Trojaner-Board
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows friert nach Systemstart ein. (https://www.trojaner-board.de/94631-windows-friert-systemstart.html)

markusg 11.01.2011 14:32
sehr gut
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

Kaputtschino 11.01.2011 17:14
Okay, der Logfile:


Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5504

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

11.01.2011 17:08:25
mbam-log-2011-01-11 (17-08-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 227809
Laufzeit: 28 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 58

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> Value: bk -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Adobe\plugs\kb13044677.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Adobe\plugs\kb13053119.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\csderv.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\0.09595622729837516.exe.vir (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP260\A0158227.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP262\A0159321.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP262\A0161382.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP262\A0161410.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP263\A0162411.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP263\A0163450.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP264\A0164521.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP264\A0164522.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP267\A0167881.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP267\A0167882.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP267\A0167883.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP267\A0167884.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP267\A0167885.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP267\A0167886.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP267\A0167887.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP267\A0167888.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP268\A0167889.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP268\A0169870.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP271\A0179978.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP271\A0179980.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP271\A0179985.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP271\A0179986.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP271\A0180106.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP271\A0180107.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP271\A0180118.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP271\A0180119.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182254.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182255.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182256.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182257.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182258.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182259.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182260.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182261.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182262.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182906.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182907.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP272\A0182999.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP273\A0189162.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP273\A0189276.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP273\A0189295.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP273\A0191713.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP273\A0191714.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP273\A0192913.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP273\A0192914.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b6ba965c-3fc8-4bce-814a-5b1d99c01ba8}\RP273\A0192915.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sshnas21.dll (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\01102011_171655\c_dokumente und einstellungen\default user\startmenü\programme\autostart\diwua.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\01102011_171655\c_dokumente und einstellungen\default user\startmenü\programme\autostart\haoxan.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\01102011_171655\c_dokumente und einstellungen\default user\startmenü\programme\autostart\rediox.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\01102011_171655\c_dokumente und einstellungen\default user\startmenü\programme\autostart\tazu.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\01102011_171655\c_dokumente und einstellungen\ich\anwendungsdaten\Ruafu\erbae.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.

markusg 11.01.2011 17:20
wie läuft der rechner jetzt?

Kaputtschino 11.01.2011 17:32
Hmm, eben im normalen Modus hat sich keine Verbesserung gezeigt :/

markusg 11.01.2011 17:37
dein pc ist ja auch mit den verschiedensten trojanern verseucht, wo man sich die alle her hohlt...
evtl. sollten wir kurzen prozess machen, daten sichern, neu aufsetzen und ihn gleich vernünftig absichern. da es probleme geben kann so starke systeme wieder vernünftig zum laufen zu bringen.

Kaputtschino 11.01.2011 17:40
ja, okay vielleicht ist das besser.

markusg 11.01.2011 17:58
ok dann fang mit der daten sicherung an und meld dich, wenn du fertig bist.

Kaputtschino 11.01.2011 22:33
Alles klar, meine Daten sind gesichert.

markusg 12.01.2011 13:51
http://www.trojaner-board.de/96344-a...-rechners.html

Kaputtschino 13.01.2011 19:29
Alles klar, danke. Ich werde jetzt mit der Formatierung und der Neuinstallation beginnen. Ich musste erstmal diese CD finden.

markusg 13.01.2011 19:54
ok, meld dich dann bitte ob alles geklappt hatt, oder bei problemen

Kaputtschino 13.01.2011 21:04
Es hat alles wunderbar funkitioniert. Werde jetzt damit anfangen den Rest durchzuführen der oben steht.

markusg 13.01.2011 21:13
sehr gut :-) kannst ja berichten...

Kaputtschino 13.01.2011 22:15
Anscheinend hab ich doch irgendwas falsch gemacht. Ich hab die CD eingelegt und alles befolgt, Windows wurde auch komplett neu installiert, usw.
Eigentlich hatte ich auch formatiert..
Aber es wurde irgendwie nur Windows installiert, denn die ganzen Programme sind noch in den Ordnern bei Arbeitsplatz, Festplatte C.
Aber auf dem Desktop ist nichts. Auch rechts unten auf der Taskleiste nicht und wenn man bei Start - Alle Programme guckt auch nicht. Funkitioniert auch alles bisher.
Soll ich es trotzdem nochmal machen?

Kaputtschino 13.01.2011 22:31
Na, ich werd es noch mal machen, das ist mir alles zu unsicher. :/


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:14 Uhr.
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19