijack-Log kann ich auch nichts verdächtiges erkennen. Aber folgende Phänomene machen mich skeptisch: 1. Firefox stürzt ständig ab, auch im Save-Mode (aktuelle Version 3.5.3). Das macht er seit ich auf die 3.5.3 aktualisiert habe. Ich habe Firefox schon zweimal neu installiert und dabei auch alle Einstellungen löschen lassen - ohne Erfolg. 2. Windows meldet mir bei jedem Sysemstart für kurze Zeit, dass meine Firewall nicht aktiv wäre. Kurze Zeit später verschwindet die Meldung und die Firewall ist aktiv. Ich bräuchte nun eure Hilfe, um sicher zu gehen, dass der PC sauber ist bzw. welcher Trojaner sich da evtl. noch versteckt. Bitte keine Tipps, den Rechner komplett platt zu machen - das geht aus verschiedenen Gründen im Moment nicht. Ich poste in der nächsten Mail die gewünschten Listen. Ich hoffe, ich habe beim Erstellen der Listen alles richtig gemacht. Es wäre toll, wenn ihr mir irgendwie helfen könntet! Detlef Geändert von dgdg (08.10.2009 um 16:25 Uhr) |
08.10.2009, 16:09 | #2 |
Gast | Hijack-Log Ich kommen die Liste laut Anleitung. Wie gesagt, ich hoffe ich habe alles richtig gemacht
__________________Hijack 2.0.2 Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:01:16, on 08.10.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe C:\Programme\DVBViewer\DVBVservice.exe C:\Programme\FileZilla Server\FileZilla Server.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\Explorer.EXE C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\oodag.exe C:\Programme\CyberLink\Shared files\RichVideo.exe C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe C:\WINDOWS\system32\vmnat.exe C:\Programme\TightVNC1.3.9\WinVNC.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Programme\VMware\VMware Workstation\vmware-authd.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\vmnetdhcp.exe C:\Programme\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\WINDOWS\system32\xRaidSetup.exe C:\Programme\VMware\VMware Workstation\vmware-tray.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\etMon.exe C:\WINDOWS\system32\umonit.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Programme\DVBViewer\DVBVCtrl.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Programme\Biet-O-Matic\Biet-O-Matic.exe C:\Programme\EventGhost\EventGhost.exe C:\Programme\totalcmd\TOTALCMD.EXE C:\Programme\TaskbarPP12\TaskbarPP.exe C:\Programme\PC Connectivity Solution\ServiceLayer.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programme\PC Connectivity Solution\Transports\NclIVTBTSrv.exe C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\WINDOWS\system32\DllHost.exe C:\Programme\Mpeg2Schnitt\Mpeg2Schnitt.exe C:\Programme\ImagoMPEG-Muxer\ImagoMPEG-Muxer.exe C:\Programme\Adobe\Acrobat 7.0\Distillr\AcroTray.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\totalcmd\TOTALCMD.EXE C:\WINDOWS\system32\notepad.exe C:\Programme\CCleaner\CCleaner.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [vmware-tray] "C:\Programme\VMware\VMware Workstation\vmware-tray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe O4 - HKLM\..\Run: [WinVNC] "C:\Programme\TightVNC1.3.9\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Programme\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [DVBV Service Ctrl] C:\Programme\DVBViewer\DVBVCtrl.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: TaskbarPP.lnk = C:\Programme\TaskbarPP12\TaskbarPP.exe O4 - Global Startup: Biet-O-Matic.lnk = C:\Programme\Biet-O-Matic\Biet-O-Matic.exe O4 - Global Startup: EventGhost.lnk = C:\Programme\EventGhost\EventGhost.exe O4 - Global Startup: Total Commander.lnk = C:\Programme\totalcmd\TOTALCMD.EXE O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programme\vmware\vmware workstation\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\programme\vmware\vmware workstation\vsocklib.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O17 - HKLM\System\CCS\Services\Tcpip\..\{C09F605C-DF5C-41E7-A533-A32093A49C1C}: NameServer = 192.168.0.91 O17 - HKLM\System\CCS\Services\Tcpip\..\{F5796A22-B878-4834-B787-881E70E1C54E}: NameServer = 192.168.0.91 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: DVBViewer Recording Service (DVBVRecorder) - CM & V - C:\Programme\DVBViewer\DVBVservice.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme\FileZilla Server\FileZilla Server.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c8fd8a63939670) (gupdate1c8fd8a63939670) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Programme\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: Start BT in service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Programme\TightVNC1.3.9\WinVNC.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 13265 bytes |
08.10.2009, 16:12 | #3 |
Gast | Filelist Teil 1 Filelist (die letzten 6 Monate) - Teil 1:
__________________Code:
ATTFilter ----- Root ----------------------------- Datentr„ger in Laufwerk C: ist dg2 c Volumeseriennummer: F491-7E20 Verzeichnis von C:\ 07.10.2009 16:07 43 filelist.txt 06.10.2009 08:33 2.145.386.496 pagefile.sys 16 Datei(en) 2.145.696.238 Bytes 0 Verzeichnis(se), 15.228.641.280 Bytes frei ----- Windows -------------------------- Datentr„ger in Laufwerk C: ist dg2 c Volumeseriennummer: F491-7E20 Verzeichnis von C:\WINDOWS 07.10.2009 16:07 3.056.414 pfirewall.log 07.10.2009 15:19 7.085 wincmd.ini 07.10.2009 15:01 1.095.444 WindowsUpdate.log 07.10.2009 14:06 367 wiadebug.log 07.10.2009 13:26 32.424 SchedLgU.Txt 06.10.2009 08:35 908.757 setupapi.log 06.10.2009 08:33 0 wiaservc.log 06.10.2009 08:33 0 0.log 06.10.2009 08:33 2.048 bootstat.dat 05.10.2009 12:57 508 ODBC.INI 04.10.2009 13:22 957 wcx_ftp.ini 03.10.2009 17:20 8.519.693 pfirewall.log.old 16.09.2009 17:01 209.290 setupact.log 14.09.2009 14:34 1.318.461 iis6.log 14.09.2009 14:34 403.517 comsetup.log 14.09.2009 14:34 243.602 ntdtcsetup.log 14.09.2009 14:34 60.448 tabletoc.log 14.09.2009 14:34 1.374 imsins.log 14.09.2009 14:34 65.723 ocmsn.log 14.09.2009 14:34 544.966 tsoc.log 14.09.2009 14:34 7.137 KB968816.log 14.09.2009 14:34 83.959 medctroc.Log 14.09.2009 14:34 207.146 netfxocm.log 14.09.2009 14:34 578.684 ocgen.log 14.09.2009 14:34 59.374 msgsocm.log 14.09.2009 14:34 1.178.775 FaxSetup.log 14.09.2009 14:34 368.518 msmqinst.log 14.09.2009 14:34 1.374 imsins.BAK 14.09.2009 14:34 7.145 KB956844.log 14.09.2009 14:34 7.512 KB971961-IE8.log 12.09.2009 20:07 4.683 KB970653-v3.log 25.08.2009 23:59 39.424 zipinst.exe 23.08.2009 22:27 839 d.ini 19.08.2009 22:50 69 NeroDigital.ini 14.08.2009 15:36 153.213 spupdsvc.log 14.08.2009 00:55 21.815 KB960859.log 14.08.2009 00:55 21.755 KB971657.log 14.08.2009 00:55 21.565 KB971557.log 14.08.2009 00:55 185.083 updspapi.log 14.08.2009 00:55 12.515 KB956744.log 14.08.2009 00:55 12.125 KB973869.log 14.08.2009 00:55 21.380 KB973507.log 14.08.2009 00:55 11.877 KB973354.log 14.08.2009 00:55 12.255 KB973540.log 14.08.2009 00:55 42.458 wmsetup.log 14.08.2009 00:53 20.742 KB973815.log 03.08.2009 17:18 0 eDrawingOfficeAutomator.INI 29.07.2009 07:46 15.068 KB972260-IE8.log 28.07.2009 10:36 17.611 KB963093.log 28.07.2009 10:36 108.884 avmacc.log 27.07.2009 20:34 7.485 KB972636-IE8.log 27.07.2009 20:34 32.322 KB926140-v5.log 27.07.2009 20:33 24.180 KB940157.log 27.07.2009 20:33 4.052 KB915800-v4.log 23.07.2009 12:11 9.112 KB973346.log 23.07.2009 12:11 16.423 KB971633.log 23.07.2009 12:11 14.618 KB961371.log 06.07.2009 12:38 46.893 ie8_main.log 06.07.2009 12:38 39.009 KB971930-IE8.log 06.07.2009 12:38 47.644 KB969897-IE8.log 06.07.2009 12:37 50.515 ie8.log 02.07.2009 07:41 43 hpfccopy.INI 18.06.2009 13:23 1.469 win.ini 12.06.2009 12:29 27.619 KB961501.log 12.06.2009 12:29 28.764 KB969897.log 12.06.2009 12:29 13.843 KB969898.log 12.06.2009 12:26 25.735 KB970238.log 12.06.2009 12:26 25.216 KB968537.log 13.05.2009 10:39 59 vbaddin.ini 04.05.2009 09:28 51 CoDeSysOPC.ini 29.04.2009 17:42 86 WAGO-IO-PRO 32.ini 23.04.2009 12:27 517 spupdsvc.log.1.log 22.04.2009 11:50 31.482 WgaNotify.log 16.04.2009 09:32 25.747 KB959426.log 16.04.2009 09:32 24.732 KB961373.log 16.04.2009 09:30 20.668 KB956572.log 16.04.2009 09:30 20.875 KB952004.log 16.04.2009 09:30 18.469 KB960803.log 16.04.2009 09:30 19.186 KB963027.log 16.04.2009 09:30 10.748 KB923561.log 14.04.2009 17:47 274.272 DPINST.LOG 391 Datei(en) 80.904.682 Bytes 0 Verzeichnis(se), 15.228.600.320 Bytes frei ----- System --- Datentr„ger in Laufwerk C: ist dg2 c Volumeseriennummer: F491-7E20 Verzeichnis von C:\WINDOWS\system 23.08.2009 19:26 157.696 STORAGE.DLL 51 Datei(en) 4.834.479 Bytes 0 Verzeichnis(se), 15.228.608.512 Bytes frei ----- System 32 (Achtung: Zeitfenster beachten!) --- Datentr„ger in Laufwerk C: ist dg2 c Volumeseriennummer: F491-7E20 Verzeichnis von C:\WINDOWS\system32 06.10.2009 14:35 91.289 ryqhao 06.10.2009 08:38 102.950 perfc007.dat 06.10.2009 08:38 79.828 perfc009.dat 06.10.2009 08:38 503.814 perfh007.dat 06.10.2009 08:38 461.198 perfh009.dat 06.10.2009 08:38 1.165.368 PerfStringBackup.INI 06.10.2009 08:35 12.598 wpa.dbl 06.10.2009 08:33 111.099 oodbs.lor 12.09.2009 20:07 588.714 TZLog.log 28.08.2009 23:38 24.689.600 MRT.exe 26.08.2009 00:11 156.672 rmc_fixasf.exe 26.08.2009 00:11 237.568 rmc_rtspdl.dll 26.08.2009 00:11 323.584 AUDIOGENIE2.DLL 05.08.2009 10:59 206.336 mswebdvd.dll 19.07.2009 18:41 11.067.392 ieframe.dll 19.07.2009 15:11 5.937.152 mshtml.dll 17.07.2009 21:01 58.880 atl.dll 14.07.2009 13:03 46.080 tzchange.exe 13.07.2009 23:43 10.841.088 wmp.dll 13.07.2009 23:43 286.208 wmpdxm.dll 03.07.2009 18:55 206.848 occache.dll 03.07.2009 18:55 915.456 wininet.dll 03.07.2009 18:55 1.208.832 urlmon.dll 03.07.2009 18:55 594.432 msfeeds.dll 03.07.2009 18:55 55.296 msfeedsbs.dll 03.07.2009 18:55 25.600 jsproxy.dll 03.07.2009 18:55 1.469.440 inetcpl.cpl 03.07.2009 18:55 1.985.536 iertutil.dll 03.07.2009 18:55 184.320 iepeers.dll 03.07.2009 18:55 386.048 iedkcs32.dll 03.07.2009 13:01 173.056 ie4uinit.exe 29.06.2009 10:40 57.667 ieuinit.inf 22.06.2009 08:45 726.528 jscript.dll 16.06.2009 16:36 81.920 fontsub.dll 16.06.2009 16:36 119.808 t2embed.dll 15.06.2009 12:43 78.848 telnet.exe 15.06.2009 12:43 82.944 tlntsess.exe 12.06.2009 13:07 184.224 FNTCACHE.DAT 10.06.2009 16:13 85.504 avifil32.dll 10.06.2009 09:19 2.066.432 mstscax.dll 10.06.2009 08:14 132.096 wkssvc.dll 03.06.2009 21:09 1.296.896 quartz.dll 25.05.2009 00:24 350.208 mssph.dll 20.05.2009 04:56 2.458.112 WMVCore.dll 12.05.2009 15:12 16.928 spmsg.dll 12.05.2009 15:12 26.144 spupdsvc.exe 07.05.2009 17:32 348.160 localspl.dll 01.05.2009 23:02 811.008 divx_xx16.dll 01.05.2009 23:02 823.296 divx_xx0c.dll 01.05.2009 23:02 685.056 DivX.dll 01.05.2009 23:02 802.816 divx_xx11.dll 01.05.2009 23:02 815.104 divx_xx0a.dll 01.05.2009 23:02 823.296 divx_xx07.dll 29.04.2009 06:33 1.499.136 shdocvw.dll 26.04.2009 17:02 46 DonationCoder_processtamer_InstallInfo.dat 19.04.2009 21:46 1.847.296 win32k.sys 19.04.2009 19:34 30.704 FreeOTFEHashWhirlpool.sys 19.04.2009 19:34 22.128 FreeOTFEHashTiger.sys 19.04.2009 19:33 26.224 FreeOTFEHashSHA.sys 19.04.2009 19:33 32.112 FreeOTFEHashRIPEMD.sys 19.04.2009 19:33 16.880 FreeOTFEHashMD.sys 19.04.2009 19:33 31.600 FreeOTFECypherTwofish_ltc.sys 19.04.2009 19:33 28.528 FreeOTFECypherSerpent_Gladman.sys 19.04.2009 19:33 25.968 FreeOTFECypherRC6_ltc.sys 19.04.2009 19:33 24.944 FreeOTFECypherMARS_Gladman.sys 19.04.2009 19:33 56.816 FreeOTFECypherDES.sys 19.04.2009 19:33 30.576 FreeOTFECypherCAST6_Gladman.sys 19.04.2009 19:33 31.088 FreeOTFECypherCAST5.sys 19.04.2009 19:33 25.200 FreeOTFECypherBlowfish.sys 19.04.2009 19:32 47.088 FreeOTFECypherAES_ltc.sys 19.04.2009 19:32 31.856 FreeOTFE.sys 15.04.2009 16:51 585.216 rpcrt4.dll 04.04.2009 12:41 1.205 lvcoinst.log 04.04.2009 12:37 487 Installer.log 2735 Datei(en) 646.659.663 Bytes 0 Verzeichnis(se), 15.228.436.480 Bytes frei ----- Prefetch ------------------------- Datentr„ger in Laufwerk C: ist dg2 c Volumeseriennummer: F491-7E20 Verzeichnis von C:\WINDOWS\Prefetch 07.10.2009 16:07 11.440 FIND.EXE-0F3A16B9.pf 07.10.2009 16:07 64.364 CMD.EXE-18AA480B.pf 07.10.2009 16:06 13.104 VERCLSID.EXE-11B4EDAB.pf 07.10.2009 16:06 14.938 7ZG.EXE-232A5FFD.pf 07.10.2009 16:06 19.668 SEARCHFILTERHOST.EXE-36BAE580.pf 07.10.2009 16:06 37.668 SEARCHPROTOCOLHOST.EXE-029776ED.pf 07.10.2009 16:05 17.448 EXPLORER.EXE-04FFEABC.pf 07.10.2009 16:03 35.204 AVWSC.EXE-148E32AF.pf 07.10.2009 16:02 75.988 THUNDERBIRD.EXE-0529A4C6.pf 07.10.2009 15:56 21.600 GUARDGUI.EXE-00E7569A.pf 07.10.2009 15:30 13.648 NET1.EXE-0312854F.pf 07.10.2009 15:30 12.198 NET.EXE-1C1A7E2A.pf 07.10.2009 15:30 23.610 WSCRIPT.EXE-0D18836C.pf 07.10.2009 15:30 12.628 WGET.EXE-2B594EC4.pf 07.10.2009 15:30 31.124 TVINFODVBV.EXE-1B29EEBA.pf 07.10.2009 15:26 34.684 GOOGLEUPDATE.EXE-03ABE250.pf 07.10.2009 15:24 24.100 WMIPRVSE.EXE-23177086.pf 07.10.2009 15:04 52.262 AVSCAN.EXE-2A474F12.pf 07.10.2009 15:01 58.134 WUAUCLT.EXE-141D0725.pf 07.10.2009 15:01 58.824 AVCONFIG.EXE-209E9690.pf 07.10.2009 14:57 55.652 AVCENTER.EXE-1C6B3E83.pf 07.10.2009 14:45 215.158 NOTEPAD.EXE-1D460EEF.pf 07.10.2009 14:27 15.058 JBWCIZ.EXE-157EE6E1.pf 07.10.2009 14:27 17.200 ROOTKITREVEALER.EXE-3160D16C.pf 07.10.2009 14:24 29.350 TQ197V08.EXE-1E823435.pf 07.10.2009 14:20 350.206 Layout.ini 07.10.2009 13:55 21.350 HIJACKTHIS.EXE-14CED3CD.pf 07.10.2009 13:53 92.278 FIREFOX.EXE-03F20888.pf 07.10.2009 13:50 112.450 CRASHREPORTER.EXE-378FD784.pf 07.10.2009 13:38 17.066 GOOGLEUPDATERSERVICE.EXE-04962E7F.pf 07.10.2009 13:34 7.872 JQSNOTIFY.EXE-03D4C663.pf 07.10.2009 12:29 14.604 ADOBELM_CLEANUP.0001-0BDC05D8.pf 07.10.2009 12:29 16.608 ADOBELMSVC.EXE-01052515.pf 07.10.2009 12:28 85.770 ACROBAT.EXE-2C4E2D80.pf 07.10.2009 09:44 166.856 ACDSEE.EXE-1EB44F4B.pf 07.10.2009 09:40 95.892 PSP.EXE-02F37582.pf 07.10.2009 09:33 27.796 ACROBATINFO.EXE-346F5F3C.pf 07.10.2009 09:30 55.842 ACRODIST.EXE-1D813A40.pf 07.10.2009 09:20 64.854 WINWORD.EXE-3A00FFE0.pf 07.10.2009 07:54 258.502 VLC.EXE-3ACE3305.pf 07.10.2009 06:10 100.214 DVBVIEWER.EXE-37AE3068.pf 07.10.2009 05:26 14.220 GOOGLECRASHHANDLER.EXE-0D3465C0.pf 07.10.2009 03:03 60.016 HELPSVC.EXE-1C72BC12.pf 07.10.2009 02:28 76.708 WINAMP.EXE-2B90D5BD.pf 07.10.2009 01:23 62.292 AMC3.EXE-2BEBF94A.pf 07.10.2009 00:21 94.662 TSPLAYER.EXE-1C160E62.pf 07.10.2009 00:09 100.014 GOOGLEUPDATER.EXE-030E6701.pf 06.10.2009 21:10 51.244 AVNOTIFY.EXE-07C18EBB.pf 06.10.2009 21:09 50.916 UPDATE.EXE-032CC98D.pf 06.10.2009 16:10 24.342 FREEOTFE.EXE-1EFCD76D.pf 06.10.2009 14:35 6.144 TEMP_8901245.EXE-07A7ADC4.pf 05.10.2009 21:10 15.032 RUNDLL32.EXE-6A480868.pf 05.10.2009 15:56 54.792 SEARCHFILTERHOST.EXE-2B53C1A9.pf 05.10.2009 15:56 130.196 SEARCHPROTOCOLHOST.EXE-2F7C9065.pf 05.10.2009 15:49 70.846 AVWSC.EXE-0770069F.pf 05.10.2009 15:44 91.138 WMIPRVSE.EXE-0E69CB0B.pf 05.10.2009 15:30 23.506 NET.EXE-1A501125.pf 05.10.2009 15:30 13.864 NET1.EXE-02EAE2C6.pf 05.10.2009 15:30 29.622 WSCRIPT.EXE-19DD6617.pf 05.10.2009 15:30 31.458 WGET.EXE-03CA705C.pf 05.10.2009 15:30 31.400 TVINFODVBV.EXE-008477A0.pf 05.10.2009 15:30 154.786 CMD.EXE-137A0D53.pf 05.10.2009 15:26 32.192 GOOGLEUPDATE.EXE-05B6617F.pf 05.10.2009 15:07 161.824 WUAUCLT.EXE-12D8E25E.pf 66 Datei(en) 5.116.054 Bytes 0 Verzeichnis(se), 15.228.469.248 Bytes frei ----- Tasks ---------------------------- Datentr„ger in Laufwerk C: ist dg2 c Volumeseriennummer: F491-7E20 Verzeichnis von C:\WINDOWS\tasks 07.10.2009 16:00 276 dvbviewer.job 07.10.2009 15:30 278 dvb_tvinfo.job 07.10.2009 15:26 1.088 GoogleUpdateTaskMachineUA.job 07.10.2009 13:38 1.044 Google Software Updater.job 07.10.2009 07:00 278 dvb_epgupd.job 07.10.2009 06:10 284 dvb_datenbank.job 07.10.2009 05:26 1.084 GoogleUpdateTaskMachineCore.job 06.10.2009 08:33 6 SA.DAT 9 Datei(en) 4.403 Bytes 0 Verzeichnis(se), 15.228.469.248 Bytes frei ----- Windows/Temp ----------------------- Datentr„ger in Laufwerk C: ist dg2 c Volumeseriennummer: F491-7E20 Verzeichnis von C:\WINDOWS\Temp 06.10.2009 08:35 13.930 hpqddsvc.log 06.10.2009 08:34 49.152 CompiledAdapter.dll 06.10.2009 08:34 16.384 Perflib_Perfdata_ed8.dat 06.10.2009 08:33 16.384 Perflib_Perfdata_9d0.dat 06.10.2009 08:33 0 sqlite_ZekOmbha8eolg5s 06.10.2009 08:33 483 WGAErrLog.txt 05.10.2009 21:08 16.384 Perflib_Perfdata_ccc.dat 29.09.2009 12:40 16.384 Perflib_Perfdata_7a4.dat 25.09.2009 08:26 0 is1171.tmp 22.09.2009 10:51 16.384 Perflib_Perfdata_844.dat 14.09.2009 14:38 16.384 Perflib_Perfdata_7f8.dat 12.09.2009 19:50 16.384 Perflib_Perfdata_3c8.dat 25.08.2009 12:33 16.384 Perflib_Perfdata_9f4.dat 17.08.2009 17:32 16.384 Perflib_Perfdata_914.dat 14.08.2009 15:36 16.384 Perflib_Perfdata_e10.dat 12.08.2009 19:57 16.384 Perflib_Perfdata_304.dat 12.08.2009 14:22 18.578 wudf_update.log 28.07.2009 12:52 16.384 Perflib_Perfdata_dbc.dat 17.07.2009 09:02 16.384 Perflib_Perfdata_854.dat 17.07.2009 08:52 16.384 Perflib_Perfdata_e04.dat 07.07.2009 17:25 16.384 Perflib_Perfdata_ff0.dat 15.06.2009 12:16 16.384 Perflib_Perfdata_53c.dat 12.06.2009 13:08 16.384 Perflib_Perfdata_d94.dat 17.05.2009 23:07 16.384 Perflib_Perfdata_ce0.dat 17.05.2009 23:01 616.448 wi04ey7d.TMP 17.05.2009 23:01 16.384 Perflib_Perfdata_250.dat 17.05.2009 23:00 16.384 Perflib_Perfdata_948.dat 17.05.2009 23:00 16.384 Perflib_Perfdata_8dc.dat 15.05.2009 03:02 0 is1062.tmp 15.05.2009 03:02 0 is105F.tmp 09.05.2009 11:56 16.384 Perflib_Perfdata_f04.dat 23.04.2009 12:28 16.384 Perflib_Perfdata_8fc.dat 23.04.2009 12:27 16.384 Perflib_Perfdata_85c.dat 23.04.2009 12:27 16.384 Perflib_Perfdata_7c0.dat 16.04.2009 12:42 16.384 Perflib_Perfdata_f94.dat 16.04.2009 12:27 16.384 Perflib_Perfdata_b34.dat 16.04.2009 11:16 16.384 Perflib_Perfdata_b00.dat 15.04.2009 20:51 16.384 Perflib_Perfdata_674.dat 15.04.2009 13:50 16.384 Perflib_Perfdata_ad0.dat 15.04.2009 13:40 16.384 Perflib_Perfdata_fe4.dat 04.04.2009 12:42 1.084 CamServr.log 04.04.2009 12:42 53.677 CamWizrd.log 04.04.2009 12:40 16.384 Perflib_Perfdata_d40.dat 04.04.2009 12:40 16.384 Perflib_Perfdata_a4c.dat 04.04.2009 12:39 16.384 Perflib_Perfdata_9f0.dat 04.04.2009 12:20 444 InstVid.log 04.04.2009 12:20 359 Instmed.log 192 Datei(en) 3.518.286 Bytes 0 Verzeichnis(se), 15.228.452.864 Bytes frei |
08.10.2009, 16:14 | #4 |
Gast | Problem mit Trojaner/Keylogger Filelist - Teil 2: Code:
ATTFilter ----- Temp ----------------------------- Datentr„ger in Laufwerk C: ist dg2 c Volumeseriennummer: F491-7E20 Verzeichnis von C:\DOKUME~1\detlef\LOKALE~1\Temp 07.10.2009 15:56 639.014.521 totalcmd.log 07.10.2009 15:55 0 etilqs_u4g3jgl95FBtrq2hlSLi 07.10.2009 14:46 91.712 Genotron GMER Logdatei (4August 2009)3von3.txt 07.10.2009 14:46 91.341 Genotron GMER Logdatei (4August 2009)2von3.txt 07.10.2009 14:46 54.776 Genotron GMER Logdatei (4August 2009)1von3.txt 07.10.2009 14:46 31.872 Genotron RSIT Logdatei (4 August2009).txt 07.10.2009 14:45 1.097 Genotron mbam-log-2009-08-04 (18-20-56).txt 07.10.2009 14:38 16.384 ~DFAA03.tmp 07.10.2009 14:27 498.560 JBWCIZ.exe 07.10.2009 12:29 59.964 Adobelm_Cleanup.0001 07.10.2009 09:40 3 Twain001.Mtx 07.10.2009 08:36 12.808 pcsuitecheck_new.xml 07.10.2009 07:57 957.876 WCESLog.log 06.10.2009 17:10 0 sqlite_Qy4rQLi8eW9auae 06.10.2009 17:10 2.048 sqlite_fOAIEQdCpl6cEGG 06.10.2009 17:10 0 sqlite_7cJqiCeYjhksImA 06.10.2009 17:10 0 sqlite_dM9sVCldm1Y9WBI 06.10.2009 17:10 0 sqlite_eLuBqDU6GjlfTE9 06.10.2009 13:14 8.948.756 nsmail.eml 06.10.2009 09:51 0 JET6B1F.tmp 06.10.2009 08:35 23.744 scratch.html 06.10.2009 08:34 15.353 NGLALog.txt 06.10.2009 08:34 16.384 ~DFDF3D.tmp 06.10.2009 08:34 375 WCESCOMM.LOG 06.10.2009 08:28 35.142 java_install_reg.log 05.10.2009 21:08 16.384 ~DF577F.tmp 05.10.2009 12:13 18.653 LVCOMSX.LOG 04.10.2009 14:08 21.504 Einladung Hessenpark.doc 04.10.2009 12:01 31.744 vjrko9xn.doc 04.10.2009 11:47 2 MMCULog2.txt 02.10.2009 16:14 0 sPotEFdl.htm.part 29.09.2009 12:39 16.384 ~DFCADE.tmp 23.09.2009 16:52 40.483 Art-400074363240-2-1.html 23.09.2009 16:52 30.227 Art-400074363240-2.html 23.09.2009 16:52 13.111 Art-400074363240-1.html 22.09.2009 10:51 16.384 ~DFFE03.tmp 21.09.2009 20:53 23.887 Halle_9.pdf 19.09.2009 11:01 0 rekq6OVI.wmv.part 17.09.2009 15:40 139.169 C200_T373.pdf 14.09.2009 14:51 16.384 ~DFB46C.tmp 14.09.2009 14:38 16.384 ~DFF8EC.tmp 12.09.2009 19:51 16.384 ~DF1BB7.tmp 11.09.2009 12:54 0 e.exe 03.09.2009 18:09 16.384 ~DF9C03.tmp 03.09.2009 17:44 29.454 Art-400070599249-2.html 03.09.2009 17:44 40.823 Art-400070599249-2-1.html 03.09.2009 17:43 13.045 Art-400070599249-1.html 02.09.2009 15:15 0 ew31998.tmp 02.09.2009 15:04 0 sz01980.tmp 31.08.2009 14:06 0 +ChiKg3E.pdf.part 31.08.2009 14:04 0 rY8XZiyk.pdf.part 28.08.2009 16:22 7.857 TWAIN.LOG 28.08.2009 16:20 0 hpp9BF.tmp 28.08.2009 16:20 156 Twunk001.MTX 28.08.2009 15:52 0 hpp8BF.tmp 28.08.2009 15:47 0 hpp8B8.tmp 27.08.2009 07:41 0 hpp4E0.tmp 24.08.2009 23:11 0 cIn_RiYz.wma.part 19.08.2009 22:49 0 ACD684.tmp.wav 17.08.2009 17:32 16.384 ~DFCE29.tmp 14.08.2009 15:36 16.384 ~DF97D7.tmp 13.08.2009 11:08 573.435 GZW2_Xww.zip.part 12.08.2009 19:58 16.384 ~DF1228.tmp 12.08.2009 19:51 1.302 NclRegPermissions(1).log 12.08.2009 19:38 27.648 Naturwissenschaftler_Siemens.doc 11.08.2009 00:02 1.058.167 4SrtE6kn.exe.part 10.08.2009 23:47 150.718 aj2oagkc.pdf 10.08.2009 22:31 429.931 OKUEXC55.pdf.part 10.08.2009 21:55 752 jar_cache4738335836214367725.tmp 08.08.2009 13:09 16.384 ~DFEBCB.tmp 06.08.2009 18:02 16.384 ~DF6475.tmp 05.08.2009 13:54 59.964 SolidWorksLicTemp.0001 02.08.2009 18:28 9.274.748 cqVyjDGB.zip.part 29.07.2009 13:56 0 Iv38OdAK.avi.part 28.07.2009 12:52 16.384 ~DFE17F.tmp 28.07.2009 10:36 2.322 _coInst.log 28.07.2009 10:36 2.364 vminst.log 27.07.2009 17:06 76.118 Microsoft .NET Framework 3.5-KB963707_20090727_150636578.html 27.07.2009 17:06 424.484 Microsoft .NET Framework 3.5-KB963707_20090727_150636578-Msi0.txt 27.07.2009 17:03 16.384 ~DFC7B.tmp 25.07.2009 15:57 0 hpp518.tmp 24.07.2009 20:58 4.109.612 4B8_BS4N.aspx.part 21.07.2009 14:00 0 G+dBWHNe.mpg.part 21.07.2009 13:58 0 Sdclzvje.wmv.part 17.07.2009 19:37 3.134.527 68fmwcQC.exe.part 17.07.2009 09:02 16.384 ~DFAB1C.tmp 17.07.2009 08:53 16.384 ~DF9914.tmp 16.07.2009 19:06 261.495 telefon.pdf 10.07.2009 20:43 4.761.088 n8aKSAbv.exe.part 10.07.2009 13:33 1.725.561 dSinfo1b.zip 10.07.2009 10:52 531.707 EVOdemux-0.627.zip 09.07.2009 22:02 27.455 support-1.zip 07.07.2009 17:27 16.384 ~DF6C7A.tmp 02.07.2009 14:41 0 90Uz+5w1.htm.part 02.07.2009 07:40 0 hpp2EF6.tmp 01.07.2009 19:05 0 ACD2D9E.tmp.wav 01.07.2009 19:05 0 ACD2D9D.tmp.wav 25.06.2009 15:39 0 hpp1C3A.tmp 24.06.2009 15:12 0 Twunk002.MTX 24.06.2009 09:22 58.196 9mko0rfp.pdf 18.06.2009 18:08 248.966 AtHjYyfR.zip.part 16.06.2009 23:39 558 jar_cache6019926857806319974.tmp 16.06.2009 22:59 906 jar_cache5803736771876292695.tmp 16.06.2009 22:59 217 jar_cache7223159316739195244.tmp 16.06.2009 22:59 58 jar_cache5931005199179569199.tmp 16.06.2009 22:59 43 jar_cache3971529711113456204.tmp 16.06.2009 22:58 639 jar_cache5841262206052608136.tmp 16.06.2009 22:58 1.007 jar_cache7248878198997233585.tmp 16.06.2009 22:58 603 jar_cache3676237488893072702.tmp 16.06.2009 22:58 645 jar_cache1945501006927102048.tmp 15.06.2009 12:16 16.384 ~DFD700.tmp 14.06.2009 08:33 577 +KALBBrE.osm.part 14.06.2009 08:33 577 9+mP8Efl.osm.part 14.06.2009 08:33 577 data.osm 12.06.2009 13:08 16.384 ~DFAFA5.tmp 11.06.2009 16:34 11.280 SCSILog0.txt 06.06.2009 19:26 1.023.444 WCESMgr.log 04.06.2009 10:11 315.488.185 ibu123.zip 03.06.2009 08:29 32.768 ~DF5B65.tmp 02.06.2009 12:15 41.938 OSR-1.pdf 02.06.2009 12:12 36.345 OSR.pdf 29.05.2009 14:02 1.360 wmplog02.sqm 29.05.2009 12:45 0 QrVJcGAK.mpg.part 29.05.2009 12:33 0 xRbiDgUD.wmv.part 29.05.2009 12:30 0 jWKGrrZ0.wmv.part 29.05.2009 12:30 0 ncjT_Vj4.wmv.part 29.05.2009 12:30 0 UFvmyxvC.wmv.part 29.05.2009 12:29 0 xMKQ14ZL.mpg.part 29.05.2009 11:53 0 oHGwJ9wU.mpg.part 29.05.2009 11:52 0 Pjl4hVsF.mpg.part 29.05.2009 11:52 0 NG6KzFhS.mpg.part 29.05.2009 11:50 0 lHZLsKsT.wmv.part 29.05.2009 11:28 0 VLv7nLfJ.wmv.part 28.05.2009 19:11 0 u0to9IU2.ts.part 28.05.2009 17:29 3.690.586 pnW_qkqN.exe.part 28.05.2009 12:58 2.891 clx.dro 28.05.2009 12:58 1.003 IDAPI32.CFG 28.05.2009 12:57 753 bdemerge.ini 28.05.2009 12:55 401.920 borlndlm.dll 28.05.2009 12:55 0 ~B41.tmp 27.05.2009 14:35 6.317.568 TOBITCLT.DLL 26.05.2009 10:23 0 cag3PIwv.mpg.part 25.05.2009 14:13 0 m4ssCNQF.wmv.part 25.05.2009 14:13 0 MTN_HNWR.wmv.part 25.05.2009 13:29 0 KEqQslS6.mpg.part 25.05.2009 13:24 0 L9XhHjC2.wmv.part 25.05.2009 12:47 0 c4n79.tmp 25.05.2009 12:46 0 pjl78.tmp 25.05.2009 12:45 0 lqa77.tmp 25.05.2009 12:44 0 yk976.tmp 25.05.2009 12:43 0 rqj75.tmp 25.05.2009 12:41 0 vct74.tmp 25.05.2009 12:40 0 ytf73.tmp 25.05.2009 10:47 16.384 ~DF7A25.tmp 24.05.2009 09:55 0 MEdAvY2U.mpg.part 23.05.2009 14:03 96.521 RE 098519.pdf 20.05.2009 22:34 0 NUiM6Pmd.mpg.part 20.05.2009 22:30 0 KrBY6yXr.wmv.part 20.05.2009 10:37 0 9dz6F0.tmp 20.05.2009 10:09 1.544.928 H+O3y3pS.wmv.part 20.05.2009 10:07 10.833.103 J7LE27+1.wmv.part 20.05.2009 10:03 8.262.272 y2skHwxj.wmv.part 20.05.2009 10:02 8.970.187 osIAf8mH.wmv.part 19.05.2009 14:37 7.753.411 zeTvwnN8.wmv.part 18.05.2009 14:46 0 sltzoJtm.wmv.part 18.05.2009 14:33 0 PxBvthPc.wmv.part 18.05.2009 14:27 0 neqhHOi_.wmv.part 18.05.2009 14:26 0 zjthSb8q.wmv.part 18.05.2009 14:18 0 8f2o4ctu.wmv.part 18.05.2009 14:15 0 ZOiT+5G1.wmv.part 18.05.2009 14:15 0 BqI4lHZh.wmv.part 18.05.2009 14:01 0 6i8201.tmp 18.05.2009 13:54 0 bl11FE.tmp 18.05.2009 13:52 0 qb71FD.tmp 18.05.2009 13:30 0 ws81F9.tmp 18.05.2009 13:29 0 g9m1F8.tmp 17.05.2009 23:08 16.384 ~DF9998.tmp 17.05.2009 23:01 0 sqlite_s66uZ7pwGi7dCqN 17.05.2009 23:01 0 sqlite_85ahvcbkKlkUodm 17.05.2009 23:01 0 sqlite_sCVxLk6bpKHBEh4 17.05.2009 23:01 0 sqlite_eb6f3dSTNfeujkK 17.05.2009 23:01 0 sqlite_WezgBf3Sh376KkX 17.05.2009 23:01 0 sqlite_acQPlrabMfdAa1O 17.05.2009 23:01 16.384 ~DF9D33.tmp 17.05.2009 20:31 16.384 ~DFF4FD.tmp 13.05.2009 21:30 0 ACDC6D.tmp 11.05.2009 17:39 0 ACD668.tmp.wav 11.05.2009 17:39 0 ACD667.tmp.wav 11.05.2009 17:18 1.416 wmplog01.sqm 11.05.2009 16:23 1.680 wmplog00.sqm 09.05.2009 11:52 8.200 etilqs_ijh4ZnZhQ0ZNAbtupSHk 08.05.2009 22:43 36.864 ~DFAE3D.tmp 07.05.2009 16:52 2.048 sqlite_s7Qx1nQCcQ54RG3 07.05.2009 15:23 0 sqlite_yhX1V9mIoIr3YAd 07.05.2009 15:23 2.048 sqlite_QgATWSrvoW1WyUw 07.05.2009 15:23 2.048 sqlite_dFmjPfV3bmTeusg 07.05.2009 15:23 0 sqlite_nVsWEXAWZsVl9V9 07.05.2009 15:23 0 sqlite_0UQoAPVy8xlQXoA 07.05.2009 15:23 0 sqlite_jgKsiUbozjjR4wT 06.05.2009 11:15 83.484 Art-160331672300-3.html 06.05.2009 11:14 14.481 Art-160331672300-1.html 05.05.2009 19:12 69.208 Art-170326458884-3.html 05.05.2009 19:10 14.503 Art-170326458884-1.html 04.05.2009 17:33 0 Rb3xUbiB.lnk 03.05.2009 20:13 0 JET3F20.tmp 26.04.2009 19:36 71.770 Art-170324758553-3.html 26.04.2009 19:36 29.906 Art-170324758553-2.html 26.04.2009 19:36 41.428 Art-170324758553-2-1.html 26.04.2009 19:35 12.993 Art-170324758553-1.html 26.04.2009 17:01 3.088.384 Zrlax2kA.exe.part 23.04.2009 12:29 16.384 ~DFB1F4.tmp 23.04.2009 12:24 65.536 mso2C7.mdb 22.04.2009 15:32 0 eel1274.tmp 22.04.2009 15:29 0 yqo1272.tmp 22.04.2009 15:29 0 w8n1271.tmp 22.04.2009 15:27 0 smr1270.tmp 22.04.2009 15:26 0 1dt126F.tmp 22.04.2009 15:26 0 fep126E.tmp 22.04.2009 15:26 0 e9y126D.tmp 22.04.2009 15:13 0 27m126C.tmp 21.04.2009 08:08 0 ACDE69.tmp.wav 20.04.2009 12:01 0 ACDC1A.tmp.wav 20.04.2009 11:51 0 ACDC00.tmp.wav 20.04.2009 11:51 0 ACDBFF.tmp.wav 20.04.2009 11:51 0 ACDBFE.tmp.wav 20.04.2009 11:51 0 ACDBFD.tmp.wav 20.04.2009 11:51 0 ACDBFC.tmp.wav 17.04.2009 19:19 2 nsi43C.tmp 17.04.2009 19:19 0 utt439.tmp 17.04.2009 19:19 667.848 utt439.tmp.exe 17.04.2009 17:13 0 utt403.tmp 17.04.2009 17:13 70 utt403.tmp.bat 17.04.2009 17:13 0 utt402.tmp 17.04.2009 15:38 0 CogILcCH.svg.part 17.04.2009 15:38 0 4_LFCliH.svg.part 17.04.2009 15:38 0 C_BLnyv1.svg.part 17.04.2009 15:38 0 DurAFZG6.svg.part 17.04.2009 15:38 0 NcOkeFD3.svg.part 17.04.2009 15:38 0 T4bnhCqg.svg.part 17.04.2009 15:38 0 cGhEWGNX.svg.part 17.04.2009 15:38 0 llaFWrHX.svg.part 17.04.2009 15:38 0 yTPHMnkf.svg.part 17.04.2009 15:38 0 zg2UO9Ue.svg.part 17.04.2009 15:38 0 aUwrOm7S.svg.part 17.04.2009 15:38 0 DDHzyhaY.svg.part 17.04.2009 15:38 0 b8Cc39w9.svg.part 17.04.2009 15:38 0 N0IRXI9J.svg.part 17.04.2009 15:38 0 ZzZyGLZq.svg.part 17.04.2009 15:38 0 3XKUMqsz.svg.part 17.04.2009 15:38 0 0HWHolmF.svg.part 17.04.2009 15:38 0 wy3MNs_A.svg.part 17.04.2009 15:38 0 SBB2p1t5.svg.part 17.04.2009 15:38 0 kr8aDXXo.svg.part 17.04.2009 15:38 0 drv8B7Eh.svg.part 17.04.2009 15:38 0 ZIrBmLTJ.svg.part 17.04.2009 15:38 0 xlwbki5Y.svg.part 17.04.2009 15:38 0 2sfm5Faf.svg.part 17.04.2009 15:38 0 CBv3H5TJ.svg.part 17.04.2009 15:38 0 Ya2lEogD.svg.part 17.04.2009 15:38 0 rMRgasRR.svg.part 17.04.2009 15:38 0 ZSND8rNc.svg.part 17.04.2009 15:38 0 wjYsNvYp.svg.part 16.04.2009 12:46 28.410 ColorProfile.log 16.04.2009 12:44 174 addonscheck.xml 16.04.2009 12:43 16.384 ~DFCC1F.tmp 16.04.2009 12:28 16.384 ~DF7673.tmp 16.04.2009 11:16 16.384 ~DF6B1F.tmp 15.04.2009 20:51 16.384 ~DF5F14.tmp 15.04.2009 13:51 16.384 ~DF752F.tmp 14.04.2009 09:19 0 hiiTOddk.wmv.part 14.04.2009 08:50 0 _kwvS8DR.mpg.part 14.04.2009 08:48 0 jkmzrGwv.wmv.part 10.04.2009 13:46 16.384 ~DFD5A9.tmp 09.04.2009 14:46 0 ACD149E.tmp.wav 09.04.2009 14:46 0 ACD149D.tmp.wav 09.04.2009 14:29 0 ACD149C.tmp.wav 09.04.2009 14:29 0 ACD149B.tmp.wav 09.04.2009 14:13 0 3G+DvwXk.mpg.part 09.04.2009 14:13 0 WAWPTN5M.wmv.part 09.04.2009 14:13 0 Ww2Sl+jp.wmv.part 09.04.2009 14:13 0 2HkNj_Ky.wmv.part 09.04.2009 14:12 0 WigHpvH9.wmv.part 09.04.2009 11:33 0 cnaouQKV.avi.part 09.04.2009 11:33 0 ZatAz824.avi.part 09.04.2009 11:32 0 12z6_gdu.avi.part 09.04.2009 10:56 0 5HkRmiRN.wmv.part 09.04.2009 10:44 0 DgzwLs9V.wmv.part 09.04.2009 10:08 0 fHxqr+Dd.mpg.part 09.04.2009 09:55 0 C0aGmiBs.wmv.part 08.04.2009 09:39 16.384 ~DF4460.tmp 07.04.2009 12:29 16.384 ~DFEB8D.tmp 04.04.2009 14:38 0 z50D6.tmp 04.04.2009 14:38 0 egoD5.tmp 04.04.2009 12:41 16.384 ~DF674A.tmp 02.04.2009 16:16 0 tpw351.tmp 02.04.2009 16:15 0 a4w350.tmp 02.04.2009 14:59 0 UPJn1wL9.htm.part 01.04.2009 21:00 0 ZMFG6GYL.mpg.part 01.04.2009 17:36 0 XV3Eelzf.avi.part 01.04.2009 14:07 0 TkHxAqmr.mpg.part 529 Datei(en) 1.139.826.248 Bytes 0 Verzeichnis(se), 15.228.420.096 Bytes frei |
08.10.2009, 16:18 | #5 |
Gast | CCleaner-Log und Gmer-Log Teil 1 Installierte Programme (CCleaner): Code:
ATTFilter 7-Zip 4.57 AC3Filter (remove only) ACDSee 4.0 ACDSee 4.0 Service Release 1 Acronis True Image Home Adobe Acrobat 7.0 Professional Adobe Download Manager Adobe Flash Player 10 Plugin Adobe Photoshop Elements 6.0 Adobe SVG Viewer 3.0 Advanced MP3 Catalog Pro 3.03 AGFEO TK-Suite Basic 3 AnyDVD ATI - Dienstprogramm zur Deinstallation der Software ATI AVIVO Codecs ATI Catalyst Control Center ATI Display Driver Autostart ok-s 2.0 Avira AntiVir Personal - Free Antivirus AviSynth 2.5 AVRStudio4 Beck @CHIPTOOL V5.10.0.1 Beck Postmake 2 (Version 2.3.0.1) Biet-O-Matic v2.6.2 BitTorrent BJ Network Tool Bluesoleil2.7.0.13 VoIP Release 071227 Borland Delphi 7 BT747 Desktop CamStudio Canon PIXMA iP4000R Canon Utilities Easy-PhotoPrint Canon Utilities EOS Utility Catalyst Control Center - Branding CCleaner (remove only) CoDeSys for Automation Alliance DataLogV2.5 DATAstreet Hessen 2000 Destinator Console DivX Codec DivX Converter DivX Player DivX Plus DirectShow Filters DivX Web Player DNA Dr. Hardware 2009 9.9.0d DVBViewer Pro DVBViewer Recording Service DVBViewer TE eDrawings 2008 EventGhost 0.3.7.r1194 EveryWAN Remote Support Personal Edition Exact Audio Copy 0.99pb4 FileZilla Server (remove only) FreeOTFE FreePDF XP (Remove only) Freez Screen Video Capture v1.2 Garmin City Navigator Europe NT v9 Garmin Communicator Plugin Garmin MapSource Garmin WebUpdater Generic color icon driver GnuWin32: Wget-1.11.4-1 Google Earth Google Earth Plug-in Google Updater GPL Ghostscript 8.62 GPL Ghostscript Fonts GPS-Track-Analyse.NET GX::Transcoder v5.0 Hama USB Mass Storage Device Hex Wizard 1.22 High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 HP Imaging Device Functions 9.0 HP Photosmart Essential 2.01 HP Photosmart Kameras 9.0 HP Scanjet 3800 series 7.0 HP Solution Center 9.0 HP Update HP USB Disk Storage Format Tool Indeo® Software Java(TM) 6 Update 11 JMB36X Raid Configurer Logitech iTouch Software Logitech QuickCam-Software Logitech® Camera-Treiber LogMeIn Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 German Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 SP1 Microsoft ActiveSync Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office 2000 SR-1 Premium Microsoft SQL Server Desktop Engine (PINNACLESYS) Microsoft User-Mode Driver Framework Feature Pack 1.5 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Mozilla Firefox (3.5.3) Mozilla Sunbird (0.9) Mozilla Thunderbird (2.0.0.23) MP3-Tag-Editor MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser Nero 8 nLite 1.4.9.1 Nokia Connectivity Cable Driver Nokia PC Suite Nokia Software Updater O&O Defrag Professional Edition OCR Software by I.R.I.S 7.0 ODBC OSMtracker 0.6.1 Paint Shop Pro 7 Paradigm C++ Beck IPC Edition PC Connectivity Solution Pinnacle Hollywood FX for Studio Pinnacle MediaServer Pinnacle ShowCenter PowerDVD Ultra Process Tamer 2.11.01 RAIDar 4.1.4 Realtek High Definition Audio Driver RedMon - Redirection Port Monitor RMVB Converter 1.8 Security Update for Windows Search 4 - KB963093 Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) Slotman Sonic CinePlayer DVD Pack Spb Backup Spb Backup 2.0 Studio 9 Sun xVM VirtualBox SUPER © Version 2008.bld.32 (July 8, 2008) Target 3001! V14 discover TechniSat DVB-PC TV Star Tera Term Pro TightVNC 1.3.9 Top50 Viewer Total Commander (Remove or Repair) Tux Paint 0.9.19 Tweak UI Unlocker 1.8.7 VAD Laplace Webcam VirtualCloneDrive VLC media player 1.0.0 VMware Workstation Winamp Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows Search 4.0 Windows XP Service Pack 3 Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8) Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1) Windows-Treiberpaket - Nokia Modem (10/27/2008 3.9) Windows-Treiberpaket - Nokia Modem (10/27/2008 7.01.0.1) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) WinPcap 4.0.2 WinRAR WinZip Wireshark 1.0.0 WsWin V2.93.13 - 2007-04-22 X10 Hardware(TM) XNavigator ZOC Terminal 5.1 Code:
ATTFilter GMER 1.0.15.15125 - http://www.gmer.net Rootkit scan 2009-10-07 16:13:15 Windows 5.1.2600 Service Pack 3 Running: tq197v08.exe; Driver: C:\DOKUME~1\detlef\LOKALE~1\Temp\fxtdapow.sys ---- System - GMER 1.0.15 ---- SSDT F7A63CC6 ZwCreateKey SSDT F7A63CBC ZwCreateThread SSDT F7A63CCB ZwDeleteKey SSDT F7A63CD5 ZwDeleteValueKey SSDT F7A63CDA ZwLoadKey SSDT F7A63CA8 ZwOpenProcess SSDT F7A63CAD ZwOpenThread SSDT F7A63CE4 ZwReplaceKey SSDT F7A63CDF ZwRestoreKey SSDT F7A63CD0 ZwSetValueKey SSDT F7A63CB7 ZwTerminateProcess INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B962D59A INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B962D655 INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) A9E1616D INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) A9E15FC2 ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetReadFile 408C654B 5 Bytes JMP 13159E5C .text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetCloseHandle 408C9088 5 Bytes JMP 1315A05C .text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetQueryDataAvailable 408CBF83 5 Bytes JMP 13159C7C .text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!HttpOpenRequestA 408CD508 5 Bytes JMP 13158964 .text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 1315880C .text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 13159688 .text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetOpenA 408DD688 5 Bytes JMP 131587C0 .text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!HttpSendRequestA 408DEE81 5 Bytes JMP 13159288 .text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetReadFileExW 408E3341 5 Bytes JMP 1315A00C .text C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetReadFileExA 408E3379 5 Bytes JMP 13159FBC .text C:\WINDOWS\system32\SearchIndexer.exe[3556] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetReadFile 408C654B 5 Bytes JMP 13159E5C .text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetCloseHandle 408C9088 5 Bytes JMP 1315A05C .text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetQueryDataAvailable 408CBF83 5 Bytes JMP 13159C7C .text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!HttpOpenRequestA 408CD508 5 Bytes JMP 13158964 .text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetConnectA 408CDEAE 5 Bytes JMP 1315880C .text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 13159688 .text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetOpenA 408DD688 5 Bytes JMP 131587C0 .text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!HttpSendRequestA 408DEE81 5 Bytes JMP 13159288 .text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetReadFileExW 408E3341 5 Bytes JMP 1315A00C .text C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetReadFileExA 408E3379 5 Bytes JMP 13159FBC .text C:\Programme\VirtualDub\VirtualDub.exe[4676] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text c:\programme\virtualdub\VirtualDub.exe[5920] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\System32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019E73CC] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) IAT C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.) Detlef |
08.10.2009, 16:19 | #6 |
Gast | Problem mit Trojaner/Keylogger Gmer - Teil 2: Code:
ATTFilter ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) Device \Driver\usbhub \Device\USBPDO-20 hcmon.sys (VMware USB monitor/VMware, Inc.) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume9 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume9 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) Device \Driver\usbhub \Device\USBPDO-14 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbhub \Device\USBPDO-15 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbhub \Device\USBPDO-16 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbhub \Device\USBPDO-17 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbhub \Device\000000e0 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbhub \Device\000000d3 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbhub \Device\USBPDO-18 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbhub \Device\000000d4 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbhub \Device\000000d5 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbhub \Device\000000e3 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbhub \Device\000000e4 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbhub \Device\000000d8 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbehci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbhub \Device\000000d9 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbuhci \Device\USBFDO-6 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbehci \Device\USBFDO-7 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbohci \Device\USBFDO-8 hcmon.sys (VMware USB monitor/VMware, Inc.) AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION 54701449ED860F14A0793E53A87358A14F16CB6D56395FB50376E0070FCE7C89B90BF1705CA1B1AC10B7AB206A93BE48D594AC857F7FFEBC9E127BECC74CFEBC9E12 7BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933FEBC9E127BECC74C5D575E7D6A3B 9808FA6E3A94FA97781E594676C9FD1C82F34281C4A348AA22FEF4ACB16856773536E00D317467C383A6B7EDB080B2B4B48352010378F2BAA3BDD8C889D6B9077931 CB1FC31C2090155ACE3A1B4E36B0CDA64CD10F0E5340FDC964C9A2382857DA2CACF3A4152C8BAB63C25BC52354CCB83EACA577DE1A4AA45B0601A52ED5E67F5A071D BB4D6642B60E4CC5F1D4ACCA53D000F37A49CBEA8553430471C1CC3B7C14F3F4A113FDC89BCC3931191CB1EDEF08E8720F1042B5FD35312F965C6B57E0D41F14A51C F53734B2EA1BE517AC7E53329DA1DBD8A8C66126FB1EDACFE2C82ABC48DACA7F2428CCF956C1B747BACA38C169C03EAE80397772E1B538CDB81C4E9045EAC63B33BC A6FE85A92391C7A24C4B2954C6001FB07A083819DBEE47E43436FCAD842FA398F6C1149BEE401B5AB288CF27399F2DD119796435A6ADBDB9B7BB6CCB221F4662E568 B52417FECB4B8059E3468F4226C6F67FE236AFE91BB52A4FA3B67334C24611BBAD92C9E0C3D1BF3D7F81F483DBBD2C73420 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- EOF - GMER 1.0.15 ---- Detlef |
08.10.2009, 17:17 | #7 |
Gast | Problem mit Trojaner/Keylogger Ich habe auch nochmal Anti-Malware laufen lassen. Der hat noch ein paar faule Registry-Einträge entdeckt. Code:
ATTFilter Malwarebytes' Anti-Malware 1.41 Datenbank Version: 2925 Windows 5.1.2600 Service Pack 3 08.10.2009 18:14:45 mbam-log-2009-10-08 (18-14-45).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 229557 Laufzeit: 30 minute(s), 30 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
Themen zu Problem mit Trojaner/Keylogger |
aktiv, aktuelle, booten, bräuchte, e-banking, einstellungen, firefox, firewall, geht aus, gesperrt, hallo zusammen, löschen, mail, meldung, neu, nicht sicher, nichts, online-banking, problem, rechner, rojaner gefunden, scan, scanner, server, tipps, tr/crypt.xpack.ge, version, windows |